| |
| | |
| Thread Tools |
|
10-Jul-2009, 11:42 PM
#16 |
| Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:23:45 PM, on 7/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe (this is the nview desktop manager using this) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Notepad++\notepad++.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe (I INSERTED THE ABOUT:BLANK ON PURPOSE, I KEEP IE LIKE THAT) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe |
| |
|
10-Jul-2009, 11:43 PM
#17 |
| "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++} "Flags" = dword:0x00000080 HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}\(Default) = "Internet Explorer Version Update" \StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS] >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{7850a720-705f-11d0-a9eb-0080488625e5}" = "BestCrypt Shell Extension" -> {HKLM...CLSID} = "BestCrypt Shell Extension" \InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook" -> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook" \InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ BCShellMenu\(Default) = "{7850a720-705f-11d0-a9eb-0080488625e5}" -> {HKLM...CLSID} = "BestCrypt Shell Extension" \InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."] LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}" -> {HKLM...CLSID} = "Lavasoft Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [file not found] Notepad++\(Default) = "{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}" -> {HKLM...CLSID} = "Notepad++" \InProcServer32\(Default) = "C:\Program Files\Notepad++\nppcm.dll" ["Burgaud.com"] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["eFront Media, Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ BCShellMenu\(Default) = "{7850a720-705f-11d0-a9eb-0080488625e5}" -> {HKLM...CLSID} = "BestCrypt Shell Extension" \InProcServer32\(Default) = "BCShExt.dll" ["Jetico, Inc."] LavasoftShellExt\(Default) = "{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F}" -> {HKLM...CLSID} = "Lavasoft Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll" [file not found] MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}" -> {HKLM...CLSID} = "PowerArchiver Shell Extensions" \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["eFront Media, Inc."] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ "DisableCMD" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Disable the command prompt} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Ha ndlers\ MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalo g5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog 9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = "LEXLMPM.DLL" [file not found] ---------- (launch time: 2009-07-10 17:18:20) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 8 seconds. ---------- (total run time: 59 seconds) |
|
10-Jul-2009, 11:44 PM
#18 |
| ROOTREPEAL (c) AD, 2007-2008 ================================================== Scan Time: 2009/07/10 16:16 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xEE9AF000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF8C16000 Size: 8192 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xBA019000 Size: 45056 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\DellDriverDownloadMan ager.exe.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\DellDriverDownloadMan ager.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\DellDriverDownloadMan ager.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Core.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Core.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\DellDriverDownloadMan ager.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Interop.IWshRuntimeLi brary.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Interop.IWshRuntimeLi brary.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\stdole.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\stdole.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Xceed.Compression.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Xceed.Compression.man ifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Administrator\Local Settings\Apps\2.0\ZLCYOG51.RAJ\K7L9ABL9.153\manifests\Dell.eSupport.Downloa dManager.Localization.resources.manifest Status: Locked to the Windows API! |
|
10-Jul-2009, 11:44 PM
#19 |
| Malwarebytes' Anti-Malware 1.38 Database version: 2405 Windows 5.1.2600 Service Pack 3 7/10/2009 5:46:23 PM mbam-log-2009-07-10 (17-46-23).txt Scan type: Full Scan (C:\|) Objects scanned: 117500 Time elapsed: 20 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
10-Jul-2009, 11:46 PM
#20 |
| GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-10 20:44:07 Windows 5.1.2600 Service Pack 3 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2964] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Services - GMER 1.0.15 ---- (I HAVE CHANGED A LOT OF SERVICES SO PART OF THIS MIGHT BE DUE TO ME) Service C:\WINDOWS\System32\alg.exe? (*** hidden *** ) [DISABLED] ALG <-- ROOTKIT !!! Service C:\WINDOWS\system32\cisvc.exe? (*** hidden *** ) [MANUAL] cisvc <-- ROOTKIT !!! Service C:\WINDOWS\system32\clipsrv.exe? (*** hidden *** ) [AUTO] ClipSrv <-- ROOTKIT !!! Service C:\WINDOWS\system32\imapi.exe? (*** hidden *** ) [MANUAL] ImapiService <-- ROOTKIT !!! Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] PolicyAgent <-- ROOTKIT !!! Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] ProtectedStorage <-- ROOTKIT !!! Service C:\WINDOWS\system32\spoolsv.exe? (*** hidden *** ) [AUTO] Spooler <-- ROOTKIT !!! Service C:\WINDOWS\System32\ups.exe? (*** hidden *** ) [MANUAL] UPS <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1 ---- EOF - GMER 1.0.15 ---- |
|
10-Jul-2009, 11:48 PM
#21 | |
| Quote:
|
|
11-Jul-2009, 07:09 PM
#23 | |
| Quote:
C:\boot.ini C:\WINDOWS\pss\boot.ini.backup they have the same content: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn I have not edited either one. |
12-Jul-2009, 04:36 AM
#24 | |||||||
| Dear needafix, I think we've hit payload! Microsoft had to address this problem after complaints that the Mouse and Keyboard were not functioning in safe mode ,but were working normally in normal mode! This ,MS attributes to a missing or corrupted registry key/s. View this link :http://support.microsoft.com/default.aspx?scid=kb;en-us;258795&Product=win2000 |
|
12-Jul-2009, 02:01 PM
#25 | |
| Quote:
I don't have access to another comp (I have a WinMe box) to copy this data but, over the past month several programs have backed up the registry before cleaning so I searched for *.reg Containing text: {4D36E96B-E325-11CE-BFC1-08002BE10318} and {4D36E96F-E325-11CE-BFC1-08002BE10318} Rendered some interesting results. One was made by PCPitstop which is the entire registry at 42,442KB. That's a bit extreme for fixing this though but will if I have no choice though that could overwrite something and create more problems. More interesting is: Restore_SafeBoot_Windows2000.reg Restore_SafeBoot_WindowsXP.reg Restore_SafeBoot_WindowsXP_SP2.reg Restore_SafeBoot_WindowsXP_SP3.reg ...that came packed with SDFix by Andy Manchesta. It was SDFix that was one of the bug hunting programs that I wanted to run in safe mode and then found out that I don't ever see any safe mode option listed on the black screen with white letters. Once I did, when I pulled the plug on this thing but not since then. It was then that I found out that the mouse and keyboard didn't function. Since then, no safe mode option has ever appeared. So I used the Restore_SafeBoot_WindowsXP_SP3.reg but still nothing has changed. So I tried to reboot to see if the safe mode option appears. It doesn't, but... 1. If I use the F8 key Windows continues to boot normally but at the log in screen the mouse and keyboard don't work. I had to use the power button and reboot twice to get the mouse and keyboard back at normal boot. 2. At boot up there is a black screen with white letters that says F1 (might be F2) is "Setup" and that F12 is "Boot Menu." "Boot Menu" appears but there is no safe mode option listed. So I select #1, normal, then again at the log in screen the mouse and keyboard don't function so it's back to the power button. So F1 (maybe F2, I forget) faithfully goes to the BIOS but F8 and F12 throw a rod. So trying to get the keyboard and mouse to work in safe mode is me getting the cart before the horse without first finding out why or fixing the fact that no safe mode option appears. So that should be first or I'm attempting to fix something I can't test or use anyhow. If I see the safe mode option after pulling the power cord but I don't see it on the "Boot Menu" at the F12 that has the illusion that there are 2 BIOS'. Last edited by needafix; 12-Jul-2009 at 02:14 PM.. |
|
12-Jul-2009, 04:22 PM
#26 |
| I see there is a way to force feed it over here: http://forums.techguy.org/t402355.html Post #5 "Actually, if you go to msconfig ( click Start, Run, and then type in msconfig and hit Enter) the system configuration utility box comes up. You should see several tabs across the top. One of them, when selected, has, in the middle of the page, a box you can check that says "Safe Boot". . check that box, and then click Apply and Ok and it will prompt you to restart the computer. . do this, and then it will boot up in Safe Mode." Keyboard and mouse work fine under this circumstance. That let me run SDFix. |
12-Jul-2009, 11:01 PM
#27 | |||||||
| Dear needafix, This is a challenge for us both! My help and prayers are with you! Prayers WORK! Gotta go to attend classes! will get back ASAP! Best wishes! ![]() |
13-Jul-2009, 04:07 AM
#28 | |||||||
| Dear needafix, Should have asked you in the beginning! Were you getting any error message when you were trying to enter safe mode? If i have missed it,pardon me! ![]() |
14-Jul-2009, 10:57 AM
#30 | |||||||
| Dear needafix, Please try this method and see how it goes! :http://www.eggheadcafe.com/conversat...eadid=34179065 |

|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |

| Thread Tools | |
| |
| You Are Using: |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 01:30 PM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. | |

