Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problem with dialer and/or some malware (can't find out the name)


  • This topic is locked This topic is locked

#1
poslanik

poslanik

    Member

  • Member
  • PipPip
  • 11 posts
Hi,

I've registered because I'm having some troubles with malware and dialers (I'm using a broadband connection so thankfully that won't harm me). I'd really appreciate it if you'd help me.

Something is constantly downloading some stupid malware that downloads to my windows temporary folder and runs in my process tree. I've made some pictures of it. The first is one of the task manager and the second of my Windows temp folder.

Posted Image

Posted Image

I've tried NOD32, AdAware and Spybot Search&Destroy but none of those programs solved my problem. So I downloaded hijackthis and made a scan. I immediately noticed the following file: IXT0.dll (http://www.superadbl...efinition/ixt0/). Recently NOD32 also reported about this same file and how it's bad and all. In the hijackthis log it said it was a browser helper object. I clicked fix problem and hijackthis removed the file (I can no longer see it in my logs as you'll be able to see for yourself but the malware is still harassing me).

Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 23:36:47, on 5.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\{CCFD913C-0721-1050-0802-060310030181}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\TEMP\win177.tmp.exe
C:\WINDOWS\TEMP\idd179.tmp.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\DRAZEN\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\DRAZEN\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Documents and Settings\DRAZEN\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDF3B1C5-3D95-468C-AD42-177FB54F2122}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winmxw32 - C:\WINDOWS\SYSTEM32\winmxw32.dll
O21 - SSODL: expatriates - {1a01a98c-4f25-42e1-971a-185cf63569b2} - C:\WINDOWS\system32\tpedvf.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\TEMP\win177.tmp.exe
    C:\WINDOWS\TEMP\idd179.tmp.exe
    C:\WINDOWS\SYSTEM32\winmxw32.dll



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply with a new hijack log.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#3
poslanik

poslanik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi, I have done as you said with a couple of exceptions. In the meantime (from after I made this thread and your reply) a couple of new files were copied to my Temp folder and the ones I posted in the initial post I have removed manually). I think I have removed around 6-7 files with KillBox (including winmxw32.dll).

SmitFraudFix log:

SmitFraudFix v2.128

Scan done at  8:41:37,85, sri 06.12.2006
Run from C:\Documents and Settings\DRAZEN\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DRAZEN


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DRAZEN\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DRAZEN\FAVORI~1

C:\DOCUME~1\DRAZEN\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

[HKEY_CLASSES_ROOT\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]
@="C:\WINDOWS\system32\tpedvf.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]
@="C:\WINDOWS\system32\tpedvf.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:43:41, on 6.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\{CCFD913C-0721-1050-0802-060310030181}\Update.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\DRAZEN\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDF3B1C5-3D95-468C-AD42-177FB54F2122}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
O21 - SSODL: expatriates - {1a01a98c-4f25-42e1-971a-185cf63569b2} - C:\WINDOWS\system32\tpedvf.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe



  • 0

#4
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Thats fine we will get to the bottom of it :whistling:

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
3. Run Smitfraud Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


4. Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.

Reboot to normal windows

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next replyalong with the C:\rapport.txt and a new Hijack logImportant Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#5
poslanik

poslanik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi, I've done as you said. However, I don't know if it matters but I don't use IE. I use Firefox. I didn't remember to delete its cookies and temp net files before running Combofix and Smitfraudfix. The logs are below.

Smitfraudfix log

SmitFraudFix v2.128

Scan done at 20:14:30.46, 06-12-06
Run from C:\Documents and Settings\DRAZEN\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

[HKEY_CLASSES_ROOT\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]
@="C:\WINDOWS\system32\tpedvf.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2}\InProcServer32]
@="C:\WINDOWS\system32\tpedvf.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\DRAZEN\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Combofix log

DRAZEN - 06-12-06 20:20:56.57	Service Pack 2
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\DRAZEN\Desktop"

((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{CCFD913C-0721-1050-0802-060310030181}


(((((((((((((((((((((((((((((((   Files Created from 2006-11-06 to 2006-12-06  ))))))))))))))))))))))))))))))))))
 
