Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: Downloader Trojan System Still Slow

  1. 2009-11-01, 02:46 #1
    lovebohn
    lovebohn is offline
    Junior Member
    Join Date
    Nov 2009
    Posts
    17

    Default Downloader Trojan System Still Slow

    A family members system was found to have the downloader trojan. It has symantec antivirus which didn't seem to solve the problem I have run AVG and did a spybot before i found this forum. I turned off the antivirus used Erunit and will post the Hijack This text on the next post.

    Dave

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:48:44 PM, on 10/31/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...ls/Coupons.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Filter hijack: text/html - {7e0a0874-239b-43ac-a24b-c8d0f4eb66ee} - C:\WINDOWS\system32\xwreg32.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 4670 bytes
    Last edited by tashi; 2009-11-01 at 03:32. Reason: Merged two posts :-)
  2. 2009-11-02, 17:29 #2
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,123

    Default

    Hello and to Safer Networking

    My name is peku006 and I will be helping you to remove any infection(s) that you may have.
    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    Please observe these rules while we work:

    • If you don't know or understand something please don't hesitate to ask
    • Please DO NOT run any other tools or scans whilst I am helping you.
    • It is important that you reply to this thread. Do not start a new topic.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    • Absence of symptoms does not mean that everything is clear.


    You are operating multiple Anti Virus programs on your computer:
    • AVG8
      Symantec AntiVirus


    It is NOT safe to have more than one anti-virus installed on a system, and that doing so not only does not provide better protection, it will actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it WILL cause crashes! You MUST remove all but one anti-virus program.

    • Click Start
    • Go to Control Panel
    • Go to Add/Remove Programs
    • Find and click Remove for the following (if present):



    1 - download and run RSIT

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)


    2 - Status Check
    Please reply with

    1.the logs from RSIT (log.txt ,info.txt)

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  3. 2009-11-04, 03:56 #3
    lovebohn
    lovebohn is offline
    Junior Member
    Join Date
    Nov 2009
    Posts
    17

    Default

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Owner at 2009-11-03 20:55:25
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 25 GB (65%) free of 38 GB
    Total RAM: 1022 MB (63% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:55:38 PM, on 11/3/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\LMIGuardian.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner.JEANNE.000\My Documents\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Owner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...ls/Coupons.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Filter hijack: text/html - {7e0a0874-239b-43ac-a24b-c8d0f4eb66ee} - C:\WINDOWS\system32\xwreg32.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 4992 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {CCC7A320-B3CA-4199-B1A6-9F516DD69829}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
    "vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [2003-05-21 90112]
    "LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
    C:\PROGRA~1\AVG\AVG8\avgtray.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-05-28 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Image Transfer.lnk]
    C:\PROGRA~1\SONYCO~1\IMAGET~1\SonyTray.exe []

    C:\Documents and Settings\Owner.JEANNE.000\Start Menu\Programs\Startup
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
    C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    C:\WINDOWS\System32\NavLogon.dll [2003-05-21 45056]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"
    "C:\Program Files\Extended Systems\OneBridge Desktop Connector\DesktopConnector.exe"="C:\Program Files\Extended Systems\OneBridge Desktop Connector\DesktopConnector.exe:*:Enabled:DesktopConnector"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    shell\AutoRun\command - F:\LaunchU3.exe -a


    ======List of files/folders created in the last 1 months======

    2009-11-03 20:55:25 ----D---- C:\rsit
    2009-11-03 20:44:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\LogMeIn
    2009-11-03 20:43:53 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
    2009-11-03 20:43:53 ----A---- C:\WINDOWS\system32\LMIport.dll
    2009-11-03 20:43:36 ----A---- C:\WINDOWS\system32\LMIinit.dll
    2009-11-03 20:43:15 ----D---- C:\Program Files\LogMeIn
    2009-10-31 19:35:31 ----D---- C:\WINDOWS\ERDNT
    2009-10-31 19:34:53 ----D---- C:\Program Files\ERUNT
    2009-10-31 19:27:48 ----D---- C:\Program Files\Trend Micro
    2009-10-24 22:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
    2009-10-17 07:45:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
    2009-10-17 07:38:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
    2009-10-17 07:38:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
    2009-10-17 07:38:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
    2009-10-17 07:38:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
    2009-10-17 07:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
    2009-10-17 07:34:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
    2009-10-17 06:56:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
    2009-10-17 06:55:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
    2009-10-16 14:26:43 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-10-16 14:26:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-10-07 20:33:10 ----D---- C:\Documents and Settings\Owner.JEANNE.000\Application Data\Mozilla
    2009-10-07 20:31:57 ----D---- C:\Program Files\Mozilla Firefox
    2009-10-07 18:32:10 ----D---- C:\Documents and Settings\Owner.JEANNE.000\Application Data\AVG8
    2009-10-07 15:39:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2009-10-06 22:38:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
    2009-10-06 22:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
    2009-10-06 21:47:12 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
    2009-10-06 21:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
    2009-10-06 21:43:37 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
    2009-10-06 21:42:29 ----D---- C:\WINDOWS\ie8updates
    2009-10-06 21:39:41 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
    2009-10-05 22:02:46 ----HD---- C:\$AVG8.VAULT$
    2009-10-05 21:03:25 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-10-05 20:53:48 ----D---- C:\Program Files\AVG
    2009-10-05 20:53:39 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
    2009-10-05 20:35:58 ----D---- C:\Documents and Settings\Owner.JEANNE.000\Application Data\U3
    2009-10-05 20:24:58 ----D---- C:\WINDOWS\Prefetch
    2009-10-04 21:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
    2009-10-04 21:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
    2009-10-04 21:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
    2009-10-04 21:08:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
    2009-10-04 21:06:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
    2009-10-04 21:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
    2009-10-04 21:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
    2009-10-04 21:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
    2009-10-04 21:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
    2009-10-04 20:58:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-10-04 20:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
    2009-10-04 20:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
    2009-10-04 20:53:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
    2009-10-04 20:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
    2009-10-04 20:50:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
    2009-10-04 20:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-10-04 20:47:32 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
    2009-10-04 20:46:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-10-04 20:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
    2009-10-04 20:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2009-10-04 20:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2009-10-04 20:39:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2009-10-04 20:38:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2009-10-04 20:36:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2009-10-04 20:35:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2009-10-04 20:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
    2009-10-04 20:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2009-10-04 20:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2009-10-04 20:28:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2009-10-04 20:26:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2009-10-04 20:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2009-10-04 20:23:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
    2009-10-04 20:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2009-10-04 20:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2009-10-04 20:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2009-10-04 20:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
    2009-10-04 20:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2009-10-04 20:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2009-10-04 20:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2009-10-04 20:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2009-10-04 20:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2009-10-04 20:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
    2009-10-04 19:54:57 ----D---- C:\WINDOWS\system32\scripting
    2009-10-04 19:54:53 ----D---- C:\WINDOWS\l2schemas
    2009-10-04 19:54:52 ----D---- C:\Program Files\msn
    2009-10-04 19:54:51 ----D---- C:\WINDOWS\system32\en
    2009-10-04 19:44:56 ----D---- C:\WINDOWS\network diagnostic
    2009-10-04 19:08:48 ----D---- C:\WINDOWS\WBEM
    2009-10-04 19:07:04 ----HDC---- C:\WINDOWS\ie8
    2009-10-04 19:07:04 ----D---- C:\WINDOWS\system32\en-US

    ======List of files/folders modified in the last 1 months======

    2009-11-03 20:51:05 ----D---- C:\WINDOWS\Temp
    2009-11-03 20:51:01 ----D---- C:\WINDOWS
    2009-11-03 20:50:23 ----D---- C:\WINDOWS\SYSTEM32
    2009-11-03 20:49:03 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-11-03 20:48:51 ----D---- C:\WINDOWS\system32\DRIVERS
    2009-11-03 20:46:07 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-11-03 20:44:04 ----HD---- C:\Config.Msi
    2009-11-03 20:44:03 ----SHD---- C:\WINDOWS\Installer
    2009-11-03 20:43:48 ----HD---- C:\WINDOWS\INF
    2009-11-03 20:43:37 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-11-03 20:43:15 ----RD---- C:\Program Files
    2009-11-03 20:32:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-10-31 13:26:41 ----RASH---- C:\boot.ini
    2009-10-31 13:26:40 ----A---- C:\WINDOWS\win.ini
    2009-10-31 13:26:40 ----A---- C:\WINDOWS\system.ini
    2009-10-24 22:04:29 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
    2009-10-24 20:55:15 ----HD---- C:\WINDOWS\$hf_mig$
    2009-10-17 07:45:30 ----A---- C:\WINDOWS\imsins.BAK
    2009-10-17 07:45:22 ----D---- C:\WINDOWS\WinSxS
    2009-10-08 20:07:42 ----D---- C:\Program Files\Shared
    2009-10-07 20:31:24 ----D---- C:\WINDOWS\system32\Restore
    2009-10-07 15:42:52 ----D---- C:\Program Files\Internet Explorer
    2009-10-06 21:15:34 ----D---- C:\WINDOWS\Help
    2009-10-05 21:05:56 ----SHD---- C:\RECYCLER
    2009-10-05 21:03:51 ----D---- C:\Documents and Settings
    2009-10-05 20:53:06 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2009-10-05 20:49:16 ----D---- C:\I386
    2009-10-05 20:30:23 ----A---- C:\WINDOWS\OEWABLog.txt
    2009-10-05 20:26:53 ----A---- C:\WINDOWS\setuplog.txt
    2009-10-05 20:24:27 ----D---- C:\WINDOWS\system32\WBEM
    2009-10-05 20:24:27 ----D---- C:\WINDOWS\system32\Setup
    2009-10-05 20:24:27 ----D---- C:\WINDOWS\AppPatch
    2009-10-05 20:24:25 ----RSD---- C:\WINDOWS\Fonts
    2009-10-04 21:16:08 ----D---- C:\WINDOWS\SECURITY
    2009-10-04 21:13:40 ----D---- C:\WINDOWS\system32\CatRoot
    2009-10-04 21:08:03 ----D---- C:\Program Files\Outlook Express
    2009-10-04 20:11:08 ----D---- C:\Program Files\Messenger
    2009-10-04 19:55:27 ----D---- C:\WINDOWS\IME
    2009-10-04 19:54:59 ----D---- C:\WINDOWS\system32\USMT
    2009-10-04 19:54:51 ----D---- C:\WINDOWS\system32\bits
    2009-10-04 19:54:50 ----D---- C:\WINDOWS\peernet
    2009-10-04 19:54:50 ----D---- C:\Program Files\Movie Maker
    2009-10-04 19:49:54 ----D---- C:\WINDOWS\system32\NPP
    2009-10-04 19:49:52 ----D---- C:\WINDOWS\MSAGENT
    2009-10-04 19:49:50 ----D---- C:\WINDOWS\SRCHASST
    2009-10-04 19:49:49 ----D---- C:\Program Files\NetMeeting
    2009-10-04 19:49:47 ----D---- C:\WINDOWS\system32\Com
    2009-10-04 19:49:40 ----D---- C:\Program Files\Windows Media Player
    2009-10-04 19:49:39 ----D---- C:\Program Files\Windows NT
    2009-10-04 19:49:30 ----D---- C:\Program Files\Common Files\System
    2009-10-04 19:48:46 ----D---- C:\WINDOWS\system32\OOBE
    2009-10-04 19:48:43 ----D---- C:\WINDOWS\SYSTEM
    2009-10-04 19:42:00 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-10-04 19:41:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
    2009-10-04 19:32:55 ----D---- C:\WINDOWS\EHome
    2009-10-04 19:09:02 ----D---- C:\WINDOWS\system32\CONFIG
    2009-10-04 19:08:28 ----D---- C:\WINDOWS\Media

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
    R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
    R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
    R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
    R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
    R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
    R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
    R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
    R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
    R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
    R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
    R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-05-28 500568]
    R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
    S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
    S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2004-06-21 51088]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2004-06-21 21744]
    S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 NAVAP;NAVAP; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys []
    S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091016.003\NAVENG.sys []
    S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091016.003\NAVEX15.sys []
    S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
    S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-06-21 16509]
    S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
    S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
    S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 DefWatch;DefWatch; C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe [2003-05-21 32768]
    R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
    R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
    R2 Norton AntiVirus Server;Symantec AntiVirus Client; C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2003-05-21 610304]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-03-18 65536]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------
  4. 2009-11-04, 03:57 #4
    lovebohn
    lovebohn is offline
    Junior Member
    Join Date
    Nov 2009
    Posts
    17

    Default

    info.txt logfile of random's system information tool 1.06 2009-11-03 20:55:44

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ACH Origination Application-->MsiExec.exe /I{59C50F14-2BEE-4EA2-9409-BB04FEBB3501}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
    Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
    Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
    Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
    Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
    HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
    HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
    HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
    Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
    LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
    LogMeIn-->MsiExec.exe /I{34F93E31-E1A0-421C-8E86-BCF7C4193A91}
    Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
    Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
    Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
    Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WordPerfect Office 2002-->C:\WINDOWS\Corel\uninst32.exe
    WordPerfect Office 2002-->C:\WINDOWS\Corel\Uninst32.exe
    Yahoo! Mail Quick Select Tool (PhotoMail)-->C:\PROGRA~1\Yahoo!\Common\unymb.exe

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======System event log======

    Computer Name: JEANNE
    Event Code: 7023
    Message: The Application Management service terminated with the following error:
    The specified module could not be found.


    Record Number: 10776
    Source Name: Service Control Manager
    Time Written: 20090118182025.000000-360
    Event Type: error
    User:

    Computer Name: JEANNE
    Event Code: 7023
    Message: The Application Management service terminated with the following error:
    The specified module could not be found.


    Record Number: 10773
    Source Name: Service Control Manager
    Time Written: 20090118182025.000000-360
    Event Type: error
    User:

    Computer Name: JEANNE
    Event Code: 7023
    Message: The Application Management service terminated with the following error:
    The specified module could not be found.


    Record Number: 10770
    Source Name: Service Control Manager
    Time Written: 20090118182025.000000-360
    Event Type: error
    User:

    Computer Name: JEANNE
    Event Code: 7023
    Message: The Application Management service terminated with the following error:
    The specified module could not be found.


    Record Number: 10767
    Source Name: Service Control Manager
    Time Written: 20090118182024.000000-360
    Event Type: error
    User:

    Computer Name: JEANNE
    Event Code: 7023
    Message: The Application Management service terminated with the following error:
    The specified module could not be found.


    Record Number: 10764
    Source Name: Service Control Manager
    Time Written: 20090118182024.000000-360
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: JEANNE
    Event Code: 6
    Message:


    Scan could not open file C:\WINDOWS\SYSTEM32\CONFIG\SECURITY [00000003]

    Record Number: 69403
    Source Name: Norton AntiVirus
    Time Written: 20090804043014.000000-300
    Event Type: warning
    User:

    Computer Name: JEANNE
    Event Code: 6
    Message:


    Scan could not open file C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG [00000003]

    Record Number: 69402
    Source Name: Norton AntiVirus
    Time Written: 20090804043014.000000-300
    Event Type: warning
    User:

    Computer Name: JEANNE
    Event Code: 6
    Message:


    Scan could not open file C:\WINDOWS\SYSTEM32\CONFIG\SAM [00000003]

    Record Number: 69401
    Source Name: Norton AntiVirus
    Time Written: 20090804043014.000000-300
    Event Type: warning
    User:

    Computer Name: JEANNE
    Event Code: 6
    Message:


    Scan could not open file C:\WINDOWS\SYSTEM32\CONFIG\default.LOG [00000003]

    Record Number: 69400
    Source Name: Norton AntiVirus
    Time Written: 20090804043014.000000-300
    Event Type: warning
    User:

    Computer Name: JEANNE
    Event Code: 6
    Message:


    Scan could not open file C:\WINDOWS\SYSTEM32\CONFIG\default [00000003]

    Record Number: 69399
    Source Name: Norton AntiVirus
    Time Written: 20090804043014.000000-300
    Event Type: warning
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0207
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

    -----------------EOF-----------------
  5. 2009-11-04, 10:00 #5
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,123

    Default

    Hi

    1 - Remove bad HijackThis entries
    • Run HijackThis
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):

      • O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
        O18 - Filter hijack: text/html - {7e0a0874-239b-43ac-a24b-c8d0f4eb66ee} - C:\WINDOWS\system32\xwreg32.dll

    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.


    2 - Malwarebytes' Anti-Malware

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Full Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    3 - Run Hijackthis
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

    4 - Status Check
    Please reply with

    1. the Malwarebytes' Anti-Malware Log
    2. a fresh HijackThis log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  6. 2009-11-05, 03:28 #6
    lovebohn
    lovebohn is offline
    Junior Member
    Join Date
    Nov 2009
    Posts
    17

    Default

    it would not delete 018. I will move forward with the other steps.
  7. 2009-11-05, 04:18 #7
    lovebohn
    lovebohn is offline
    Junior Member
    Join Date
    Nov 2009
    Posts
    17

    Default

    Malwarebytes' Anti-Malware 1.41
    Database version: 3103
    Windows 5.1.2600 Service Pack 3

    11/4/2009 9:16:42 PM
    mbam-log-2009-11-04 (21-16-42).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 231915
    Time elapsed: 44 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.
  8. 2009-11-05, 04:26 #8
    lovebohn
    lovebohn is offline
    Junior Member
    Join Date
    Nov 2009
    Posts
    17

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:26:14 PM, on 11/4/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...ls/Coupons.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Filter hijack: text/html - {7e0a0874-239b-43ac-a24b-c8d0f4eb66ee} - C:\WINDOWS\system32\xwreg32.dll
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    --
    End of file - 4577 bytes
  9. 2009-11-05, 10:16 #9
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,123

    Default

    Hi lovebohn

    We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    If you need help to disable your protection programs see here.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  10. 2009-11-09, 04:20 #10
    lovebohn
    lovebohn is offline
    Junior Member
    Join Date
    Nov 2009
    Posts
    17

    Default

    ComboFix 09-11-08.03 - Owner 11/08/2009 19:20.1.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.626 [GMT -6:00]
    Running from: c:\documents and settings\Owner.JEANNE.000\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\INSTALL.LOG
    c:\program files\Shared
    c:\recycler\S-1-5-21-3152490731-1469953393-3772677915-1006
    c:\recycler\S-1-5-21-746137067-1383384898-725345543-1003
    c:\windows\COUPON~1.OCX
    c:\windows\CouponPrinter.ocx

    .
    ((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
    .

    2009-11-05 02:29 . 2009-11-05 02:29 -------- d-----w- c:\documents and settings\Owner.JEANNE.000\Application Data\Malwarebytes
    2009-11-05 02:28 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-05 02:28 . 2009-11-05 02:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-05 02:28 . 2009-11-05 02:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
    2009-11-05 02:28 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-04 02:55 . 2009-11-04 02:55 -------- d-----w- C:\rsit
    2009-11-04 02:44 . 2009-11-04 02:44 -------- d-----w- c:\documents and settings\Owner.JEANNE.000\Local Settings\Application Data\LogMeIn
    2009-11-04 02:44 . 2009-11-04 02:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\LogMeIn
    2009-11-04 02:43 . 2009-11-04 02:43 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\ICS
    2009-11-04 02:43 . 2009-09-29 01:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2009-11-04 02:43 . 2009-09-29 01:34 28984 ----a-w- c:\windows\system32\LMIport.dll
    2009-11-04 02:43 . 2008-08-11 18:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
    2009-11-04 02:43 . 2009-09-29 01:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
    2009-11-04 02:43 . 2009-11-09 00:07 -------- d-----w- c:\program files\LogMeIn
    2009-11-04 02:33 . 2009-10-08 03:40 3510552 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgui.exe
    2009-11-01 01:34 . 2009-11-01 01:35 -------- d-----w- c:\program files\ERUNT
    2009-11-01 01:27 . 2009-11-01 01:27 -------- d-----w- c:\program files\Trend Micro
    2009-10-25 02:44 . 2009-10-08 03:41 2064152 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgcorex.dll
    2009-10-25 02:32 . 2009-10-25 02:32 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY.000\IETldCache
    2009-10-17 13:58 . 2009-10-17 13:57 2025752 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgtray.exe
    2009-10-16 20:26 . 2009-10-16 20:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-10-16 20:26 . 2009-10-16 20:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-04 02:48 . 2009-10-06 02:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
    2009-10-16 20:40 . 2009-10-06 02:35 -------- d-----w- c:\documents and settings\Owner.JEANNE.000\Application Data\U3
    2009-10-08 22:21 . 2009-10-06 22:06 1142552 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.exe
    2009-10-08 02:33 . 2009-10-08 02:33 0 ----a-w- c:\windows\nsreg.dat
    2009-10-08 00:32 . 2009-10-08 00:32 -------- d-----w- c:\documents and settings\Owner.JEANNE.000\Application Data\AVG8
    2009-10-06 02:54 . 2009-10-06 22:06 1423640 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.dll
    2009-10-06 02:54 . 2009-10-06 22:06 582936 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgiproxy.exe
    2009-10-06 02:54 . 2009-10-06 22:06 746264 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avginet.dll
    2009-10-06 02:53 . 2009-10-06 02:53 -------- d-----w- c:\program files\AVG
    2009-10-05 02:01 . 2005-03-22 00:15 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
    2009-09-11 14:18 . 2002-09-03 16:46 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-04 21:03 . 2002-09-03 16:44 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-29 08:08 . 2005-02-18 21:19 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-26 08:00 . 2002-09-03 17:05 247326 ----a-w- c:\windows\system32\strmdll.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2009-09-29 01:34 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Image Transfer.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Image Transfer.lnk
    backup=c:\windows\pss\Image Transfer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Owner.JEANNE.000^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
    path=c:\documents and settings\Owner.JEANNE.000\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [11/3/2009 8:43 PM 47640]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MBR
    *NewlyCreated* - PROCEXP113
    *Deregistered* - mbr
    *Deregistered* - PROCEXP113
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = 127.0.0.1
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Owner.JEANNE.000\Application Data\Mozilla\Firefox\Profiles\rizmjppl.default\
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-08 19:30
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(484)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    Completion time: 2009-11-09 19:33
    ComboFix-quarantined-files.txt 2009-11-09 01:33

    Pre-Run: 25,518,088,192 bytes free
    Post-Run: 25,784,819,712 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

    - - End Of File - - B4A13C8D93BAB534081104583A2783F3
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules