Posts by DMR

Cool- glad we could help :)

You've got a lot of "unwanted guests" on your system. Let's see what some of the automated malware removers can take care of before we dig in to the manual removal procedures.

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out these instructions or save them into a text file with Notepad.

C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe
The log entry above indicates that you are running the HijackThis.exe program from within the HijackThis.zip download package. You are also running HJT from within a Temp/Temporary downloads folder.
One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!

Please do the following:

* Create a folder for HJT outside of any Temp/Temporary folders. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
* Right-click on the HijackThis.zip folder and choose the "Extract all..." option from the resulting drop-down menu. This will start Windows' Folder Extraction Wizard. Click the "Next" button to start the wizard.
* In the next window, click on the "Browse" button. In the destination selection box, navigate to the new folder you created for HJT, hilight it, and click "OK".
* Click "Next", and then click …

I definitely see infections in that log, but I'd like to see a report from an ewido scan as well before digging in to the fixes.

Please configure and run ewido as follows:

* Open ewido and click the Update button to make sure that you have the absolutely most current updates installed. Close the program once the updates are installed.

* * Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Log in to the Administrator account.

Once booted in to Safe Mode:

* Open ewido

• Click on scanner at the top of the Ewido sceen
• Click on Settings
• Under How to Act click on Recommended Action choose Delete.
• Under How to scan, all boxes should be selected
• Under Possibly unwanted software, all boxes should be selected
• On right side under Reports: click on Automatically generate report after every scan.
• Under What to scan, select scan every file
• Clickon the Scan Tab
• Click on Complete system scan
• Let the program scan the machine It can take awhile give it time.
• When scan has finished At bottom of screen click Apply all Actions
• Click Save report
• Click Save Report as …

You have a couple of signs fo infections in your log, but more importantly performace-wise, you have a lot unneccessary processes running at startup. Also- AOL's packages are very piggy; I'd suggest only using what you absolutely need in terms of that software.

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* C:\DOCUME~1\RACHEL~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
The log entry above indicates that you are running the HijackThis.exe program from within the HijackThis.zip download package. You are also running HJT from within a Temp/Temporary downloads folder.
One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!

Please do the following:

* Create a folder for HJT outside of any Temp/Temporary folders. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.
* Right-click on the HijackThis.zip folder and choose the "Extract all..." option from the resulting drop-down menu. This will start Windows' Folder Extraction Wizard. Click the "Next" button to start the wizard.
* In the next window, click on the "Browse" button. In the destination selection box, navigate to the new folder you created for HJT, hilight it, and …

In general, you can (and should) have at least a couple of decent antispyware programs installed and monitoring your system, but you shold not try running more than one antivirus or firewall program; conflicts will occur if your do.

Given that, and the programs you have, I'd recommend:

* Uninstall the Norton firewall and antivirus packages.
* Antivirus: AVG Free (there's no reason for you to buy the retail version)
* Firewall: Outpost
* Antispyware:
- Ewido (buying the full version will let you continue using its real-time protection and automatic updating features. If you're going to actually pay for the full version of an antispyware program, ewido would be a good choice)
- Keep Windows Defender.

Just one question:
Since the emails seem to originate from a Symantec proxy program,

what about "O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe"?

That's just Symantec's email-scanning and firewall component; it's totally legit.

Just to be absolutely clear- you're saying that you have no way whatsoever of booting to a usable Windows desktop, yes?

Can you give any other details/history to go on? Make/model of the computer, if anything had changed software or hardware wise around the time the problem first occured, etc.

Technically, infections can't infect/affect hardware per se, but they can corrupt software associated with a given piece of hardware (driver software and the like).

Aside from the infection Xpenetrator mentioned, your log is clean.

Sounds like filesystem corruption.

1. Double-click on your My Computer icon.
2. Right-click on your C: drive.
3. Choose "Properties" from the resulting drop-down menu.
4. In the Properties window, click on the "Tools" tab.
5. In the "Error Checking" section, click the "Check now" button.
6. In the resulting pop-up window, put a check in both option boxes and then click the "Start" button.

The filesystem/disk scan will take a while, so be patient.

* What kinds of errors are you getting?
* Do all attempts fail at the download stage, or do some fail when you're trying to actually install the * AV programs?

* Open the Event Viewer utility in your Administrative Tools control panel and look through your System and Application logs for entries flagged with "Error" or "Warning", especially those whose time-stamps coincide with the occurence of the problem(s). Double-clicking on such an entry will open a properties window with more detailed information on the error; post the details from a representative sample of some of the different error messages (please don't post duplicates of a given entry, or flood us with the entire contents of the logs).

To post the details:
In the Properties window of a given entry, click on the button with the graphic of two pieces of paper on it; the button is at the right of the window just below the up arrow/down arrow buttons. You won't see anything happen when you click the button, but it will copy all of the details to the Windows clipboard. You can then paste the details into your next post here.

Your log shows signs of what are (probably) leftovers of prior infections, but otherwise it's fairly clean. Please do the following:

* Download the following utilities and save them to your desktop or another convenient folder:

ATF-Cleaner
WinsockXPFix
ewido Anti-spyware (30-day trial version)

* Install and Configure ewido:

• Close all other Applications and then run the ewido installer
• Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't, click update at the top of the screen.
• It is very important to get the updates
• When updating has finished, close Ewido.

* Run WinsockXPFix. A visual walk-through of the process can be found here.

* Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Log in to the Administrator account.

Once booted in to Safe Mode:

* Run ATF-Cleaner
- Double-click ATF-Cleaner.exe to open the program.
- Under Main choose: Select All
- Click the Empty Selected button.

If you use Firefox browser : …

Thanks, I'll keep that in mind.

I should have closed this thread after post #4; it's just gone downhill from there. That's it- we're done here.

...and after closing at those port.. even my connection and computer performance getting bettr and faster!!!

That makes sense- the fewer network services you have up and running, the more bandwidth you have for everything else. :)

You have a "SpywareQuake" infection. The removal instructions, complete with a visual walk-through, can be found here.

plaese view with internet explorer , firefox didn't mange to open the whole pge, i'm truly sorry for this.

No worries; it's not your fault. We've found that FireFox chokes on threads with long log files in them, but we haven't figured out why it happens.

* Your ewido log lists "No action taken" for all of the entries it found , even though my instructions had you set ewido's Recommended Action to "Delete". Do you have any idea what happened there?

You'll need to follow the instructions in my previous post again, making sure that ewido actually fixes the items it finds this time.
Post the new ewido and HJT logs after that, and feel free to ask if you have any problems with the procedure.

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Open your Add/Remove Programs control panel and uninstall the WinAntiVirus software if you find it in the list of installed programs.

* Download the following utilities and save them to your desktop or another convenient folder:

ATF-Cleaner
ewido Anti-spyware (30-day trial version)

* Install and Configure ewido:

• Close all other Applications and then run the ewido installer
• Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If it doesn't, click update at the top of the screen.
• It is very important to get the updates
• When updating has finished, close Ewido.

* Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Put a check next to Run VundoFix as a task.
• You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank …

Thank you for gathering all of that info into one post, Xpenetrator!

As this exploit/problem looks like it will be a "chart-topper" for the near future, I'm pinning this thread to the top of the forum list as a reference for all.
:)

<EDIT>

I hope you don't mind that I changed the thread title slightly to make it more immediately descriptive...

</EDIT>

And did you save the ewido log? If so, please post it.

Your machine is more than a bit of a mess, I'm afraid; you've got signs of several different infections in your HJT log.

Please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

1. Open your Add/Remove Programs control panel and uninstall any and all programs related to the following:

Altnet
TopSearch
Points Manager
RXToolbar
InstaFinder/InstaFink
BestOffers/The Best
Need2Find
iWon
ToolBar888/MaxFiles/FreeProd/MyToolBar
DollarRevenue
Registry Defender Trial
P2P networking
The Weather Channel/Desktop Weather
PuritySCAN By OIN/OuterInfo/Snowballwars
Unless you've already paid $$ for them (and I hope you haven't), uninstall all of the 3b Software packages (Windows Clean-Up Pro, RegistryRepairPro.exe 4, etc.). The 3b company has a less-than-honorable history, to say the least.

2. Download and install the most current updates for your McAfee antivirus.

3. Download the following utilities and save them to your desktop or another convenient folder:

ATF-Cleaner
ewido Anti-spyware (30-day trial version)

* Install and Configure ewido:

• Close all other Applications and then run the ewido installer
• Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait Ewido will open main screen automatically.
• Wait again a few minutes and Ewido Should Auto update itself. If …

Ah. Where did it say that? If it did, sorry, my eyes skipped it.

Well then- here, have another look:
"Do not spam, advertise, plug your website, or engage in any other type of self promotion."

Full Posting Rules are here; might want to give the whole thing a read. :mrgreen:

Hi labert22,

The symptom you describe is common to a certain family of malicious infections, but we don't deal with such issues in this particular forum. Please post your question in a new thread of your own in our spyware forum and we'll assist you from there.

Hi people:

As stated in our posting rules, we ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please give us as much specific info as possible regarding the problem (exact error messages, system specs, troubleshooting steps you've already tried, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

Hi chungkiap,

The behaviour you're seeing is apparently due to a security hole found in netapi32.dll, which (as of about Aug. 12th) is being exploited by hackers. Please do the following:

1. Download and install Microsoft's security fix.

2. Download the free Windows Worms Doors Closer utility. Run the utility and choose to disable all of the ports/services it lists. Note that if you have a local network and need to share files/printers with other computers on that network, you'll have to leave NetBIOS enabled.

After doing the above, test-drive the computer for a while and let us know if you still experience the crashes or not.

I have this exact same problem!... What am I supposed to do?

Hi tyranny,

As stated in our posting rules, we ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please give us as much specific info as possible regarding the problem (exact error messages, system specs, troubleshooting steps you've already tried, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_policies

Thanks for understanding.

What you're describing is what I've thought was happening: something is restoring the unwanted registry entries when you reboot. What you're doing is correct, we're just not seeing whatever is responsible for restoring the entries. I thought it might be the System Restore feature, which is why I had you disable it. I'll have to ask some of the other malware gurus if they've got any suggestions...

The fact that the Registry reference to the msgame32.exe file is still present isn't a Good Thing, although it may just mean that while the file itself was deleted, the Reg reference wasn't.

1. Open your Task Manager by simputaneously holding down the Ctrl+Alt+Delete keys and then clicking the Task Manager button in the resulting window.

In the Task Manager, click on the Processes tab, scroll down through the list of processes, and see if you see an entry for msgame32.exe or an entry related to Game Updater. If you see an entry there, then the infection itself is still present; hilight the entry and then click the "End Process" button at the bottom right side of the Task Manager window. If you don't see an entry, then it's probably just the Registry entry which is left over.

2. Run HijackThis and have it fix the O4 - HKLM\..\Run: [Microsoft Windows Game Updater] msgame32.exe entry again.

3. Double-click on your My Computer icon to open Windows Explorer.
* In the Folder Options->View settings under Explorer's Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".
* Click on the "Search" button.
* In the "All or part of the file name" box, type msgame
* In the "Look in" drop-down menu, select your "C:" drive.
* Click on "More Advanced Options.
* In the …

Do you really think that everyone wants to read all that? I know you're trying to be helpful, but sometimes it's best that you do some research first, not just dump a huge log file at us.

Actually, the logs are very helpful, because a user is very rarely infected with only one piece of malware SilverOne's HJT log is a case in point; there are at least two separate, distinct malware infections indicated in that log. This is something we would not have known from the poster's description of the problem alone.

Also- I'd ask you to read through your response as a whole. It's a bit brusque, especially when directed at someone who is posting here for the first time.

.

1.

this message was written with keyboard on scrreen

I'm not sure what you're trying to say there; can you clarify please?

2. Uninstall the Logitech Desktop Meesenger through your Add/Remove Programs control panel. The LDM program's primary job is to automatically check for online updates for your Logitech devices. Not only do you not need it running, but it really clutters up HijackThis logs, as you can see in your log.

Also uninstall any/all of the following bogus/malicious programs if they exist:

Trust Cleaner
TrustIn Bar
TrustIn Contextual Ads
Trustin Popups
TrustIn Search Assistant
Trust Cleaner Promo
Hotbar Web Tools
Hotbar Outlook Tools
Shopper Reports by Hotbar

3. Your log also has abnormal like breaks in it which make it difficult to read. Please post the contents of your next log by opening the HijackThis.log file in Windows Notepad, choosing "Select all" from the Edit menu, and then "Copy" from the Edit menu. If you paste that content into your posts here, it should format correctly.

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

4. Open your antivirus program and download/install its most current updates. Don't run a scan with the program yet, though.

5. Download the following utilities and save them …

Hi nando2006, welcome to Daniweb :)

To begin with, please tell us:

* The web browser you're using (IE, Firefox, etc.)
* The exact version of Windows you're using.
* Try to describe the problem in more detail:
- Is it all links that exhibit the problem?
- If it's only some links, do they have anything in common?
- When did this problem start to occur?
- Had any changes at all been made to the computer around the time the problem started to occur?
* Are you using any 3rd-party software (the Google or Yahoo Toolbars, for example) which might be interfering with your browser's normal operation.

The RXToolbar adware is still present in your log. Please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Download the Killbox utility and save it to your desktop or another convenient folder.
- Right-click on the downloaded killbox.zip file.
- Choose "Extract all..." from the drop-down context menu.
- Follow the file extraction wizard's prompts to extract the killbox.exe program file.

* Download and install the most current updates for ewido.

* Close all open programs/windows, (especially web browsers). Run another HijackThis scan, put a check in the box to the left of the following entry, and then click the "Fix Checked" button:

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

* Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Log in to the Administrator account.

* Open Killbox.

- In the "Full Path of File to Delete" box, copy and paste the following
C:\Program Files\RXToolBar\sfcont.dll

Does the BIOS see slave drives on the Secondary IDE channel?

Hi goodwill,

The HJT log you attached is slightly incomplete (it's missing some important header information). Also- we need to see the log pasted directly into your post instead of attached ads a Word file. Here's how you can do that:

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". The log file will open in Windows Notepad once you save it; cut-n-paste the entire contents of the file from Notepad and post it here.

Let's start with the following:

Download the free HijackThis utility. Once downloaded, follow these instructions to install and run the program:

Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".
Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log". The log file will open in Windows Notepad once you save it; cut-n-paste the entire contents of the file from Notepad and post it here.

.

That log looks very light on content; were you running HJT while Windows was booted in Safe Mode? If so, please give us a log done with Windows booted normally.

Looks to me like you may be vulnerable (or already attacked) to the Microsoft RPC buffer overrun exploit (Blaster worm).

Pretty damn close- it's one of the RBot/SDBot variants, some of which do indeed exploit the RPC vulnerability. :)

This is the evident culprit:
O4 - HKLM\..\Run: [Microsoft Windows Game Updater] msgame32.exe

You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out these instructions or save them into a text file with Notepad.

* Download and install the most current updates for AVG.

* Close all open programs/windows, (especially web browsers). Run HijackThis again, put a check in the box to the left of the above entry, and then click the "Fix checked" button. Close HJT once the fix completes.

* Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Log in to the Administrator account.

* Run a full system scan with AVG; have it fix all malicious items it finds.

* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide …

i noticed that both the CRT monitor and LCD cable had only 14 pins and were thick and heavy. the new cable had 15 pins and was not as thick and very light.

Bingo- it's the thickness/sturdiness/quality of the cable that you need to look for. The heavier-duty cables are better shielded (grounded) than the cheap, thin cables, and the wire they use is of higher quality. (The missing pin on the sub-mini D connector, however, is normal; it's pin #9, which carries no signal.)

i DO have a DVI port on the back of the monitor, however, my graphics card seems to support just the VGA one. are there adaptors available for the 2?

Not all types of DVI connectors carry the analog as well as the digital signals, but if your monitor has the type of DVI connector that does, VGA->DVI adapters are available.

Look at the DVI side of the adapter below; the four pins insde the cross at the right of the connector are the analog (VGA) lines. If your monitor has a connector like that, you should be in business:

[IMG]http://www.stevewolfonline.com/Downloads/DMR/Tech%20Uploads/DVI-VGA%20Adapter.jpg[/IMG]

OK- let's try this:

1. Disable System Restore. Instructions and a short explanation are here.

2. Reboot into Safe Mode again, run ewido as before, and have it fix the SpyHeal Registry entries. Save the ewido log.

3. Reboot normally and run ewido one more time. Post that log and the ewido log done in Safe Mode.

This one is being difficult, and I don't have a lot of information on it because it's a very new infection. Frustrating...

I'll need to check with a couple of other sources to see if I can get more details on the infections; please try to bear with me....

Yes- "out of range" means that the horizontal and/or vertical video scan rates being used fall outside the ranges supported by the monitor. Please give us some details on the hardware.

Hi Mike, welcome aboard! :)

Hi sukhi,

This particular forum (Geek's Lounge) is just for chatting, not for asking/answering technical questions. You need to post this question in the programming forum that relates to the particular language you're interested in.
:)

Cuz motht uf uth ur kinda thtupid; we don' know no nutin bout none dem com-plex tings.

:mrgreen:

(Secure passwords: at least eight characters, consisting of a mix of upper-case & lower-case letters, numerals, and special characters. acl6379's example is a good one.)

Hey Dani,

My original response to your last question went POOF! when that *cough* power surge *cough* took out the database, so here it is again:

Are the F@H services just two separate instances of the same process, or are they actually two different services/processes (with two different names)? I'm not familiar with F@H running on MP machines, so any details that you can give me would help with the batch file.

*Spank!**Spank!*

If the F@H process is really running as a service, there are two things you can do:

1. Open the Services utility in your Administrative Tools control panel and locate the F@H service. Double-clicking on the service name will open a Properties window within which you'll find Start/Stop/Pause buttons.

2. Copy the following into a new text file and name it something like FoldingToggle.bat (obviously replacing servicename with the actual name of the F@H service), and then put a shortcut to the batch file someplace convenient like your quickstart tray.
When run, the batch file will check the current state of the service and toggle it to the opposite state:

@echo off

sc interrogate [I]servicename[/I] | find "1062"
if %errorlevel%==0 goto :sc_start
sc stop [I]servicename[/I]
exit

:sc_start
sc start [I]servicename[/I]
exit

in the add/remove screen it still says that kazaa is there but it now comes up with a message when i try to remove it.

Sometimes remnants of programs that have been uninstalled get "stuck" in the Add/Remove Programs control panel's list and need to be removed manually. To remove the Kazaa entry from the control panel, see this Microsoft support article.

* {1D6711C8-7154-40BB-8380-3DEA45B69CBF} is Kazaa-related; have HJT fix that entry.

* The following malicious entry should have been deleted if all went well:
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
Habve HJT fix the above entry, reboot the computer, and run another HJT scan. Let us know whether or not theentry reappears.

You're welcome :)

...but how did you get 240 in the first place?

It's probably 256MB total RAM minus 16MB reserved for video RAM.

when we boot the system in safe mode what are the files shown before booting the system??

What you are seeing is the list of core files that Windows loads in Safe Mode.

i have some files in my startup list & when we boot using safe mode will those files be executed??

In Safe Mode, Windows loads only the minimal set of programs/processes/drivers/services. Programs referenced in your Startup folder and other "autorun" locations will be bypassed.

will drivers be loaded when v use safe mode??

In terms of drivers, Windows' basic/generic mouse, keyboard, VGA video, and storage drivers are loaded, but not much else.