 
2006-12-06	20:28	<DIR>	d--------	C:\WINDOWS\erdnt
2006-12-06	08:41	2,188	--a------	C:\WINDOWS\system32\tmp.reg
2006-12-06	08:29	<DIR>	d--------	C:\!KillBox
2006-12-05	20:04	<DIR>	d--------	C:\Documents and Settings\DRAZEN\Application Data\OpenOffice.org2
2006-12-05	20:02	<DIR>	d--------	C:\Program Files\OpenOffice.org 2.0
2006-12-04	22:19	<DIR>	d--------	C:\Program Files\Cheating-Death
2006-12-04	20:32	217,088	--a------	C:\WINDOWS\system32\libmySQL.dll
2006-12-04	20:32	102,400	--a------	C:\WINDOWS\system32\TrackerNET.dll
2006-12-04	20:29	231,936	--a------	C:\WINDOWS\system32\SNWValid.dll
2006-12-04	20:29	1,022,976	--a------	C:\WINDOWS\system32\SierraNW.dll
2006-12-04	20:29	<DIR>	d--------	C:\Program Files\Sierra On-Line
2006-12-03	15:20	<DIR>	d--------	C:\Documents and Settings\DRAZEN\Application Data\Azureus
2006-12-03	15:19	<DIR>	d--------	C:\Program Files\Azureus
2006-12-02	11:11	33,952	--a------	C:\WINDOWS\system32\drivers\oreans32.sys
2006-12-02	11:11	<DIR>	d--------	C:\Program Files\Mount&Blade
2006-11-29	19:37	<DIR>	d--------	C:\Program Files\Notepad++
2006-11-29	19:37	<DIR>	d--------	C:\Documents and Settings\DRAZEN\Application Data\Notepad++
2006-11-28	15:11	<DIR>	d--------	C:\Documents and Settings\DRAZEN\Application Data\Help
2006-11-27	19:41	<DIR>	d--------	C:\Documents and Settings\DRAZEN\Application Data\Opera
2006-11-27	18:47	<DIR>	d--------	C:\Documents and Settings\DRAZEN\Application Data\AdobeUM
2006-11-27	18:12	<DIR>	d--------	C:\Program Files\ConTEXT
2006-11-25	13:51	<DIR>	d--------	C:\Program Files\DC++
2006-11-22	19:33	<DIR>	d--------	C:\Documents and Settings\DRAZEN\Application Data\ColorCop
2006-11-20	19:41	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared
2006-11-20	19:41	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Adobe Systems
2006-11-19	19:23	<DIR>	d--------	C:\Program Files\Electronic Arts
2006-11-16	22:55	<DIR>	d--------	C:\Program Files\MSXML 4.0
2006-11-16	18:04	90,112	--a------	C:\WINDOWS\unvise32.exe
2006-11-16	17:47	<DIR>	d--------	C:\Program Files\The Guild 2
2006-11-13	17:27	<DIR>	d--------	C:\Program Files\Nero
2006-11-11	07:43	<DIR>	d--------	C:\WINDOWS\Sun
2006-11-11	07:43	<DIR>	d--------	C:\Documents and Settings\DRAZEN\Application Data\Sun
2006-11-09	19:27	<DIR>	d--------	C:\Documents and Settings\DRAZEN\Shared
2006-11-09	19:26	<DIR>	d--------	C:\Documents and Settings\DRAZEN\Incomplete
2006-11-09	19:24	<DIR>	d--------	C:\Program Files\Java
2006-11-09	19:24	<DIR>	d--------	C:\Program Files\Common Files\Java
2006-11-09	19:15	<DIR>	d--------	C:\Program Files\LimeWire
2006-11-09	19:13	<DIR>	d--------	C:\Documents and Settings\DRAZEN\.limewire
2006-11-09	18:34	<DIR>	d--------	C:\WINDOWS\Minidump
2006-11-07	18:03	<DIR>	d--------	C:\Documents and Settings\DRAZEN\Application Data\LucasArts
2006-11-07	09:05	68,888	--a------	C:\WINDOWS\system32\xinput1_3.dll
2006-11-07	09:05	62,744	--a------	C:\WINDOWS\system32\xinput1_2.dll
2006-11-07	09:05	237,848	--a------	C:\WINDOWS\system32\xactengine2_4.dll
2006-11-07	09:05	236,824	--a------	C:\WINDOWS\system32\xactengine2_3.dll
2006-11-07	09:05	2,414,360	--a------	C:\WINDOWS\system32\d3dx9_31.dll
2006-11-07	09:05	15,128	--a------	C:\WINDOWS\system32\x3daudio1_1.dll
2006-11-06	18:57	<DIR>	d--------	C:\Program Files\Real
2006-11-06	18:57	<DIR>	d--------	C:\Program Files\Common Files\xing shared
2006-11-06	18:57	<DIR>	d--------	C:\Program Files\Common Files\Real
2006-11-06	18:56	<DIR>	d--------	C:\Documents and Settings\DRAZEN\Application Data\Real


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-06 20:29	--------	d--------	C:\Program Files\Common Files
2006-12-06 20:08	--------	d--------	C:\Program Files\Mozilla Firefox
2006-12-06 20:05	--------	d--------	C:\Program Files\Mozilla Thunderbird
2006-12-05 17:24	--------	d--h-----	C:\Program Files\InstallShield Installation Information
2006-12-04 12:21	--------	d--------	C:\Program Files\ESET
2006-12-01 13:21	--------	d--------	C:\Documents and Settings\DRAZEN\Application Data\Adobe
2006-11-20 19:45	--------	d--------	C:\Program Files\Adobe
2006-11-20 19:43	--------	d--------	C:\Program Files\Common Files\Adobe
2006-11-18 11:17	--------	d--------	C:\Program Files\WarRock
2006-11-18 11:00	--------	d--------	C:\Program Files\Common Files\InstallShield
2006-11-17 10:39	--------	d---s----	C:\Documents and Settings\DRAZEN\Application Data\Microsoft
2006-11-14 22:24	--------	d--------	C:\Program Files\Internet Explorer
2006-11-13 17:28	--------	d--------	C:\Program Files\Common Files\Ahead
2006-11-13 17:07	--------	d--------	C:\Program Files\NetMeeting
2006-11-04 19:11	--------	d--------	C:\Program Files\FileZilla
2006-11-04 18:09	--------	d--------	C:\Program Files\Winamp
2006-11-04 18:08	--------	d--------	C:\Program Files\Windows Media Player
2006-11-04 17:35	865	--a------	C:\Documents and Settings\DRAZEN\Application Data\AdobeDLM.log
2006-11-04 17:35	0	--a------	C:\Documents and Settings\DRAZEN\Application Data\dm.ini
2006-11-04 14:14	1245696	--a------	C:\WINDOWS\system32\msxml4.dll
2006-11-03 20:14	--------	d--------	C:\Program Files\Microsoft Office
2006-11-03 20:09	--------	d--------	C:\Program Files\Common Files\Microsoft Shared
2006-11-03 20:03	--------	d--------	C:\Program Files\Common Files\System
2006-11-03 19:59	--------	d--------	C:\Program Files\Microsoft ActiveSync
2006-11-03 19:15	--------	d--------	C:\Documents and Settings\DRAZEN\Application Data\Apple Computer
2006-11-01 13:35	98304	--a------	C:\WINDOWS\system32\CmdLineExt.dll
2006-11-01 13:35	--------	dr-h-----	C:\Documents and Settings\DRAZEN\Application Data\SecuROM
2006-11-01 13:23	--------	d--------	C:\Program Files\Sierra
2006-11-01 11:31	--------	d--------	C:\Program Files\DAEMON Tools
2006-11-01 11:29	611064	--a------	C:\WINDOWS\system32\drivers\sptd.sys
2006-10-30 20:13	--------	d--------	C:\Documents and Settings\DRAZEN\Application Data\Ahead
2006-10-29 06:53	--------	d--------	C:\Program Files\Spybot - Search & Destroy
2006-10-29 06:39	--------	d--------	C:\Documents and Settings\DRAZEN\Application Data\Lavasoft
2006-10-29 06:37	--------	d--------	C:\Program Files\Lavasoft
2006-10-27 20:00	--------	d--------	C:\Program Files\THQ
2006-10-27 19:59	--------	d--------	C:\Documents and Settings\DRAZEN\Application Data\InstallShield
2006-10-27 08:40	--------	d--------	C:\Program Files\ICQLite
2006-10-27 08:40	--------	d--------	C:\Documents and Settings\DRAZEN\Application Data\ICQLite
2006-10-27 07:24	--------	d--------	C:\Documents and Settings\DRAZEN\Application Data\Thunderbird
2006-10-27 07:24	--------	d--------	C:\Documents and Settings\DRAZEN\Application Data\Talkback
2006-10-27 07:24	--------	d--------	C:\Documents and Settings\DRAZEN\Application Data\Mozilla
2006-10-26 21:00	--------	d--------	C:\Program Files\MSN Messenger
2006-10-26 20:52	--------	d--------	C:\Program Files\RedBedlam
2006-10-26 20:17	--------	d--------	C:\Documents and Settings\DRAZEN\Application Data\Macromedia
2006-10-26 16:10	--------	d--------	C:\Program Files\QuickTime
2006-10-26 16:09	--------	d--------	C:\Program Files\iTunes
2006-10-26 16:07	--------	d--------	C:\Program Files\iPod
2006-10-26 10:38	--------	d--------	C:\Program Files\WinRAR
2006-10-25 13:19	62	--ahs----	C:\Documents and Settings\DRAZEN\Application Data\desktop.ini
2006-10-25 13:19	--------	d--------	C:\Program Files\Common Files\SpeechEngines
2006-10-25 13:19	--------	d--------	C:\Program Files\Common Files\ODBC
2006-10-25 12:12	--------	d--------	C:\Program Files\Messenger
2006-10-25 12:08	--------	d--------	C:\Program Files\Outlook Express
2006-10-25 11:57	--------	d--------	C:\Program Files\Microsoft.NET
2006-10-25 11:57	--------	d--------	C:\Program Files\Common Files\L&H
2006-10-25 11:56	--------	d--------	C:\Program Files\Common Files\DESIGNER
2006-10-25 11:55	--------	d--------	C:\Program Files\Microsoft Works
2006-10-25 11:55	--------	d--------	C:\Program Files\Microsoft Visual Studio
2006-10-25 11:53	502368	--a------	C:\WINDOWS\system32\drivers\amon.sys
2006-10-25 11:53	270336	--a------	C:\WINDOWS\system32\imon.dll
2006-10-25 11:42	--------	d--------	C:\Program Files\SiSLan
2006-10-25 11:42	--------	d--------	C:\Program Files\C-Media 3D Audio
2006-10-25 11:40	--------	d--h-----	C:\Program Files\Uninstall Information
2006-10-25 11:40	--------	d--------	C:\Documents and Settings\DRAZEN\Application Data\Identities
2006-10-25 11:32	--------	d--------	C:\Program Files\xerox
2006-10-25 11:32	--------	d--------	C:\Program Files\microsoft frontpage
2006-10-25 11:31	0	-rahs----	C:\MSDOS.SYS
2006-10-25 11:31	0	-rahs----	C:\IO.SYS
2006-10-25 11:31	0	--a------	C:\CONFIG.SYS
2006-10-25 11:31	0	--a------	C:\AUTOEXEC.BAT
2006-10-25 11:29	--------	d--h-----	C:\Program Files\WindowsUpdate
2006-10-25 11:29	--------	d--------	C:\Program Files\Online Services
2006-10-25 11:28	--------	d--------	C:\Program Files\Movie Maker
2006-10-25 11:28	--------	d--------	C:\Program Files\Common Files\Services
2006-10-25 11:28	--------	d--------	C:\Program Files\Common Files\MSSoap
2006-10-25 11:27	--------	d--------	C:\Program Files\MSN Gaming Zone
2006-10-25 11:27	--------	d--------	C:\Program Files\ComPlus Applications
2006-10-25 11:26	--------	d--------	C:\Program Files\Windows NT
2006-10-25 11:26	--------	d--------	C:\Program Files\MSN
2006-10-13 13:35	65536	--a------	C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:35	64000	--a------	C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:35	142336	--a------	C:\WINDOWS\system32\nwprovau.dll
2006-10-13 11:23	163584	--a------	C:\WINDOWS\system32\drivers\nwrdr.sys
2006-09-13 06:01	1084416	--a------	C:\WINDOWS\system32\msxml3.dll
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter	REG_MULTI_SZ   	HTTPFilter\0\0
LocalService	REG_MULTI_SZ   	Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService	REG_MULTI_SZ   	DnsCache\0\0
DcomLaunch	REG_MULTI_SZ   	DcomLaunch\0TermService\0\0
rpcss	REG_MULTI_SZ   	RpcSs\0\0
imgsvc	REG_MULTI_SZ   	StiSvc\0\0
termsvcs	REG_MULTI_SZ   	TermService\0\0

Completion time: 06-12-06 20:29:55.96
C:\ComboFix.txt ... 06-12-06 20:29

Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 20:32:57, on 6.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DRAZEN\My Documents\Downloads\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe

  • 0

#6
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#7
poslanik

poslanik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Panda activescan

Incident																		Status						Location																																																														

Dialer:Dialer.GWG															   Not disinfected			   C:\!KillBox\idd45.tmp.exe																																																									   
Dialer:Dialer.IBW															   Not disinfected			   C:\!KillBox\win43.tmp.exe																																																									   
Adware:Adware/PurityScan														Not disinfected			   C:\!KillBox\winmxw32.dll																																																										
Spyware:Cookie/Overture														 Not disinfected			   C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.overture.com/]																																		 
Spyware:Cookie/Doubleclick													  Not disinfected			   C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.doubleclick.net/]																																	  
Spyware:Cookie/Casalemedia													  Not disinfected			   C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.casalemedia.com/]																																	  
Spyware:Cookie/FastClick														Not disinfected			   C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.fastclick.net/]																																		
Spyware:Cookie/Casalemedia													  Not disinfected			   C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.casalemedia.com/]																																	  
Spyware:Cookie/Tribalfusion													 Not disinfected			   C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.tribalfusion.com/]																																	 
Spyware:Cookie/Overture														 Not disinfected			   C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.perf.overture.com/]																																	
Spyware:Cookie/Falkag														   Not disinfected			   C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[as1.falkag.de/]																																		 
Spyware:Cookie/Apmebf														   Not disinfected			   C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.apmebf.com/]																																		   
Spyware:Cookie/Hitbox														   Not disinfected			   C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.hitbox.com/]																																		   
Spyware:Cookie/bravenetA														Not disinfected			   C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.bravenet.com/]																																		 
Spyware:Cookie/YieldManager													 Not disinfected			   C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[ad.yieldmanager.com/]																																   
Spyware:Cookie/Atlas DMT														Not disinfected			   C:\Documents and Settings\DRAZEN\Cookies\[email protected][1].txt																																																	
Spyware:Cookie/Doubleclick													  Not disinfected			   C:\Documents and Settings\DRAZEN\Cookies\[email protected][1].txt																																															  
Potentially unwanted tool:Application/Processor								 Not disinfected			   C:\Documents and Settings\DRAZEN\Desktop\SmitfraudFix\Process.exe																																															   
Potentially unwanted tool:Application/Processor								 Not disinfected			   C:\Documents and Settings\DRAZEN\Local Settings\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\Cache\633285D9d01[SmitfraudFix/Process.exe]																										  
Potentially unwanted tool:Application/Processor								 Not disinfected			   C:\Documents and Settings\DRAZEN\My Documents\Downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]																																							  
Possible Virus.																 Not disinfected			   C:\Program Files\ConTEXT\ReplaceNotepad.exe																																																					 


Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 12:20:53, on 7.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ufdsvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DRAZEN\My Documents\Downloads\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDF3B1C5-3D95-468C-AD42-177FB54F2122}: NameServer = 195.29.150.3 195.29.150.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: UFD Command Service (UFDSVC) - Generic - C:\WINDOWS\system32\ufdsvc.exe



Btw, no more dialers have been downloaded to my hardrive and no more popups have popped up after my second post.
  • 0

#8
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Looking good, we have a little cleanup to do. The last line in the avtive scan got cut off can you post it again please
  • 0

#9
poslanik

poslanik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
It didn't get cut off, it just got shipped to the next line because activescan has kilometre long lines :whistling:

I've added the log file as attachment since the formatting isn't too great.

LOG:

Incident Status Location

Dialer:Dialer.GWG Not disinfected C:\!KillBox\idd45.tmp.exe
Dialer:Dialer.IBW Not disinfected C:\!KillBox\win43.tmp.exe
Adware:Adware/PurityScan Not disinfected C:\!KillBox\winmxw32.dll
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.overture.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\DRAZEN\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\DRAZEN\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\DRAZEN\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\DRAZEN\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\DRAZEN\Local Settings\Application Data\Mozilla\Firefox\Profiles\v712pyll.default\Cache\633285D9d01[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\DRAZEN\My Documents\Downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Possible Virus. Not disinfected C:\Program Files\ConTEXT\ReplaceNotepad.exe

P.S. This last item isn't a virus, it's just a tool to replace notepad with another text editor so it can be used instead of notepad.

Attached Files


Edited by poslanik, 08 December 2006 - 04:29 AM.

  • 0

#10
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

That looks good then :whistling:

Delete this folder C:\killbox

Deleting Cookies in Firefox
  • Click Tools then Options.
  • Click Privacy.
  • Click Clear across from the Cookies option.
  • Click Ok to return to the browser main page.
  • Exit and relaunch the browser.

Is everything back to normal?
  • 0

Advertisements


#11
poslanik

poslanik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi, I've deleted the killbox folder. About the Firefox cookies, I've already deleted them a few days ago. Everything is looking fine now, no malware activity of any kind. Thank you very much :whistling:

Btw, should I delete those files that Panda's Activescan downloaded to my windows folder? I have these strange 3 items in my Windows folder names 'QTFont.for', 'erdnt folder' and 'ntbtlog.txt'. In this erdnt folder there is another folder names subs and inside are some files. One of them is an application named ERDNT and when I run it it says 'With this application you can restore a registry backup of your Windows 200/NT/XP system. Proceed?'.

Here's the ntbtlog.txt, maybe you'll know what it's about:

 Service Pack 212  6 2006 20:12:39.500
Loaded driver \WINDOWS\system32\ntoskrnl.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver sptd.sysa
Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS
Loaded driver \WINDOWS\System32\Drivers\SPTDDRV1.SYS
Loaded driver ACPI.sys
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmload.sys
Loaded driver dmio.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltMgr.sys
Loaded driver sr.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver uagp35.sys
Loaded driver SISAGPX.sys
Loaded driver Mup.sys
Did not load driver ACPI Uniprocessor PC
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\System32\Drivers\GEARAspiWDM.sys
Did not load driver C-Media AC97 Audio Device
Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Loaded driver \SystemRoot\System32\Drivers\afufe933.SYS
Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\System32\drivers\vga.sys
Did not load driver mnmdd.SYS
Did not load driver RDPCDD.SYS
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Did not load driver RasAcd.SYS
Did not load driver IPSec.SYS
Did not load driver Tcpip.SYS
Did not load driver NetBT.SYS
Did not load driver WS2IFSL.SYS
Did not load driver AFD.SYS
Did not load driver NetBIOS.SYS
Did not load driver Serial.SYS
Did not load driver AmdK7.SYS
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Did not load driver Rdbss.SYS
Did not load driver oreans32.SYS
Did not load driver MRxSmb.SYS
Did not load driver Fips.SYS
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Loaded driver \SystemRoot\System32\Drivers\Udfs.SYS
Did not load driver AMD K7 Processor
Did not load driver RADEON 9800 XT (Microsoft Corporation)
Did not load driver RADEON 9800 XT SEC (Microsoft Corporation)
Did not load driver C-Media AC97 Audio Device
Did not load driver SiS 900-Based PCI Fast Ethernet Adapter
Did not load driver Communications Port
Did not load driver ECP Printer Port
Did not load driver Standard Game Port
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

  • 0

#12
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Sorry for the delay, have been under the weather

You can delete the subs folder. The rest are normal. the ntbtlog.txt is NT boot log I believe and is fine

let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

#13
poslanik

poslanik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry for the delay, but I've been (still am) really busy. I'll do what you said in the last post in a few days. Thanks.
  • 0

#14
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Seems we are both busy :whistling:
  • 0

#15
poslanik

poslanik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I've finally did what you said. Thank you a lot for your help :whistling: Great forum really. Take care and happy holidays!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP