I'm Bod and here to help you with your Hijack This log.
Please only use this topic for your replies on this problem. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this problem on this computer.
These things need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.
I am currently looking over your log and as I am an undergraduate at Malware Removal University, everything that I post to you must be checked by an expert. There may therefore be a slight delay between posts. I will post back as soon as I can.
I've looked through your log, and everything looks OK, so as you're reporting problems we'll carry out some more scans.
Before you start, please read through these instructions and make sure that you understand them. If you are not sure about anything, post a reply in this thread with your questions. You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Please do not try any other "fixes" you may have found on the internet while we are sorting this problem out, it's important that we work through the fix in a systematic manner.
Step 1 Java Update - This is essential, earlier versions of Java can be exploited Go to http://java.sun.com/j2se/1.5.0/download.jsp and download and install JRE 5.0 Update 7. Click the link "Download JRE 5.0 Update 7". You will then need to select "Accept License Agreement" and click "Continue". Then click the link "Windows Offline Installation, Multi-language", and save it to your Desktop. Then go back to your Desktop and double click "jre-1_5_0_07-windows-i586-p.exe" to start the install.
Once you have it installed, Click Start > Control Panel > Add/Remove Programs. Allow the list to populate, then click on "Remove" for "J2SE Runtime Environment 5.0 Update 6".
Step 2 You've probably got a lot of Windows Temporary files and Temporary Internet files. Download ATF Cleaner from http://www.atribune.org/ccount/click.php?id=1, run ATF Cleaner, and click on the check box to select the following options: Windows Temp All Users Temp Temporary Internet Files Recycle Bin Click "Empty Selected". Exit when finished.
Step 3 Download Ewido from www.ewido.net/en/download, and install. At the end of the installation process, leave the tick in the "Run Ewido Anti-Spyware 4.0" checkbox. Click "Finish"
When opening screen appears, click "change state" for "Resident Shield" to change state to "inactive" This is done to prevent the resident shield interferring with our attempts to fix the problems present on the pc.
Ewido will automatically update, and a toolbar message balloon will confirm that update is complete. If this doesn't happen, click Update > Start Update.
Close Ewido, and re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.
Run Ewido, and click Scanner > Complete System Scan.
At the end of the scan, a list of found objects will be generated. Check through the list for false positives, and change the "Action" entry if necessary.
Click "Apply all actions"
When the actions have been completed, click Save Report > Save report as, and save report as a text file on your desktop. I will need a copy of the report contents as part of your next post.
You will be promted to install an ActiveX component from Kaspersky, Click "Yes". The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on "NEXT" Now click on "Scan Settings" In the scan settings, make sure that the following are selected: "Scan using the following Anti-Virus database:" Extended (if available otherwise Standard)
"Scan Options:" Scan Archives Scan Mail Bases
Click "OK"
Now under "select a target to scan:" Select "My Computer"
This will program will start and scan your system. The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected. Click on "Save as Text" and save the file to your desktop.
Post the Ewido and KAV scan logs as your next reply.
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\infected.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\Working\database_DEE8_1305_E812_DC19\dfsr.db Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\Working\database_DEE8_1305_E812_DC19\fsr.log Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\Working\database_DEE8_1305_E812_DC19\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\Working\database_DEE8_1305_E812_DC19\tmp.edb Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Windows Live Contacts\willyfromnc@Hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Windows Live Contacts\willyfromnc@Hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\History\History.IE5\MSHist012006062720060628\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Temp\~DF770A.tmp Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Temp\~DF777E.tmp Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Temp\~DF8A5D.tmp Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Temp\~DF8A76.tmp Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\ntuser.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
Thanks for the logs. I've been called away to a site job at Heathrow Airport at short notice, so it'll be tomorrow night before I can have a proper look at them. Sorry about the delay.
Thanks for the logs. Sorry about the delay in replying, as I explaned in my first post to you, as I'm in training at Malware Removal all my posts have to be checked and unfortunately there's been a delay in getting posts checked and approved. Hopefully things will run smoothly now.
I now have some more instructions for you to follow. I've noticed in your new thread that you've now installed IE7. This shouldn't change these instructions, though I notice that WINMX Music now appears to have gone.
Before you start, please read through these instructions and make sure that you understand them. If you are not sure about anything, post a reply in this thread with your questions. You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Step 1 Click Start > Control Panel > Add/Remove Programs. Allow the list to populate.
Personnally, I'd completely get rid of WINMX Music, file sharing programs very often turn into a world of pain as they are an easy means for viruses and all manner of malware to get onto your pc. If you decide to keep it, you need to delete the WebHancer that came with it.
Click on "Remove" for all of the following programs that appear in the list (not all may be there). WinMX Music WebHancer Survey Companion WebHancer Customer Companion
Do not reboot until you have attempted to remove all of these entries entries that you find.
Step 2 Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list. Click My Computer > Tools > View, then put a tick in the "Display the contents of system folders" and "Show hidden files and folders" check boxes. Uncheck the "Hide protected operating system files (recommended)" option. Click "Yes" to confirm. Click "OK". Navigate to the following folders and files and delete each of them. Some may not be present. Folders (delete with all contents) C:\Program Files\WinMX Music\ - If you decided to remove WinMX Music
You also need to search for a file. Click Start > Search > All Files and Folders > More advanced options Make sure that there is a tick in the check box for "Search System Folders", "Search hidden files and folders", and "Search subfolders" Enter the following file name in "All or part of file name" and click on "Search". data.rar
If the file is found, delete it
Reboot as normal.
Step 3 Create a clean system restore point Click Start > Control Panel > System > System Restore Tab and click to put a tick in the "Turn off System Restore" check box, then click "Apply".
Reboot, then click Start > Control Panel > System > System Restore Tab and click to remove the tick in the "Turn off System Restore" check box, and then click Apply > OK to create a new restore point and then close Control Panel.
Step 4 Run Ewido and allow it to automatically update, a toolbar message balloon will confirm that update is complete. If this doesn't happen, click Update > Start Update.
Close Ewido, and re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.
Run Ewido, and click Scanner > Complete System Scan.
At the end of the scan, a list of found objects will be generated. Check through the list for false positives, and change the "Action" entry if necessary.
Click "Apply all actions"
When the actions have been completed, click Save Report > Save report as, and save report as a text file on your desktop. I will need a copy of the report contents as part of your next post.
You will be promted to install an ActiveX component from Kaspersky, Click "Yes". The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on "NEXT" Now click on "Scan Settings" In the scan settings, make sure that the following are selected: "Scan using the following Anti-Virus database:" Extended (if available otherwise Standard)
"Scan Options:" Scan Archives Scan Mail Bases
Click "OK"
Now under "select a target to scan:" Select "My Computer"
This will program will start and scan your system. The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected. Click on "Save as Text" and save the file to your desktop.
Post the new Ewido and KAV scan logs as your next reply.
C:\WINDOWS\system32\ld101.tmp -> Downloader.Zlob.rk : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo__taibo@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo__taibo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo__taibo@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo__taibo@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo__taibo@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
::Report end
Here is the kas report
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\ntuser.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
Thanks for the Ewido and KAV logs, they both look OK and have quarantined anything detected.
I've also had a look at the second hijack This log you've posted. Again there's nothing significantly wrong there, although I notice that you've now got NetRatings Netmeter auto-starting and running, which is a suspect program. You need to remove it, see http://www.pcreview.co.uk/startup/NetMeter.exe/NetMeter.php
You also had ArcadeRockstar running which is another program that allows popup advertising, so I recommend that that is also removed
Please follow these next steps.
Again, before you start, please read through these instructions and make sure that you understand them. If you are not sure about anything, post a reply in this thread with your questions. You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Step 1 Click Start > Control Panel > Add/Remove Programs. Allow the list to populate, then click on "Remove" for the following program that may appear in the list. Netmeter ArcadeRockstar
Reboot.
Step 2 Press Ctrl-Alt-Del and choose "Task Manager". Click on the "Processes" tab and click on the "Show processes from all users" check box to put a tick in the box. Click on the column heading "Image Name", then look for each of the following processes in the list. NielsenOnline.exe NetMeter_update_en_4.70.21.0_MEGAPANEL_USA.exe nmupdate.exe
If found, click to highlight then click on "End Process". If a process is listed more than once, you need to end all copies of the process. Close Task Manager.
Step 3 Run Hijack This, don't have any other programs open, and click "Scan". In the scan results, click on the check box for all of the following lines that are present. O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe O16 - DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.70.19.0_MEGAPANEL_USA.cab
Click on "Fix checked".
Step 4 Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list. Click My Computer > Tools > View, then put a tick in the "Display the contents of system folders" and "Show hidden files and folders" check boxes. Uncheck the "Hide protected operating system files (recommended)" option. Click "Yes" to confirm. Click "OK". Navigate to the following folders and delete each of them. Some may not be present. Folders (delete with all contents) C:\Program Files\NetRatingsNetmeter\ C:\Program Files\ArcadeRockstar\
Reboot as normal.
Step 5 Run ATF Cleaner, and click on the check box to select the following options: Windows Temp All Users Temp Temporary Internet Files Recycle Bin Click "Empty Selected". Exit when finished.
Step 6 As there is a long delay when you're booting up the pc, I'd like to see a boot log. Click Start > Run and type "MSConfig" (without the quotes) in the "Open:" box then click "OK". When the System Configuration Utility has opened, click on the "BOOT.INI" tab, and click the checkbox for "/BOOTLOG" under the "Boot Options" heading. DO NOT alter any other settings. Click "OK" and reboot. When the pc has rebooted, a log file will have been created, C:\bootlog.txt. I will need a copy of the contects with your next post. Open the System Configuration Utility again and remove the tick against "/BOOTLOG".
Step 7 Run Hijack This, "Scan" and post the log, together with the contents of bootlog.txt as a reply to this thread. I'll check it through, and get back to you.
Ok i went to msconfig and then put a check on the /bootlog thingy and then restarted but i dont see the log nowhere in the computer, also i did run and put C:\bootlog.txt and it didnt find it.
ok i dont know if this is it but this is the only one i found on the c:/ its called boot and it have this
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Ya that worked out well. ok here it is its very very looong.....
Service Pack 2 5 9 2006 15:47:37.500
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmio.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltMgr.sys
Loaded driver drvmcdb.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Did not load driver ACPI Uniprocessor PC
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
my bad dont read the post above i think this list its too big so its gonna be like 10 posts/ i think its because i rebooted my computer twice and it created two lists, because im seeing the same stuff over over again..brb
Bod99
561 Posts
0
June 26th, 2006 18:00
I'm Bod and here to help you with your Hijack This log.
Please only use this topic for your replies on this problem. Do not start another thread.
The fixes we will use are specific to your problems and should only be used for this problem on this computer.
These things need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.
I am currently looking over your log and as I am an undergraduate at Malware Removal University, everything that I post to you must be checked by an expert. There may therefore be a slight delay between posts. I will post back as soon as I can.
Thanks,
Bod
Bod99
561 Posts
0
June 27th, 2006 06:00
Hi again,
I've looked through your log, and everything looks OK, so as you're reporting problems we'll carry out some more scans.
Before you start, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.
You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Please do not try any other "fixes" you may have found on the internet while we are sorting this problem out, it's important that we work through the fix in a systematic manner.
Step 1
Java Update - This is essential, earlier versions of Java can be exploited
Go to http://java.sun.com/j2se/1.5.0/download.jsp and download and install JRE 5.0 Update 7.
Click the link "Download JRE 5.0 Update 7". You will then need to select "Accept License Agreement" and click "Continue". Then click the link "Windows Offline Installation, Multi-language", and save it to your Desktop.
Then go back to your Desktop and double click "jre-1_5_0_07-windows-i586-p.exe" to start the install.
Once you have it installed, Click Start > Control Panel > Add/Remove Programs.
Allow the list to populate, then click on "Remove" for "J2SE Runtime Environment 5.0 Update 6".
Step 2
You've probably got a lot of Windows Temporary files and Temporary Internet files.
Download ATF Cleaner from http://www.atribune.org/ccount/click.php?id=1, run ATF Cleaner, and click on the check box to select the following options:
Windows Temp
All Users Temp
Temporary Internet Files
Recycle Bin
Click "Empty Selected". Exit when finished.
Step 3
Download Ewido from www.ewido.net/en/download, and install. At the end of the installation process, leave the tick in the "Run Ewido Anti-Spyware 4.0" checkbox. Click "Finish"
When opening screen appears, click "change state" for "Resident Shield" to change state to "inactive" This is done to prevent the resident shield interferring with our attempts to fix the problems present on the pc.
Ewido will automatically update, and a toolbar message balloon will confirm that update is complete. If this doesn't happen, click Update > Start Update.
Close Ewido, and re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.
Run Ewido, and click Scanner > Complete System Scan.
At the end of the scan, a list of found objects will be generated. Check through the list for false positives, and change the "Action" entry if necessary.
Click "Apply all actions"
When the actions have been completed, click Save Report > Save report as, and save report as a text file on your desktop. I will need a copy of the report contents as part of your next post.
Reboot as normal.
Step 4
Do an online scan with Kaspersky WebScanner at http://www.kaspersky.com/virusscanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click "Yes".
The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on "NEXT"
Now click on "Scan Settings"
In the scan settings, make sure that the following are selected:
"Scan using the following Anti-Virus database:"
Extended (if available otherwise Standard)
"Scan Options:"
Scan Archives
Scan Mail Bases
Click "OK"
Now under "select a target to scan:" Select "My Computer"
This will program will start and scan your system. The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected. Click on "Save as Text" and save the file to your desktop.
Post the Ewido and KAV scan logs as your next reply.
Thanks,
Bod
willyfromnc
47 Posts
0
June 27th, 2006 19:00
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001868.exe/data0004/fatovernet.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001868.exe/data0004 Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001868.exe/data0014/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001868.exe/data0014/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001868.exe/data0014 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001868.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP13\A0002055.exe/fatovernet.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP13\A0002055.exe Thinstall: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP13\A0002055.exe PE_Patch: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP21\A0004338.exe/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP21\A0004338.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP21\A0004661.exe/fatovernet.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP21\A0004661.exe Thinstall: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP21\A0004661.exe PE_Patch: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP26\change.log Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000254.exe/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000254.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0000981.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0000985.exe/user32.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0000985.exe/dr.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0000985.exe/shell32.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0000985.exe SetupFactory: infected - 3 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0000989.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0000990.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0000991.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0000999.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP8\A0001002.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001022.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001025.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001028.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001029.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001031.exe Infected: Trojan-Downloader.Win32.Agent.ala skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001034.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001038.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001041.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001043.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001048.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001049.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001056.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.q skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001057.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001059.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001060.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001062.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001068.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001070.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001071.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001077.exe/user32.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001077.exe/dr.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001077.exe/shell32.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001077.exe SetupFactory: infected - 3 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001078.exe/user32.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001078.exe/dr.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001078.exe/shell32.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001078.exe SetupFactory: infected - 3 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001079.exe/user32.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001079.exe/dr.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001079.exe/shell32.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001079.exe SetupFactory: infected - 3 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001082.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001083.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001084.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001086.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001087.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001088.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001090.exe/user32.exe Infected: Trojan-Downloader.Win32.Harnig.bh skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001090.exe/dr.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001090.exe/shell32.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001090.exe SetupFactory: infected - 3 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\A0001611.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ld101.tmp Infected: Trojan-Downloader.Win32.Zlob.rk skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
willyfromnc
47 Posts
0
June 27th, 2006 19:00
ewido anti-spyware - Scan Report
---------------------------------------------------------
C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@c1.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo taibo@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld671D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9AFF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
willyfromnc
47 Posts
0
June 27th, 2006 19:00
the whole report exceeded 200 characters
1st part kas:
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\infected.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\Working\database_DEE8_1305_E812_DC19\dfsr.db Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\Working\database_DEE8_1305_E812_DC19\fsr.log Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\Working\database_DEE8_1305_E812_DC19\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Messenger\willyfromnc@hotmail.com\SharingMetadata\Working\database_DEE8_1305_E812_DC19\tmp.edb Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Windows Live Contacts\willyfromnc@Hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Windows Live Contacts\willyfromnc@Hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\History\History.IE5\MSHist012006062720060628\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Temp\~DF770A.tmp Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Temp\~DF777E.tmp Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Temp\~DF8A5D.tmp Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Temp\~DF8A76.tmp Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\ntuser.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp Infected: Trojan-Downloader.Win32.Zlob.ri skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2D.tmp Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\31.tmp Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\36D.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\6B.tmp Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\6C.tmp Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\6F.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\75.tmp Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\77.tmp Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\79.tmp Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\7C.tmp Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\80.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\82.tmp Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\85.tmp Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\87.tmp Infected: Trojan-Downloader.Win32.VB.abm skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\8A.tmp Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\8E.tmp Infected: Trojan.Win32.StartPage.aju skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\90.tmp Infected: Trojan-Downloader.Win32.Adload.bv skipped
C:\Program Files\Windows Media Player\kyde.html Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\WinMX Music\whCC-MIND.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\Program Files\WinMX Music\whCC-MIND.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.b skipped
C:\Program Files\WinMX Music\whCC-MIND.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\WinMX Music\whCC-MIND.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.370 skipped
C:\Program Files\WinMX Music\whCC-MIND.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\WinMX Music\whCC-MIND.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\WinMX Music\whCC-MIND.exe RarSFX: infected - 6 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001821.exe/data0004/fatovernet.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001821.exe/data0004 Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001821.exe/data0014/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001821.exe/data0014/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001821.exe/data0014 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001821.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001822.exe/data0004/fatovernet.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001822.exe/data0004 Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001822.exe/data0014/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001822.exe/data0014/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP10\A0001822.exe/data0014 Infected: not-a-virus:AdWare.Win32.Ucmore skipped
Bod99
561 Posts
0
June 27th, 2006 22:00
Hi,
Thanks for the logs. I've been called away to a site job at Heathrow Airport at short notice, so it'll be tomorrow night before I can have a proper look at them. Sorry about the delay.
Bod
Message Edited by Bod99 on 06-27-200606:48 PM
Bod99
561 Posts
0
July 1st, 2006 22:00
Hi again,
Thanks for the logs. Sorry about the delay in replying, as I explaned in my first post to you, as I'm in training at Malware Removal all my posts have to be checked and unfortunately there's been a delay in getting posts checked and approved. Hopefully things will run smoothly now.
I now have some more instructions for you to follow. I've noticed in your new thread that you've now installed IE7. This shouldn't change these instructions, though I notice that WINMX Music now appears to have gone.
Before you start, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.
You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Step 1
Click Start > Control Panel > Add/Remove Programs.
Allow the list to populate.
Personnally, I'd completely get rid of WINMX Music, file sharing programs very often turn into a world of pain as they are an easy means for viruses and all manner of malware to get onto your pc. If you decide to keep it, you need to delete the WebHancer that came with it.
Click on "Remove" for all of the following programs that appear in the list (not all may be there).
WinMX Music
WebHancer Survey Companion
WebHancer Customer Companion
Do not reboot until you have attempted to remove all of these entries entries that you find.
Step 2
Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.
Click My Computer > Tools > View, then put a tick in the "Display the contents of system folders" and "Show hidden files and folders" check boxes. Uncheck
the "Hide protected operating system files (recommended)" option.
Click "Yes" to confirm.
Click "OK".
Navigate to the following folders and files and delete each of them. Some may not be present.
Folders (delete with all contents)
C:\Program Files\WinMX Music\ - If you decided to remove WinMX Music
Files
C:\Program Files\WinMX Music\whCC-MIND.exe
C:\WINDOWS\system32\actskn45.ocx
C:\WINDOWS\system32\1024\ld671D.tmp
C:\WINDOWS\system32\1024\ld9AFF.tmp
C:\Program Files\Windows Media Player\kyde.html
C:\WINDOWS\system32\ld101.tmp
You also need to search for a file.
Click Start > Search > All Files and Folders > More advanced options
Make sure that there is a tick in the check box for "Search System Folders", "Search hidden files and folders", and "Search subfolders"
Enter the following file name in "All or part of file name" and click on "Search".
data.rar
If the file is found, delete it
Reboot as normal.
Step 3
Create a clean system restore point
Click Start > Control Panel > System > System Restore Tab and click to put a tick in the "Turn off System Restore" check box, then click "Apply".
Reboot, then click Start > Control Panel > System > System Restore Tab and click to remove the tick in the "Turn off System Restore" check box, and then click Apply > OK to create a new restore point and then close Control Panel.
Step 4
Run Ewido and allow it to automatically update, a toolbar message balloon will confirm that update is complete. If this doesn't happen, click Update > Start Update.
Close Ewido, and re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.
Run Ewido, and click Scanner > Complete System Scan.
At the end of the scan, a list of found objects will be generated. Check through the list for false positives, and change the "Action" entry if necessary.
Click "Apply all actions"
When the actions have been completed, click Save Report > Save report as, and save report as a text file on your desktop. I will need a copy of the report contents as part of your next post.
Reboot as normal.
Step 5
Do an online scan again with Kaspersky WebScanner at http://www.kaspersky.com/virusscanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click "Yes".
The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on "NEXT"
Now click on "Scan Settings"
In the scan settings, make sure that the following are selected:
"Scan using the following Anti-Virus database:"
Extended (if available otherwise Standard)
"Scan Options:"
Scan Archives
Scan Mail Bases
Click "OK"
Now under "select a target to scan:" Select "My Computer"
This will program will start and scan your system. The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected. Click on "Save as Text" and save the file to your desktop.
Post the new Ewido and KAV scan logs as your next reply.
Thanks,
Bod
willyfromnc
47 Posts
0
July 2nd, 2006 22:00
Ewido:
--------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:47:59 AM 7/2/2006
+ Scan result:
C:\WINDOWS\system32\ld101.tmp -> Downloader.Zlob.rk : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo__taibo@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo__taibo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo__taibo@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo__taibo@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\guillermo__taibo@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
::Report end
Here is the kas report
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\ntuser.dat Object is locked skipped
C:\Documents and Settings\Guillermo Taibo.GUILLERMO\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2B.tmp Infected: Trojan-Downloader.Win32.Zlob.ri skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2D.tmp Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\31.tmp Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\34F5.tmp/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\34F5.tmp/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\34F5.tmp/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\34F5.tmp/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\34F5.tmp NSIS: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\34F5.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\350B.tmp Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\36D.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\6B.tmp Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\6C.tmp Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\6F.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\75.tmp Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\77.tmp Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\79.tmp Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\7C.tmp Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\80.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\82.tmp Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\85.tmp Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\87.tmp Infected: Trojan-Downloader.Win32.VB.abm skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\8A.tmp Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\8E.tmp Infected: Trojan.Win32.StartPage.aju skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\90.tmp Infected: Trojan-Downloader.Win32.Adload.bv skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP36\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Bod99
561 Posts
0
July 3rd, 2006 18:00
Hi again,
Thanks for the Ewido and KAV logs, they both look OK and have quarantined anything detected.
I've also had a look at the second hijack This log you've posted. Again there's nothing significantly wrong there, although I notice that you've now got NetRatings Netmeter auto-starting and running, which is a suspect program. You need to remove it, see http://www.pcreview.co.uk/startup/NetMeter.exe/NetMeter.php
You also had ArcadeRockstar running which is another program that allows popup advertising, so I recommend that that is also removed
Please follow these next steps.
Again, before you start, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.
You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.
Please follow and carry out all the steps in the instructions in the order I've listed them.
Step 1
Click Start > Control Panel > Add/Remove Programs.
Allow the list to populate, then click on "Remove" for the following program that may appear in the list.
Netmeter
ArcadeRockstar
Reboot.
Step 2
Press Ctrl-Alt-Del and choose "Task Manager". Click on the "Processes" tab and click on the "Show processes from all users" check box to put a tick in the box. Click on the column heading "Image Name", then look for each of the following processes in the list.
NielsenOnline.exe
NetMeter_update_en_4.70.21.0_MEGAPANEL_USA.exe
nmupdate.exe
If found, click to highlight then click on "End Process". If a process is listed more than once, you need to end all copies of the process.
Close Task Manager.
Step 3
Run Hijack This, don't have any other programs open, and click "Scan".
In the scan results, click on the check box for all of the following lines that are present.
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O16 - DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.70.19.0_MEGAPANEL_USA.cab
Click on "Fix checked".
Step 4
Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.
Click My Computer > Tools > View, then put a tick in the "Display the contents of system folders" and "Show hidden files and folders" check boxes. Uncheck
the "Hide protected operating system files (recommended)" option.
Click "Yes" to confirm.
Click "OK".
Navigate to the following folders and delete each of them. Some may not be present.
Folders (delete with all contents)
C:\Program Files\NetRatingsNetmeter\
C:\Program Files\ArcadeRockstar\
Reboot as normal.
Step 5
Run ATF Cleaner, and click on the check box to select the following options:
Windows Temp
All Users Temp
Temporary Internet Files
Recycle Bin
Click "Empty Selected". Exit when finished.
Step 6
As there is a long delay when you're booting up the pc, I'd like to see a boot log.
Click Start > Run and type "MSConfig" (without the quotes) in the "Open:" box then click "OK".
When the System Configuration Utility has opened, click on the "BOOT.INI" tab, and click the checkbox for "/BOOTLOG" under the "Boot Options" heading. DO NOT alter any other settings.
Click "OK" and reboot.
When the pc has rebooted, a log file will have been created, C:\bootlog.txt. I will need a copy of the contects with your next post.
Open the System Configuration Utility again and remove the tick against "/BOOTLOG".
Step 7
Run Hijack This, "Scan" and post the log, together with the contents of bootlog.txt as a reply to this thread. I'll check it through, and get back to you.
Thanks,
Bod
willyfromnc
47 Posts
0
July 3rd, 2006 20:00
willyfromnc
47 Posts
0
July 3rd, 2006 20:00
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Bod99
561 Posts
0
July 4th, 2006 09:00
Hi,
Sorry, my fault. I gave you the wrong filename to look for.
The log file I want is Ntbtlog.txt
Bod
willyfromnc
47 Posts
0
July 4th, 2006 13:00
Service Pack 2 5 9 2006 15:47:37.500
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmio.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltMgr.sys
Loaded driver drvmcdb.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Did not load driver ACPI Uniprocessor PC
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
Did not load driver Audio Codecs
Did not load driver Legacy Audio Drivers
Did not load driver Media Control Devices
Did not load driver Legacy Video Capture Devices
Did not load driver Video Codecs
Did not load driver WAN Miniport (L2TP)
Did not load driver WAN Miniport (IP)
Did not load driver WAN Miniport (PPPOE)
Did not load driver WAN Miniport (PPTP)
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Packet Scheduler Miniport
Did not load driver Direct Parallel
Did not load driver Intel Processor
Did not load driver Microsoft AC Adapter
Did not load driver Microsoft ACPI-Compliant Control Method Battery
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family
Did not load driver Broadcom 440x 10/100 Integrated Controller
Did not load driver Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
willyfromnc
47 Posts
0
July 4th, 2006 13:00
willyfromnc
47 Posts
0
July 4th, 2006 14:00
Service Pack 2 7 4 2006 10:52:44.500
Loaded driver \WINDOWS\system32\ntkrnlpa.exe
Loaded driver \WINDOWS\system32\hal.dll
Loaded driver \WINDOWS\system32\KDCOM.DLL
Loaded driver \WINDOWS\system32\BOOTVID.dll
Loaded driver ACPI.sys
Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS
Loaded driver pci.sys
Loaded driver isapnp.sys
Loaded driver compbatt.sys
Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS
Loaded driver pciide.sys
Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Loaded driver intelide.sys
Loaded driver MountMgr.sys
Loaded driver ftdisk.sys
Loaded driver dmio.sys
Loaded driver PartMgr.sys
Loaded driver VolSnap.sys
Loaded driver atapi.sys
Loaded driver disk.sys
Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Loaded driver fltMgr.sys
Loaded driver sr.sys
Loaded driver drvmcdb.sys
Loaded driver PxHelp20.sys
Loaded driver KSecDD.sys
Loaded driver Ntfs.sys
Loaded driver NDIS.sys
Loaded driver Mup.sys
Loaded driver \SystemRoot\system32\DRIVERS\intelppm.sys
Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys
Loaded driver \SystemRoot\system32\DRIVERS\ialmnt5.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\bcmwl5.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\SynTP.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys
Loaded driver \SystemRoot\system32\drivers\sscdbhk5.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys
Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\psched.sys
Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\update.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\omci.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\system32\drivers\sthda.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSF_DPV.sys
Loaded driver \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS
Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS
Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\system32\drivers\ssrtln.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys
Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\System32\drivers\afd.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\system32\DRIVERS\serial.sys
Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\System32\Drivers\tmtdi.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
Loaded driver \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys
Loaded driver \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
Loaded driver \SystemRoot\system32\drivers\Tmpreflt.sys
Loaded driver \SystemRoot\system32\drivers\Vsapint.sys
Loaded driver \SystemRoot\system32\drivers\TmXPFlt.sys
Loaded driver \SystemRoot\system32\drivers\drvnddm.sys
Loaded driver \SystemRoot\system32\dla\tfsndres.sys
Loaded driver \SystemRoot\system32\dla\tfsnifs.sys
Loaded driver \SystemRoot\system32\dla\tfsnopio.sys
Loaded driver \SystemRoot\system32\dla\tfsnpool.sys
Loaded driver \SystemRoot\system32\dla\tfsnboio.sys
Loaded driver \SystemRoot\system32\dla\tfsncofs.sys
Loaded driver \SystemRoot\system32\dla\tfsndrct.sys
Loaded driver \SystemRoot\system32\dla\tfsnudf.sys
Loaded driver \SystemRoot\system32\dla\tfsnudfa.sys
Loaded driver \SystemRoot\system32\DRIVERS\AegisP.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys
Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
Loaded driver \SystemRoot\system32\drivers\splitter.sys
Loaded driver \SystemRoot\system32\drivers\aec.sys
Loaded driver \SystemRoot\system32\drivers\swmidi.sys
Loaded driver \SystemRoot\system32\drivers\DMusic.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys
Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys
Loaded driver \SystemRoot\System32\Drivers\MCSTRM.SYS
Loaded driver \SystemRoot\system32\DRIVERS\mdmxsdk.sys
Loaded driver \SystemRoot\system32\DRIVERS\srv.sys
Loaded driver \SystemRoot\System32\Drivers\tm_cfw.sys
Did not load driver \SystemRoot\system32\DRIVERS\ipnat.sys
Loaded driver \SystemRoot\system32\drivers\kmixer.sys