Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Any ideas?


  • Please log in to reply

#1
JennaD

JennaD

    Member

  • Member
  • PipPip
  • 13 posts
Attached File  a2hijackfree_20060303_1044.xml   127.05KB   327 downloadsHere are my reports...could someone please help me? I found a file, boot.xmb, but I'm not running Linux. Get this on all computers in the house, although I have not networked them. Brand new and old ones. Am running Fix-It Professional, AVG 7.1, a squared hijack. This computer is Windows XP Professional but I have not updated to Svc Pk 2 yet. Things seems to worsen when I do. I have tried to fix the MBR, reformatted the HDD and reinstalled the O/S, etc. I've literally tried everything. Some computers have been revamped with the factory CD containing Windows XP Home, Svc Pk 2. I'm not sure how this is happening. As soon as I bring a new computer home and plug it into the wall, the Migration Wizard begins. Task magager shows mobsync is running. Yes, even before I plug the cables in for Internet access. Supposed to be impossible, but it isn't...trust me. I'm an Independent Landman and don't have anything I know of that anyone would possibly want. Had stalkers at my old house, but I moved 8 miles away. This was happening at the old house also. I'm really tired of it...have a lot of reports to post that show the problems. I tried performing an online check through a squared, but my browser will not engage with the link. I have more saved resports, but not enough room to post them. I am hardwired onto the Internet, and have not loaded all of the wan miniports that show up in my device manager. I also seem to have a lot of CD filter drivers loaded. I have more reports, but no room left to add them. Anyone know what's going on here?
Thanks so much for your time and assistance,

Jenna

Attached File  a2hijackfree_20060303_1044.xml   127.05KB   327 downloads

Attached Files


  • 0

Advertisements


#2
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
...what exactly is the problem?
  • 0

#3
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
I'm sorry,, but I do not even know what you are asking.

First, about a2hijack--the program is cumbersome. It saves files as XML, but does not give us anyway to view them/import them, etc...I mean, we can trudge through, them, but what a headache

What exactly is "wrong with the machines"

You're concerned about boot.xmb?

What kind of PCs are these?

boot.xmb could be a boot record that allows your PC to access the recovery partition on your PC, the thing that enables you to re-install your OS to factory condition.

What symptoms have you concerned
  • 0

#4
JennaD

JennaD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Well, it's a long story! I have a Gateway 700GR, an HP a867c, a Toshiba MX45laptop, and a Great Quality MX-3203. When I download software, any software, I become the client and it shows I'm connected to a server. Even though I'm supposed to be on a stand-alone computer right now...the Gateway, it shows I'm connected to a server named Lannman. That shows up on all of my computers. Any time I install an AV program, it shows two of them running in the task manager...one as a client. I don't have any of the computers networked right now...I only have the Gateway turned on.

When I go into the repair mode from the Windows XP CD and run FIXMBR, it tells me I have an unknown MBR and asks me if I'm sure I want to fix it. I, of course, say "yes". It tells me a new MBR has been written, and then I go right back in and it does the same thing.

When I go into LISTSVC, it lists about 6 pages of services. Most of them appear to be Windows normal services, but the descriptions are strange. It's not allowing me to reboot my computer unless sr is running. That's an sr besides the normal system restore service. If I disable that, then my computer tells me that the ntldr is missing and I have to go in and repair Windows and download it again. A lot of the other services have to do with downloading pci bridges and wan miniports. I'm not even running wireless. I have my computer connected directly to the roadrunner modem.

Additionally, I ran some registry report on CyberCops a while back and relayed the information via post. I was told that the reason my Windows program wasn't working was because I was running Linux! It seems to be booting from Linux Grub Boot Loader. When I tried to boot from a LIVE BOOT cd, a Linux desktop came up. Half of it was encrypted or in another language. I saw the little penguin and it had snow falling as the background screen. It had a way to get into Windows from SYSTEM, NT AUTHORITY, LOCAL SERVICE AND ADMINISTRATOR. The password for all 4 was "*". When I tried to delete or change the password, it reverted back to the "*" everytime I rebooted the machine.

In my registry, there are places that indicate I am not allowed to update any firmware, I cannot print from DOS, there are certain drivers I'm unable to get rid of, etc. When I change the entries in the registry, it just restores the previous registry as soon as I exit. I've been dealing with this for over a year. Every time I buy a new computer, the migration transfer wizard begins as soon as I plug it into the wall, and I have all of these strange miniports and pci bridges in my device manager. And the securities are changed before I have an opportunity to do anything...whether I have it password protected at the store before I bring it home or not.

I had someone "HELP" me with my computers before we moved. He had access to all of my computers (except the new ones I've purchased since we moved...October of last year). I confronted him (a Unix/Linux) 21 year old computer wiz, and he of course, denied having anything to do with any of this. He lived next door. So...we moved! I thought that would solve my problems.

Here's an example of something that's in my Windows\bdoscan8\lang.ini file. And my C: drive and C:\Windows drives begin with the drives:
.
..
WINDOWS
ETC, ETC, ETC.
And this is an example of just a minute portion of my C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\CompatMode.htm file. Mind you, this is on a brand new fresh install. I deleted the HDD with DriveScrubber, reformatted in NTFS (it showed to be formatted in Unix), and reinstalled the O/S...from the Windows XP Professional CD. Doesn't matter if I install from that CD or from a factory CD. I get the same files and same drivers. I can't even upgrade or flash my BIOS. It appears they are somehow bypassing my BIOS and installing their own "brand". Any ideas now? I didn't know Windows sent CD's out with the word "learnt" in their files. Sounds a little fishy to me! See the last line of the copied and pasted info below.

if (dictAutorun.Exists('open')) {
sApplication = dictAutorun.Item('open');
} else {
//
// no open verb -- we will try this - but what do we do with this item?
//
if (dictAutorun.Exists('shellexecute')) {
sApplication = dictAutorun.Item('shellexecute');
if (sApplication != null && sApplication.length) {
//
// BUGBUG - remove before we ship
//
// This case was never found in our testing
}
}
}

// convert sApplication into a friendly name
// see if sApplication has a friendly path

if (sApplication == null || !sApplication.length) {
return false;
}

//
// sApplicationLocation
//
if (sApplication.substr(0, 2) == '\\\\') {
// this is UNC, do not touch
;
} else if (sApplication.substr(1, 1) == ':') {
// has a drive name, do not touch
;
} else if (sApplication.substr(0, 1) == '%') {
// has env var in it -- do not touch
;
} else if (sApplication.substr(0, 1) == '\\') {
// prepend
sApplication = driveName.substr(0, 2) + sApplication;
} else {
sApplication = driveName + sApplication;
}

// sanitize parameters
sApplicationPath = removeParams(sApplication);


//
// make sure that whatever chemistry we did here -- it worked
//
if (!validateFile(sApplicationPath)) {
return false;
}

if (IsAutorun) {
g_sApplicationLocation = 'AutoRun (' + driveName + ')';
} else {
g_sApplicationLocation = 'Setup Application (' + driveName + ')';
}
g_sApplication = sApplication;
g_sApplicationDisplayName = sApplicationDisplayName;
g_sPersistPath = null;
g_sCmdLine = g_sApplication;
return true;
}

function ScanForAutorun() {
var driveLetter = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
var drive = null;
var dictAutorun = null;
var sAutorun;
var bRet = false;

for (i = 0; i < 26; ++i) {
driveName = driveLetter.charAt(i) + ':\\';
if (!g_fso.DriveExists(driveName)) {
continue;
}

drive = g_fso.GetDrive(driveName);
if (drive == null || drive.DriveType != 4 || !drive.IsReady) {
continue;
}

dictAutorun = ReadAutorunInf(driveName);
if (dictAutorun != null) {
break;
}
}

if (dictAutorun == null) {
return false;
}

//
// see what we have learnt



Call me a dumb blond, but I don't think the above is normal. There's junk like this all in my computers. And, again, I've never networked these particular computers. One has never even been on the Internet, and it's got the same junk. My computers use MUP and mobsync. Access is disabled to me from looking at any of the component services or giving myself any special permissions. Sometimes, when I encrypt my files, my computer shows a ghost user, and I am then denied access to my own files and unable to change the permissions. There's really a lot of weir stuff in here. Am attaching just a couple of my security files.

Any help would be greatly appreciated!

Here's my security log, say's I can't attach a file with .log extension?

-------------------------------------------
Thursday, March 02, 2006 8:23:49 PM
Administrative privileged user logged on.
Parsing template defltwk.inf.
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure User Rights...
Configure S-1-5-32-546.
remove SeInteractiveLogonRight.
Configure S-1-5-19.
add SeAuditPrivilege.
add SeIncreaseQuotaPrivilege.
add SeAssignPrimaryTokenPrivilege.
Configure S-1-5-20.
add SeAuditPrivilege.
add SeIncreaseQuotaPrivilege.
add SeAssignPrimaryTokenPrivilege.
Configure S-1-5-32-544.
add SeChangeNotifyPrivilege.
add SeUndockPrivilege.
add SeManageVolumePrivilege.
add SeRemoteInteractiveLogonRight.
Configure S-1-5-32-551.
add SeNetworkLogonRight.
add SeChangeNotifyPrivilege.
Configure S-1-5-32-547.
add SeChangeNotifyPrivilege.
add SeUndockPrivilege.
remove SeRemoteShutdownPrivilege.
remove SeIncreaseBasePriorityPrivilege.
remove SeRemoteInteractiveLogonRight.
Configure S-1-5-32-545.
add SeNetworkLogonRight.
add SeChangeNotifyPrivilege.
add SeUndockPrivilege.
Configure S-1-1-0.
remove SeInteractiveLogonRight.
remove SeShutdownPrivilege.
remove SeRemoteInteractiveLogonRight.
Configure S-1-5-21-1960408961-2147224713-839522115-501.
add SeInteractiveLogonRight.
add SeDenyNetworkLogonRight.
add SeDenyInteractiveLogonRight.
Configure S-1-5-32-555.
add SeRemoteInteractiveLogonRight.

User Rights configuration was completed successfully.


----Configure Group Membership...
Configure Users.
add INTERACTIVE.
add Authenticated Users.

Group Membership configuration was completed successfully.


----Configure Registry Keys...
Configure users\.default.
Configure users\.default\AppEvents.
Configure users\.default\Console.
Configure users\.default\Control Panel.
Configure users\.default\Environment.
Configure users\.default\Keyboard Layout.
Configure users\.default\UNICODE Program Groups.
Configure users\.default\software.
Configure users\.default\software\Policies.
Configure users\.default\software\microsoft.
Configure users\.default\software\microsoft\Clock.
Configure users\.default\software\microsoft\Command Processor.
Configure users\.default\software\microsoft\CTF.
Configure users\.default\software\microsoft\File Manager.
Configure users\.default\software\microsoft\Internet Explorer.
Configure users\.default\software\microsoft\Multimedia.
Configure users\.default\software\microsoft\Ntbackup.
Configure users\.default\software\microsoft\RegEdt32.
Configure users\.default\software\microsoft\Schedule+.
Configure users\.default\software\microsoft\Windows.
Configure users\.default\software\microsoft\Windows Help.
Configure users\.default\software\microsoft\Windows NT.
Configure users\.default\software\microsoft\netdde.
Configure users\.default\software\microsoft\netdde\DDE Trusted Shares.
Configure users\.default\software\microsoft\systemcertificates.
Configure users\.default\software\microsoft\systemcertificates\CA.
Configure users\.default\software\microsoft\systemcertificates\Disallowed.
Configure users\.default\software\microsoft\systemcertificates\My.
Configure users\.default\software\microsoft\systemcertificates\trust.
Configure users\.default\software\microsoft\systemcertificates\root.
Configure users\.default\software\microsoft\systemcertificates\root\Certificates.
Configure users\.default\software\microsoft\systemcertificates\root\CRLs.
Configure users\.default\software\microsoft\systemcertificates\root\CTLs.
Configure machine\software.
Configure machine\software\Clients.
Configure machine\software\ODBC.
Configure machine\software\Program Groups.
Configure machine\software\Secure.
Configure machine\software\classes.
Configure machine\software\classes\*.
Configure machine\software\classes\.acw.
Configure machine\software\classes\.ani.
Configure machine\software\classes\.avi.
Configure machine\software\classes\.bat.
Configure machine\software\classes\.bfc.
Configure machine\software\classes\.bkf.
Configure machine\software\classes\.blg.
Configure machine\software\classes\.cat.
Configure machine\software\classes\.cer.
Configure machine\software\classes\.clp.
Configure machine\software\classes\.cmd.
Configure machine\software\classes\.com.
Configure machine\software\classes\.cpl.
Configure machine\software\classes\.crl.
Configure machine\software\classes\.crt.
Configure machine\software\classes\.cur.
Configure machine\software\classes\.der.
Configure machine\software\classes\.dll.
Configure machine\software\classes\.doc.
Configure machine\software\classes\.drv.
Configure machine\software\classes\.dun.
Configure machine\software\classes\.exe.
Configure machine\software\classes\.fnd.
Configure machine\software\classes\.fon.
Configure machine\software\classes\.grp.
Configure machine\software\classes\.icc.
Configure machine\software\classes\.icm.
Configure machine\software\classes\.ico.
Configure machine\software\classes\.inf.
Configure machine\software\classes\.ini.
Configure machine\software\classes\.job.
Configure machine\software\classes\.lnk.
Configure machine\software\classes\.log.
Configure machine\software\classes\.mid.
Configure machine\software\classes\.mmm.
Configure machine\software\classes\.msc.
Configure machine\software\classes\.msi.
Configure machine\software\classes\.msp.
Configure machine\software\classes\.MsRcIncident.
Configure machine\software\classes\.otf.
Configure machine\software\classes\.p10.
Configure machine\software\classes\.p12.
Configure machine\software\classes\.p7b.
Configure machine\software\classes\.p7m.
Configure machine\software\classes\.p7r.
Configure machine\software\classes\.p7s.
Configure machine\software\classes\.pbk.
Configure machine\software\classes\.pfm.
Configure machine\software\classes\.pfx.
Configure machine\software\classes\.pif.
Configure machine\software\classes\.pko.
Configure machine\software\classes\.pma.
Configure machine\software\classes\.pmc.
Configure machine\software\classes\.pml.
Configure machine\software\classes\.pmr.
Configure machine\software\classes\.pmw.
Configure machine\software\classes\.pnf.
Configure machine\software\classes\.psw.
Configure machine\software\classes\.que.
Configure machine\software\classes\.reg.
Configure machine\software\classes\.rnk.
Configure machine\software\classes\.rtf.
Configure machine\software\classes\.scf.
Configure machine\software\classes\.scp.
Configure machine\software\classes\.scr.
Configure machine\software\classes\.sdb.
Configure machine\software\classes\.shb.
Configure machine\software\classes\.shs.
Configure machine\software\classes\.spc.
Configure machine\software\classes\.sst.
Configure machine\software\classes\.stl.
Configure machine\software\classes\.sys.
Configure machine\software\classes\.ttc.
Configure machine\software\classes\.ttf.
Configure machine\software\classes\.txt.
Configure machine\software\classes\.wav.
Configure machine\software\classes\.webpnp.
Configure machine\software\classes\.wtx.
Configure machine\software\classes\.zap.
Configure machine\software\classes\AccessControlEntry.
Configure machine\software\classes\AccessControlList.
Configure machine\software\classes\acwfile.
Configure machine\software\classes\ADCS.
Configure machine\software\classes\ADs.
Configure machine\software\classes\ADsDSOObject.
Configure machine\software\classes\ADsNamespaces.
Configure machine\software\classes\ADsSecurityUtility.
Configure machine\software\classes\ADSystemInfo.
Configure machine\software\classes\anifile.
Configure machine\software\classes\appfixfile.
Configure machine\software\classes\AppID.
Configure machine\software\classes\Applications.
Configure machine\software\classes\ATL.Registrar.
Configure machine\software\classes\AVIFile.
Configure machine\software\classes\BackLink.
Configure machine\software\classes\batfile.
Configure machine\software\classes\Briefcase.
Configure machine\software\classes\CaseIgnoreList.
Configure machine\software\classes\CATFile.
Configure machine\software\classes\CEnroll.CEnroll.
Configure machine\software\classes\CEnroll.CEnroll.1.
Configure machine\software\classes\CEnroll.CEnroll.2.
Configure machine\software\classes\CERFile.
Configure machine\software\classes\CertificateStoreFile.
Configure machine\software\classes\CLSID.
Configure machine\software\classes\cmdfile.
Configure machine\software\classes\comfile.
Configure machine\software\classes\cplfile.
Configure machine\software\classes\CRLFile.
Configure machine\software\classes\CryptPKO.CryptPKO.
Configure machine\software\classes\CryptPKO.CryptPKO.1.
Configure machine\software\classes\CryptSig.CryptSig.
Configure machine\software\classes\CryptSig.CryptSig.1.
Configure machine\software\classes\curfile.
Configure machine\software\classes\Direct3DRM.
Configure machine\software\classes\DirectDraw.
Configure machine\software\classes\DirectDraw7.
Configure machine\software\classes\DirectDrawClipper.
Configure machine\software\classes\Directory.
Configure machine\software\classes\DirectPlay.
Configure machine\software\classes\DirectPlayLobby.
Configure machine\software\classes\DirectShow.
Configure machine\software\classes\DirectSound.
Configure machine\software\classes\DirectSound8.
Configure machine\software\classes\DirectSoundBufferConfig.
Configure machine\software\classes\DirectSoundCapture.
Configure machine\software\classes\DirectSoundCapture8.
Configure machine\software\classes\DirectSoundChorusDMO.
Configure machine\software\classes\DirectSoundCompressorDMO.
Configure machine\software\classes\DirectSoundDistortionDMO.
Configure machine\software\classes\DirectSoundEchoDMO.
Configure machine\software\classes\DirectSoundFlangerDMO.
Configure machine\software\classes\DirectSoundFullDuplex.
Configure machine\software\classes\DirectSoundFXChorusPage.
Configure machine\software\classes\DirectSoundFXCompressorPage.
Configure machine\software\classes\DirectSoundFXDistortionPage.
Configure machine\software\classes\DirectSoundFXEchoPage.
Configure machine\software\classes\DirectSoundFXFlangerPage.
Configure machine\software\classes\DirectSoundFXGarglePage.
Configure machine\software\classes\DirectSoundFXI3DL2ReverbPage.
Configure machine\software\classes\DirectSoundFXParamEqPage.
Configure machine\software\classes\DirectSoundGargleDMO.
Configure machine\software\classes\DirectSoundI3DL2ReverbDMO.
Configure machine\software\classes\DirectSoundParamEqDMO.
Configure machine\software\classes\DirectXFile.
Configure machine\software\classes\DiskManagement.Connection.
Configure machine\software\classes\DiskManagement.Control.
Configure machine\software\classes\DiskManagement.DataObject.
Configure machine\software\classes\DiskManagement.SnapIn.
Configure machine\software\classes\DiskManagement.SnapInAbout.
Configure machine\software\classes\DiskManagement.SnapInComponent.
Configure machine\software\classes\DiskManagement.SnapInExtension.
Configure machine\software\classes\DiskManagement.UITasks.
Configure machine\software\classes\dllfile.
Configure machine\software\classes\DNWithBinary.
Configure machine\software\classes\DNWithString.
Configure machine\software\classes\DocShortcut.
Configure machine\software\classes\Drive.
Configure machine\software\classes\drvfile.
Configure machine\software\classes\dunfile.
Configure machine\software\classes\Email.
Configure machine\software\classes\exefile.
Configure machine\software\classes\FaxNumber.
Configure machine\software\classes\file.
Configure machine\software\classes\fndfile.
Configure machine\software\classes\Folder.
Configure machine\software\classes\fonfile.
Configure machine\software\classes\GC.
Configure machine\software\classes\hlpfile.
Configure machine\software\classes\Hold.
Configure machine\software\classes\icmfile.
Configure machine\software\classes\icofile.
Configure machine\software\classes\IMsiServer.
Configure machine\software\classes\inffile.
Configure machine\software\classes\inifile.
Configure machine\software\classes\Interface.
Configure machine\software\classes\JobObject.
Configure machine\software\classes\LargeInteger.
Configure machine\software\classes\LDAP.
Configure machine\software\classes\LDAPNamespace.
Configure machine\software\classes\lnkfile.
Configure machine\software\classes\MDACVer.Version.
Configure machine\software\classes\MDACVer.Version.2.71.
Configure machine\software\classes\Microsoft.DirectSoundCaptureAecDMO.
Configure machine\software\classes\Microsoft.DirectSoundCaptureAgcDMO.
Configure machine\software\classes\Microsoft.DirectSoundCaptureNoiseSuppressDMO.
Configure machine\software\classes\MIDFile.
Configure machine\software\classes\MIME.
Configure machine\software\classes\MPlayer.
Configure machine\software\classes\msbackupfile.
Configure machine\software\classes\MSCFile.
Configure machine\software\classes\MSExtGroup.
Configure machine\software\classes\MSExtLocality.
Configure machine\software\classes\MSExtOrganization.
Configure machine\software\classes\MSExtOrganizationUnit.
Configure machine\software\classes\MSExtPrintQueue.
Configure machine\software\classes\MSExtUser.
Configure machine\software\classes\Msi.Package.
Configure machine\software\classes\Msi.Patch.
Configure machine\software\classes\MSMQ.MSMQApplication.
Configure machine\software\classes\MSMQ.MSMQApplication.1.
Configure machine\software\classes\MSMQ.MSMQCoordinatedTransactionDispenser.
Configure machine\software\classes\MSMQ.MSMQCoordinatedTransactionDispenser.1.
Configure machine\software\classes\MSMQ.MSMQDestination.
Configure machine\software\classes\MSMQ.MSMQDestination.1.
Configure machine\software\classes\MSMQ.MSMQEvent.
Configure machine\software\classes\MSMQ.MSMQEvent.1.
Configure machine\software\classes\MSMQ.MSMQManagement.
Configure machine\software\classes\MSMQ.MSMQManagement.1.
Configure machine\software\classes\MSMQ.MSMQMessage.
Configure machine\software\classes\MSMQ.MSMQMessage.1.
Configure machine\software\classes\MSMQ.MSMQQuery.
Configure machine\software\classes\MSMQ.MSMQQuery.1.
Configure machine\software\classes\MSMQ.MSMQQueue.
Configure machine\software\classes\MSMQ.MSMQQueue.1.
Configure machine\software\classes\MSMQ.MSMQQueueInfo.
Configure machine\software\classes\MSMQ.MSMQQueueInfo.1.
Configure machine\software\classes\MSMQ.MSMQQueueInfos.
Configure machine\software\classes\MSMQ.MSMQQueueInfos.1.
Configure machine\software\classes\MSMQ.MSMQTransaction.
Configure machine\software\classes\MSMQ.MSMQTransaction.1.
Configure machine\software\classes\MSMQ.MSMQTransactionDispenser.
Configure machine\software\classes\MSMQ.MSMQTransactionDispenser.1.
Configure machine\software\classes\MSProgramGroup.
Configure machine\software\classes\MsRcIncident.
Configure machine\software\classes\Msttsdrv.MSVoiceData.
Configure machine\software\classes\Msttsdrv.MSVoiceData.1.
Configure machine\software\classes\Msttsdrv.SpTtsEngUI.
Configure machine\software\classes\Msttsdrv.SpTtsEngUI.1.
Configure machine\software\classes\MSTTSEng.MSMSTTSEngine.1.
Configure machine\software\classes\NameTranslate.
Configure machine\software\classes\NDS.
Configure machine\software\classes\NDSNamespace.
Configure machine\software\classes\NetAddress.
Configure machine\software\classes\Network.
Configure machine\software\classes\NetworkConnections.
Configure machine\software\classes\NWCOMPAT.
Configure machine\software\classes\NWCOMPATNamespace.
Configure machine\software\classes\OctetList.
Configure machine\software\classes\otffile.
Configure machine\software\classes\P10File.
Configure machine\software\classes\P7MFile.
Configure machine\software\classes\P7RFile.
Configure machine\software\classes\P7SFile.
Configure machine\software\classes\Path.
Configure machine\software\classes\Pathname.
Configure machine\software\classes\pbkfile.
Configure machine\software\classes\PerfFile.
Configure machine\software\classes\pfmfile.
Configure machine\software\classes\PFXFile.
Configure machine\software\classes\piffile.
Configure machine\software\classes\PKOFile.
Configure machine\software\classes\pnffile.
Configure machine\software\classes\PostalAddress.
Configure machine\software\classes\Printers.
Configure machine\software\classes\PropertyEntry.
Configure machine\software\classes\PropertyValue.
Configure machine\software\classes\PSWFile.
Configure machine\software\classes\QueueObject.
Configure machine\software\classes\regedit.
Configure machine\software\classes\regfile.
Configure machine\software\classes\ReplicaPointer.
Configure machine\software\classes\rnkfile.
Configure machine\software\classes\SAPI.LTSLexicon.
Configure machine\software\classes\SAPI.LTSLexicon.1.
Configure machine\software\classes\SAPI.SpAudioFormat.
Configure machine\software\classes\SAPI.SpAudioFormat.1.
Configure machine\software\classes\SAPI.SpCompressedLexicon.
Configure machine\software\classes\SAPI.SpCompressedLexicon.1.
Configure machine\software\classes\SAPI.SpCustomStream.
Configure machine\software\classes\SAPI.SpCustomStream.1.
Configure machine\software\classes\SAPI.SpDataKey.
Configure machine\software\classes\SAPI.SpDataKey.1.
Configure machine\software\classes\SAPI.SpFileStream.
Configure machine\software\classes\SAPI.SpFileStream.1.
Configure machine\software\classes\SAPI.SpGramCompBackEnd.
Configure machine\software\classes\SAPI.SpGramCompBackEnd.1.
Configure machine\software\classes\SAPI.SpGrammarCompiler.
Configure machine\software\classes\SAPI.SpGrammarCompiler.1.
Configure machine\software\classes\SAPI.SpInProcRecoContext.
Configure machine\software\classes\SAPI.SpInProcRecoContext.1.
Configure machine\software\classes\SAPI.SpInprocRecognizer.
Configure machine\software\classes\SAPI.SpInprocRecognizer.1.
Configure machine\software\classes\SAPI.SpITNProcessor.
Configure machine\software\classes\SAPI.SpITNProcessor.1.
Configure machine\software\classes\SAPI.SpLexicon.
Configure machine\software\classes\SAPI.SpLexicon.1.
Configure machine\software\classes\SAPI.SpMemoryStream.
Configure machine\software\classes\SAPI.SpMemoryStream.1.
Configure machine\software\classes\SAPI.SpMMAudioEnum.
Configure machine\software\classes\SAPI.SpMMAudioEnum.1.
Configure machine\software\classes\SAPI.SpMMAudioIn.
Configure machine\software\classes\SAPI.SpMMAudioIn.1.
Configure machine\software\classes\SAPI.SpMMAudioOut.
Configure machine\software\classes\SAPI.SpMMAudioOut.1.
Configure machine\software\classes\SAPI.SPNotify.1.
Configure machine\software\classes\SAPI.SpNotifyTranslator.
Configure machine\software\classes\SAPI.SpNotifyTranslator.1.
Configure machine\software\classes\SAPI.SpNullPhoneConverter.
Configure machine\software\classes\SAPI.SpNullPhoneConverter.1.
Configure machine\software\classes\SAPI.SpObjectToken.
Configure machine\software\classes\SAPI.SpObjectToken.1.
Configure machine\software\classes\SAPI.SpObjectTokenCategory.
Configure machine\software\classes\SAPI.SpObjectTokenCategory.1.
Configure machine\software\classes\SAPI.SpObjectTokenEnum.
Configure machine\software\classes\SAPI.SpObjectTokenEnum.1.
Configure machine\software\classes\SAPI.SpPhoneConverter.
Configure machine\software\classes\SAPI.SpPhoneConverter.1.
Configure machine\software\classes\SAPI.SpPhrase.1.
Configure machine\software\classes\SAPI.SpPhraseBuilder.
Configure machine\software\classes\SAPI.SpPhraseBuilder.1.
Configure machine\software\classes\SAPI.SpPhraseInfoBuilder.
Configure machine\software\classes\SAPI.SpPhraseInfoBuilder.1.
Configure machine\software\classes\SAPI.SpRecPlayAudio.
Configure machine\software\classes\SAPI.SpRecPlayAudio.1.
Configure machine\software\classes\SAPI.SpResourceManager.
Configure machine\software\classes\SAPI.SpResourceManager.1.
Configure machine\software\classes\SAPI.SpSharedRecoContext.
Configure machine\software\classes\SAPI.SpSharedRecoContext.1.
Configure machine\software\classes\SAPI.SpSharedRecognizer.
Configure machine\software\classes\SAPI.SpSharedRecognizer.1.
Configure machine\software\classes\SAPI.SpStream.
Configure machine\software\classes\SAPI.SpStream.1.
Configure machine\software\classes\SAPI.SpStreamFormatConverter.
Configure machine\software\classes\SAPI.SpStreamFormatConverter.1.
Configure machine\software\classes\SAPI.SpTextSelectionInformation.
Configure machine\software\classes\SAPI.SpTextSelectionInformation.1.
Configure machine\software\classes\SAPI.SpUncompressedLexicon.
Configure machine\software\classes\SAPI.SpUncompressedLexicon.1.
Configure machine\software\classes\SAPI.SpVoice.
Configure machine\software\classes\SAPI.SpVoice.1.
Configure machine\software\classes\SAPI.SpWaveFormatEx.
Configure machine\software\classes\SAPI.SpWaveFormatEx.1.
Configure machine\software\classes\scrfile.
Configure machine\software\classes\SecurityDescriptor.
Configure machine\software\classes\SHCmdFile.
Configure machine\software\classes\Shell.
Configure machine\software\classes\ShellScrap.
Configure machine\software\classes\SoundRec.
Configure machine\software\classes\SPCFile.
Configure machine\software\classes\StaticDib.
Configure machine\software\classes\StaticEnhancedMetafile.
Configure machine\software\classes\StaticMetafile.
Configure machine\software\classes\STLFile.
Configure machine\software\classes\sysfile.
Configure machine\software\classes\System.DirectSoundCaptureAecDMO.
Configure machine\software\classes\System.DirectSoundCaptureAgcDMO.
Configure machine\software\classes\System.DirectSoundCaptureNsDMO.
Configure machine\software\classes\SystemFileAssociations.
Configure machine\software\classes\TimeStamp.
Configure machine\software\classes\TlntSvr.EnumTelnetClientsSvr.
Configure machine\software\classes\ttcfile.
Configure machine\software\classes\ttffile.
Configure machine\software\classes\txtfile.
Configure machine\software\classes\TypedName.
Configure machine\software\classes\TypeLib.
Configure machine\software\classes\Unknown.
Configure machine\software\classes\webpnpFile.
Configure machine\software\classes\WindowsInstaller.Installer.
Configure machine\software\classes\WindowsInstaller.Message.
Configure machine\software\classes\WinNT.
Configure machine\software\classes\WinNTNamespace.
Configure machine\software\classes\WinNTSystemInfo.
Configure machine\software\classes\zapfile.
Configure machine\software\classes\.hlp.
Configure machine\software\classes\helpfile.
Configure machine\software\classes\helpfile\shell.
Configure machine\software\microsoft.
Configure machine\software\microsoft\Active Setup.
Configure machine\software\microsoft\AudioCompressionManager.
Configure machine\software\microsoft\CTF.
Configure machine\software\microsoft\DataAccess.
Configure machine\software\microsoft\DeviceManager.
Configure machine\software\microsoft\Direct3D.
Configure machine\software\microsoft\DirectDraw.
Configure machine\software\microsoft\DirectInput.
Configure machine\software\microsoft\DirectMusic.
Configure machine\software\microsoft\DirectPlay.
Configure machine\software\microsoft\DirectX.
Configure machine\software\microsoft\DrWatson.
Configure machine\software\microsoft\EAPOL.
Configure machine\software\microsoft\ESENT.
Configure machine\software\microsoft\EventSystem.
Configure machine\software\microsoft\Internet Explorer.
Configure machine\software\microsoft\MMC.
Configure machine\software\microsoft\Mobile.
Configure machine\software\microsoft\Mr. Enigma.
Configure machine\software\microsoft\MSMQ.
Configure machine\software\microsoft\NetSh.
Configure machine\software\microsoft\PCHealth.
Configure machine\software\microsoft\Shared Tools.
Configure machine\software\microsoft\Speech.
Configure machine\software\microsoft\Tracing.
Configure machine\software\microsoft\WBEM.
Configure machine\software\microsoft\Windows Messaging Subsystem.
Configure machine\software\microsoft\Windows Scripting Host.
Configure machine\software\microsoft\ads.
Configure machine\software\microsoft\ads\providers.
Configure machine\software\microsoft\ads\providers\ldap.
Configure machine\software\microsoft\ads\providers\ldap\extensions.
Configure machine\software\microsoft\ads\providers\ldap\extensions\Computer.
Configure machine\software\microsoft\ads\providers\ldap\extensions\Group.
Configure machine\software\microsoft\ads\providers\ldap\extensions\groupOfNames.
Configure machine\software\microsoft\ads\providers\ldap\extensions\groupOfUniqueNames.
Configure machine\software\microsoft\ads\providers\ldap\extensions\Locality.
Configure machine\software\microsoft\ads\providers\ldap\extensions\Organization.
Configure machine\software\microsoft\ads\providers\ldap\extensions\Organizational Unit.
Configure machine\software\microsoft\ads\providers\ldap\extensions\organizationalPerson.
Configure machine\software\microsoft\ads\providers\ldap\extensions\OrganizationalUnit.
Configure machine\software\microsoft\ads\providers\ldap\extensions\person.
Configure machine\software\microsoft\ads\providers\ldap\extensions\PrintQueue.
Configure machine\software\microsoft\ads\providers\ldap\extensions\residentialPerson.
Configure machine\software\microsoft\ads\providers\ldap\extensions\User.
Configure machine\software\microsoft\ads\providers\nds.
Configure machine\software\microsoft\ads\providers\nwcompat.
Configure machine\software\microsoft\ads\providers\winnt.
Configure machine\software\microsoft\command processor.
Configure machine\software\microsoft\cryptography.
Configure machine\software\microsoft\cryptography\CatalogDB.
Configure machine\software\microsoft\cryptography\Defaults.
Configure machine\software\microsoft\cryptography\IEDirtyFlags.
Configure machine\software\microsoft\cryptography\Machine Settings.
Configure machine\software\microsoft\cryptography\OID.
Configure machine\software\microsoft\cryptography\Protect.
Configure machine\software\microsoft\cryptography\Providers.
Configure machine\software\microsoft\cryptography\RNG.
Configure machine\software\microsoft\cryptography\Services.
Configure machine\software\microsoft\cryptography\calais.
Configure machine\software\microsoft\driver signing.
Configure machine\software\microsoft\enterprisecertificates.
Configure machine\software\microsoft\enterprisecertificates\CA.
Configure machine\software\microsoft\enterprisecertificates\Disallowed.
Configure machine\software\microsoft\enterprisecertificates\Root.
Configure machine\software\microsoft\enterprisecertificates\Trust.
Configure machine\software\microsoft\enterprisecertificates\TrustedPublisher.
Configure machine\software\microsoft\netdde.
Configure machine\software\microsoft\netdde\DDE Shares.
Configure machine\software\microsoft\netdde\Parameters.
Configure machine\software\microsoft\non-driver signing.
Configure machine\software\microsoft\ole.
Configure machine\software\microsoft\rpc.
Configure machine\software\microsoft\rpc\ClientProtocols.
Configure machine\software\microsoft\rpc\NameService.
Configure machine\software\microsoft\rpc\NetBios.
Configure machine\software\microsoft\rpc\SecurityService.
Configure machine\software\microsoft\secure.
Configure machine\software\microsoft\systemcertificates.
Configure machine\software\microsoft\systemcertificates\AuthRoot.
Configure machine\software\microsoft\systemcertificates\CA.
Configure machine\software\microsoft\systemcertificates\Disallowed.
Configure machine\software\microsoft\systemcertificates\My.
Configure machine\software\microsoft\systemcertificates\ROOT.
Configure machine\software\microsoft\systemcertificates\SPC.
Configure machine\software\microsoft\systemcertificates\trust.
Configure machine\software\microsoft\windows.
Configure machine\software\microsoft\windows\currentversion.
Configure machine\software\microsoft\windows\currentversion\App Paths.
Configure machine\software\microsoft\windows\currentversion\Applets.
Configure machine\software\microsoft\windows\currentversion\Control Panel.
Configure machine\software\microsoft\windows\currentversion\Controls Folder.
Configure machine\software\microsoft\windows\currentversion\CSCSettings.
Configure machine\software\microsoft\windows\currentversion\Dynamic Directory.
Configure machine\software\microsoft\windows\currentversion\H323TSP.
Configure machine\software\microsoft\windows\currentversion\Internet Settings.
Configure machine\software\microsoft\windows\currentversion\IPConfTSP.
Configure machine\software\microsoft\windows\currentversion\MS-DOS Emulation.
Configure machine\software\microsoft\windows\currentversion\Nls.
Configure machine\software\microsoft\windows\currentversion\RenameFiles.
Configure machine\software\microsoft\windows\currentversion\Setup.
Configure machine\software\microsoft\windows\currentversion\Shell Extensions.
Configure machine\software\microsoft\windows\currentversion\ShellScrap.
Configure machine\software\microsoft\windows\currentversion\SideBySide.
Configure machine\software\microsoft\windows\currentversion\Syncmgr.
Configure machine\software\microsoft\windows\currentversion\Uninstall.
Configure machine\software\microsoft\windows\currentversion\explorer.
Configure machine\software\microsoft\windows\currentversion\explorer\Advanced.
Configure machine\software\microsoft\windows\currentversion\explorer\AutoplayHandlers.
Configure machine\software\microsoft\windows\currentversion\explorer\CD Burning.
Configure machine\software\microsoft\windows\currentversion\explorer\ControlPanel.
Configure machine\software\microsoft\windows\currentversion\explorer\Desktop.
Configure machine\software\microsoft\windows\currentversion\explorer\FindExtensions.
Configure machine\software\microsoft\windows\currentversion\explorer\HideDesktopIcons.
Configure machine\software\microsoft\windows\currentversion\explorer\MyComputer.
Configure machine\software\microsoft\windows\currentversion\explorer\RemoteComputer.
Configure machine\software\microsoft\windows\currentversion\explorer\Shell Folders.
Configure machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks.
Configure machine\software\microsoft\windows\currentversion\explorer\TemplateRegistry.
Configure machine\software\microsoft\windows\currentversion\explorer\Tips.
Configure machine\software\microsoft\windows\currentversion\explorer\VolumeCaches.
Configure machine\software\microsoft\windows\currentversion\explorer\WindowsUpdate.
Configure machine\software\microsoft\windows\currentversion\explorer\user shell folders.
Configure machine\software\microsoft\windows\currentversion\reliability.
Configure machine\software\microsoft\windows\currentversion\runonce.
Configure machine\software\microsoft\windows\currentversion\runonceex.
Configure machine\software\microsoft\windows\currentversion\telephony.
Configure machine\software\microsoft\windows\currentversion\telephony\Country List.
Configure machine\software\microsoft\windows\currentversion\telephony\Locations.
Configure machine\software\microsoft\windows\currentversion\telephony\Providers.
Configure machine\software\microsoft\windows\currentversion\telephony\TAPI3.
Configure machine\software\microsoft\windows\currentversion\telephony\Terminal Manager.
Configure machine\software\microsoft\windows nt.
Configure machine\software\microsoft\windows nt\currentversion.
Configure machine\software\microsoft\windows nt\currentversion\Compatibility.
Configure machine\software\microsoft\windows nt\currentversion\Compatibility32.
Configure machine\software\microsoft\windows nt\currentversion\Console.
Configure machine\software\microsoft\windows nt\currentversion\Drivers.
Configure machine\software\microsoft\windows nt\currentversion\drivers.desc.
Configure machine\software\microsoft\windows nt\currentversion\Embedding.
Configure machine\software\microsoft\windows nt\currentversion\Event Viewer.
Configure machine\software\microsoft\windows nt\currentversion\File Manager.
Configure machine\software\microsoft\windows nt\currentversion\FontDPI.
Configure machine\software\microsoft\windows nt\currentversion\Fonts.
Configure machine\software\microsoft\windows nt\currentversion\FontSubstitutes.
Configure machine\software\microsoft\windows nt\currentversion\GRE_Initialize.
Configure machine\software\microsoft\windows nt\currentversion\HotFix.
Configure machine\software\microsoft\windows nt\currentversion\IME Compatibility.
Configure machine\software\microsoft\windows nt\currentversion\IMM.
Configure machine\software\microsoft\windows nt\currentversion\LanguagePack.
Configure machine\software\microsoft\windows nt\currentversion\LastFontSweep.
Configure machine\software\microsoft\windows nt\currentversion\MCI.
Configure machine\software\microsoft\windows nt\currentversion\MCI Extensions.
Configure machine\software\microsoft\windows nt\currentversion\MCI32.
Configure machine\software\microsoft\windows nt\currentversion\Midimap.
Configure machine\software\microsoft\windows nt\currentversion\ModuleCompatibility.
Configure machine\software\microsoft\windows nt\currentversion\Network.
Configure machine\software\microsoft\windows nt\currentversion\PerHwIdStorage.
Configure machine\software\microsoft\windows nt\currentversion\Ports.
Configure machine\software\microsoft\windows nt\currentversion\related.desc.
Configure machine\software\microsoft\windows nt\currentversion\Terminal Server.
Configure machine\software\microsoft\windows nt\currentversion\Tracing.
Configure machine\software\microsoft\windows nt\currentversion\Type 1 Installer.
Configure machine\software\microsoft\windows nt\currentversion\Userinstallable.drivers.
Configure machine\software\microsoft\windows nt\currentversion\WOW.
Configure machine\software\microsoft\windows nt\currentversion\accessibility.
Configure machine\software\microsoft\windows nt\currentversion\accessibility\Utility Manager.
Configure machine\software\microsoft\windows nt\currentversion\aedebug.
Configure machine\software\microsoft\windows nt\currentversion\asr.
Configure machine\software\microsoft\windows nt\currentversion\asr\commands.
Configure machine\software\microsoft\windows nt\currentversion\classes.
Configure machine\software\microsoft\windows nt\currentversion\classes\NameSpace.
Configure machine\software\microsoft\windows nt\currentversion\drivers32.
Configure machine\software\microsoft\windows nt\currentversion\efs.
Configure machine\software\microsoft\windows nt\currentversion\font drivers.
Configure machine\software\microsoft\windows nt\currentversion\fontmapper.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options\front.exe.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options\install.exe.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options\setup.exe.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path.
Configure machine\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping\Clock.ini.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping\control.ini.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping\ImageFileExecutionOptions.ini.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping\KeyboardLayout.ini.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping\msacm.ini.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping\Ntbackup.ini.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping\ntnet.ini.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping\regedt32.ini.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping\schdpl32.ini.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping\system.ini.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping\win.ini.
Configure machine\software\microsoft\windows nt\currentversion\inifilemapping\winfile.ini.
Configure machine\software\microsoft\windows nt\currentversion\perflib.
Configure machine\software\microsoft\windows nt\currentversion\profilelist.
Configure machine\software\microsoft\windows nt\currentversion\secedit.
Configure machine\software\microsoft\windows nt\currentversion\setup.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole.
Configure machine\software\microsoft\windows nt\currentversion\svchost.
Configure machine\software\microsoft\windows nt\currentversion\svchost\LocalService.
Configure machine\software\microsoft\windows nt\currentversion\svchost\netsvcs.
Configure machine\software\microsoft\windows nt\currentversion\time zones.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Afghanistan Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Alaskan Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Arab Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Arabian Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Arabic Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Atlantic Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\AUS Central Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\AUS Eastern Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Azores Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Canada Central Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Cape Verde Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Caucasus Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Cen. Australia Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Central America Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Central Asia Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Central Europe Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Central European Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Central Pacific Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Central Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\China Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Dateline Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\E. Africa Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\E. Australia Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\E. Europe Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\E. South America Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Eastern Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Egypt Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Ekaterinburg Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Fiji Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\FLE Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\GMT Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Greenland Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\Greenwich Standard Time.
Configure machine\software\microsoft\windows nt\currentversion\time zones\GTB Standard Time.
Configure machine\software\microsoft\windows nt\currentversion�
  • 0

#5
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
whoa...slow down

you wrote: "the Gateway, it shows I'm connected to a server named Lannman. That shows up on all of my computers"

What is IT SHOWS?

You are both giving too much information and not enough at the same time.

Let's start with something simple---

Please run hijackthis (see link in my signature), then save a log and AS A TEXT FILE (FILE > SAVE AS) then ATTACH IT (do not post) to your next post.

This program is similar to the a2hijack program, (in fact a2hijack is based on this program)

We do not like to post hijackthis logs in sections other than the malware forum as we do not want to encourage people to post malware issues in this forum.

Attach that and we will move on from there
  • 0

#6
JennaD

JennaD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry, I forgot...you haven't been reading everything on these computers line by line for the past year and 3 months trying to figure out what's going on! Ok..when I start my computer with the Windows CD and go into the Repair mode, run LISTSVC from the C: prompt, my computers (all of them) show that I am running the service "Workstation". Under "Workstation", it (the computer) shows that the name of the workstation is "Lannman". I also have several .inf, .log, etc. files that depict the workstation name as "LANNMAN". Again, this happens on fresh installs on all of my computers. I am working on the Gateway 700GR right now and had to perform another fresh install this evening (3/7). Half of my programs stopped working, etc.

Attached is the log file you requested. The only programs I installed were: Fix-It 6 Professional (Includes AV and Spyware Removal) with Power Desk 5.0 Pro, Office XP Pro SP2, and Hijack This 1.99. My computer will not allow me to run the Genuine Advantage Validation Tool to upgrade XP O/S to SP2. Actually, I'm unable to register my copy of Windows. Additonally, I never get the option to perform Dynamic Updates or do anything else before the actual O/S begins to install on fresh installs (after reformatting the HDD, etc.). After initation and I create the partition (NTFS), my computer reboots and goes directly to "Downloading Windows XP Professional". It skips the first couple of options.

Ok..attached is the file requested.

Thanks so much,

Jenna

Attached Files


  • 0

#7
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
there is nothing out of sorts in the hijackthis log.

sr.exe is part of the system restore service

you are on a network..when you connect your PC to a broadband service provider like Roadrunner, you are becoming a node on their network.

Workstation is a windows servce that creates and maintains client network connections to remote servers. If this service is stopped, you cannot access these services.

I suppose you could go into services and disable this service (start > run > services.msc <enter> scroll down to workstation, double click, set startup type to manual or disabled, and hit stop button), but I do not know if this is wise since I am unfamiliar with roadrunner....who set you up on roadrunner? You or an installer...could be you need this service for accessing remote storage, or maybe even to access dns and or dhcp information....don't know.

You cannot perform dynamic updates if your network interface card is not supported by windows natively, so I wouldn't be concerned about that.

The fact you cannot perform updates....that is another issue entirerly. Are these legitimate copies of windows xp? Where did you get them? And you cannot perform updates until/if you activate windows...did you do that?
  • 0

#8
JennaD

JennaD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I am unable to validate Windows at all. Some of the computer use the factory cd's that are legit copies of windows. The same thing happens on all of my computers. I used to be able to perform Windows updates before all of this mess began.

When I downloaded Hijack This, I added the zip folder to my desktop, created a "Hijack" folder in the Program Files. When I unzipped the file I downloaded, I received a message saying that the program was being downloaded from a Temporary Folder. The program began installing immediately. Usually when I extract a zipped folder, I'm able to see the contents of the extraction, and have to click on the setup icon to install the program. I also tried opening the zipped folder from the location...and received the same message regarding the Temporary folder. I am a stand-alone computer right now. I am connected directly to RoadRunner, but have never had to set up a network (before all of this mess began) to access the internet. I just received a pop-up from Messenger Service saying, "Security Monitor to Windows User on 3/7/2006 9:28:39 PM" - Important Windows Security Bulletin - Buffer overrun in Messenger Service Allows Remote Code Execution, Virus Infection and Unexpected Computer Shutdowns. etc. It tells me to go to "www.patchupdate.info" to paste that patch into Internet Explorer and when I click on ok, the address will disappear. I'm not going to paste anything in my browser! I'm getting tons of wierd pop-ups now. Also, when I start my computer, the boot portion says that the first 1024 MB are written in CODE. I cannot fix my MBR and I only have 193 gigs to install my operating system out of a 200 gig HDD. I've installed Partition Magic, etc., and my computer shows no hidden partitions...and when I try to fix the MBR, I get a message saying I have a non-standard MBR and it never "fixes!". If I use LIVE BOOT to boot my system, I get the Linux desktop but it's encrypted. The guy that "helped" me way back when was into Cisco. I have a feeling no one is going to be able to help me fix this mess!

Thanks anyway for all of your help!

Jenna
  • 0

#9
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
You say so many things and tend to run them all togetherm, greatly complicating this process

You're also seeing some issues that are not issues--for example, the whole C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\CompatMode.htm thing is read herring...that is completely normal

Let's put aside windows update for the moment--which is a problem and we will tackle that last.

Hijack does not have an installation; it is a standalone executable. The process you described will occur when a setup installation is within a zipped file, but would not occur when simply unzipping a file without a setup routine

The messenger service is on by default in sp1 and rtm versions of XP--Microsoft set it to disabled in SP@ for this exact reason...many nefarious spammers use the messenger service to spam people. The Messenger service (different then ms messenger chat programs) is used on networks to broadcast messages like "THE SERVER IS GOING DOWN"--ie, only in a large corporate network setting

Disable it until you update to sp2

start > run
services.msc
<enter>

scroll odwn, double click MESSENGER, hit STOP, and set the startup type ot DISABLED

Also, when I start my computer, the boot portion says that the first 1024 MB are written in CODE.

I do not understand what you mean here....how is this info presented to you ?

I cannot fix my MBR

Why/How do you know it's broke?

What are you using fixmbr from the recovery console? or Fdisk /mbr from a floppy


I only have 193 gigs to install my operating system out of a 200 gig HDD.

This is not an issue. This is partially a result of harddisk makers and the rest of the world not using the same terminology. A mb=1024 bytes, but a hardisk maker presents a mb as 1000bytes--this results in actual harddrive size being smaller than what is sold...also, windows reserves some space on a harddrive for later use (for example, if your disk has bad clusters, windows repair will move data from these bad areas into these unused parts)

If I use LIVE BOOT to boot my system, I get the Linux desktop but it's encrypted.

I do not know what you mean by LifeBoot...is this a linux boot cd of some sort...where did you get it.


Windows update.
When you say you cannot visit windows update, what happens when you do?
  • 0

#10
JennaD

JennaD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I already have Messenger Disabled. It still runs in the background somehow.

When I boot my computer, a screen comes up showing that the first 1024 megabytes of the hard drive are written in code. Then the screen goes away and the system continues booting.

I have gone in to fix the MBR by using the recovery console from the Windows XP Professional boot disk. I know the guy that I used to live next door to was hacking into my computers. That's why we moved. None of my programs ever work correctly. I've been told by everyone to reformat the HDD, go into the repair mode and FIXMBR. That's why I'm trying to fix the MBR. But it says I have a non-standard MBR. I used Live Boot (a disk that can be downloaded from the Internet) to see what my computer was booting from. I kept seeing Grub Bootloader on my computer. Grub Bootloader is a Linux bootloader. But I'm not running Linux...so I shouldn't have Grub on my computer at all. I cannot seem to remove it. I'm assuming that's what the Code is that I'm seeing. I'm being hacked into big time and I just want the guy out of my computer.

Something really strange is going on. You know that I told you I just downloaded Hijack This yesterday? Well, in my Hijack Programs File that I created yesterday, it has a subfolder named "backups". In this folder, it has several backup files. Some show the last changes were made in February 16, 2006. How can that be if I just installed it yesterday? The backup file contains almost 900KB. I also have have a document named "startup list" in that folder...the "Hijack This" program folder. I'm attaching it for you. Look at the drivers that start when my computer starts. Alot of these drivers are Windows XP Client drivers. I am not on a server! I am a stand alone computer! Roadrunner is not my server. They are simply my ISP. No different than using Earthlink DSL. I have a modem and ONE computer connected to the modem and should be able to directly connect to the Internet without going through any server or any server protocols. My IP addresses are automatic and are supposed to update automatically through Roadrunner. I cannot even get into my ethernet properties to view the properties. I cannot check the status of my connection. I have no idea which IP address I'm connected to the Internet through right now. My Device Manager does not give me a "details" option, and when I go to "Network Connections" through the Contol Panel, the screen is blank. It shows no connections, yet I'm obviously connected.

If you look at the attached, you'll see that there are problems we just cannot fix through this site. I am going to have to hire a hacker to undo whatever has been done here. I have Terminal Server Device Redirector, Terminal Mouse Driver, Terminal Keyboard Driver, Microcode Update Device, PCI Standard ISA Bridge, PCI Standard Host CPU Bridge, FIVE PCI Standard PCI-to-PCI Bridges, ISAPNP Read Data Port, Direct Memory Access Controller, USB root hubs that share 10% bandwidth?????????????? (at least according to my device manager) and USB mass storage devices, PCI to USB Host controllers, Direct Parallel that has ptlink.sys and raspt.sys drivers, WANminiports..active..., (I don't use wireless at all!) etc. I don't have any of that! Yet it's all showing up in my device manager! I do not have one thing plugged into a USB port right now! NOTHING! My device manager actually shows TWO processors...both Intel Pentium 4 CPU 3.4 GHz! They're both under "Processors" in the Device Manager. I have a computer with a serial mouse and serial keyboard, and a Monitor. I don't even have any speakers plugged in. I give up!!!!

Thanks for trying to help. It just isn't going to work. Too many complicated things are going on. I need someone (a hacker?) in front of my computer to undo all of this mess and get my computer working the way it should again.

Jenna

Attached Files


  • 0

Advertisements


#11
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
the startup file was created when you hit the MISC TOOLS section and then presed GENERATE STARTIP list

You DO NOT HAVE MESSENGER DISABLED according to that list. According to that list, the startup type is AUTOMATIC, so each time you start your machine, it will run. You did not follow instructions

the backup folder is created when you check something and use HIJACK to fix something, which I did not ask you to do...did you do something?

If you like, please ZIP the folder up and attach and I will look at it.

As for dates...what is your system date? Double click your clock

Windows update will not work if your system date is incorrect

PLEASE FOLLOW INSTRUCTIONS...STOP DOING THINGS BETWEEN POSTS. You are making things VERY DIFFICULT to help you.

EVERYTHING you are reporting IS NORMAL...just because you do not have anything plugged into a USB port does NOT mean the port is not installed.

Two things are truly unusual so far

that windows update is not working, but given the odd date, I would not be surprised if that is the issue

and

the grub boot

Given that you have been mucking around with a Live Linux cd without any real knowledge, it would not surprise me at all if you accidentally started an install.
  • 0

#12
JennaD

JennaD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I did disable Messenger! The action was "restart service" under the Recover tab. I just changed it to "Take No Action", disabled the service, disabled the profile. But next time I reboot, it will be enabled again. That's usually what happens.

My clock reads 3/8/2006 1:33 p.m. right now.

The Live Boot. I didn't do that myself. A guy that was helping me...he owns his own computer company and was doing all of the networking for Ben Taub Hospital at the time...used it on my computer. He had taken my computer to his house to install an external firewall. He saw all of the scripts the hackers were running at his house on my computer, but was able to install the firewall. However, when he brought my computer back to my house, the firewall would no longer work. He worked on it and tried for awhile, but couldn't do it. He saw where they were usinig the Linux desktop to log into my computer. The password for System, Local Serivce, Administrator, and NT Authority were all *. He tried to change the passwords, but they would just revert back to *. Half of the desktop was encrypted. We didn't install anything. Like I told you, this gets really complicated, and it's a 1 1/2 year story...so I cannot begin to explain all of it to you in a few posts.

My computer runs scripts. Just because something changes on here, it doesn't mean I changed it or ran something I wasn't supposed to run. That's why I need help. Things happen all of the time and things change, and I know I didn't chang it! If this helps at all, Hijack is listed under: HKEY_LOCAL_MACHINE_\Software\Microsoft\Windows\CurrentVersion\App Management\ARP Cache\HijackThis

My bios won't resent either. I took this computer in...I tried to reset myself, but couldn't get it to. I took it to neobox in The Woodlands. The guy said he reset the jumpers, took the battery out and left it out for over 3 hours and couldn't get the bios to reset. I built my son's computer, so I know how to reset the bios. I've never not been able to reset a bios. So that's another weird thing to add to your list.

Attached is the backup file zipped. The only thing I've changed since the last post was the name of my computer because I had a bad word in there. I ran a search on hijack in my system. I attached the results. Well...nevermind. I don't have the option to zip files anymore. I have to download winzip. Will send the backup file zipped later this evening. Here's my search results though. Attaching it in text form.

Thanks,

Jenna
  • 0

#13
dsenette

dsenette

    Je suis Napoléon!

  • Administrator
  • 26,019 posts
  • MVP
PLEASE QUIT POSTING THE SAME THING IN THIS THREAD!!!! it's not gonna get you helped any faster....and it's REALLY annoying...one duplicate..we assume you were impatient when pressing the add reply button...4? that's just you being annoying...

i'll wait for gerry's suggestions here...but my best idea concidering the amount of funk you claim to have crawling around in all of these machines would to use dban (google it) to completely wipe the drive on the machine and start completely over from scratch....i would also suggest updating your bios..which may fix your inability to reset it to defaults (though i SERIOUSLY doubt that the removal of the cmos battery doesn't cause a bios reset....was the machine plugged in when the battery was removed?)
  • 0

#14
JennaD

JennaD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I did disable Messenger! The action was "restart service" under the Recover tab. I just changed it to "Take No Action", disabled the service, disabled the profile. But next time I reboot, it will be enabled again. That's usually what happens.

My clock reads 3/8/2006 1:33 p.m. right now.

The Live Boot. I didn't do that myself. A guy that was helping me...he owns his own computer company and was doing all of the networking for Ben Taub Hospital at the time...used it on my computer. He had taken my computer to his house to install an external firewall. He saw all of the scripts the hackers were running at his house on my computer, but was able to install the firewall. However, when he brought my computer back to my house, the firewall would no longer work. He worked on it and tried for awhile, but couldn't do it. He saw where they were usinig the Linux desktop to log into my computer. The password for System, Local Serivce, Administrator, and NT Authority were all *. He tried to change the passwords, but they would just revert back to *. Half of the desktop was encrypted. We didn't install anything. Like I told you, this gets really complicated, and it's a 1 1/2 year story...so I cannot begin to explain all of it to you in a few posts.

My computer runs scripts. Just because something changes on here, it doesn't mean I changed it or ran something I wasn't supposed to run. That's why I need help. Things happen all of the time and things change, and I know I didn't chang it! If this helps at all, Hijack is listed under: HKEY_LOCAL_MACHINE_\Software\Microsoft\Windows\CurrentVersion\App Management\ARP Cache\HijackThis

My bios won't resent either. I took this computer in...I tried to reset myself, but couldn't get it to. I took it to neobox in The Woodlands. The guy said he reset the jumpers, took the battery out and left it out for over 3 hours and couldn't get the bios to reset. I built my son's computer, so I know how to reset the bios. I've never not been able to reset a bios. So that's another weird thing to add to your list.

Attached is the backup file zipped. The only thing I've changed since the last post was the name of my computer because I had a bad word in there. I ran a search on hijack in my system. I attached the results. Well...nevermind. I don't have the option to zip files anymore. I have to download winzip. Will send the backup file zipped later this evening. Here's my search results though. Attaching it in text form. I went ahead and added another couple of files for your perusal.

And everything on that start list is installed. At least in the Device Manager, it shows the IRQ each device is using, the memory ranges, the drivers installed, the locations, the device numbers, and the fact that the devices are enabled. I'd say that says they're installed! (grin) Been trying to post this forever. The connection is slower than dialup. It's 2:15 p.m. I'll try again.

Thanks,

Jenna

Attached Files


  • 0

#15
JennaD

JennaD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I hit the "PREVIEW POST" several times. My machine kept hanging. I never hit "ADD REPLY" 4 times. And I've started over from scratch way over 50 times in the last year and a half...so the "so-called" funk I CLAIM is running around my machines hasn't gone away. I've spent $15,000 and taken them to at least 10 different so-called professionals. I'm sure you can probably fix them though. You seem to know quite a bit. I've only been working on Windows since 1995, and this "funk" just began November of 2004. Anything else you'd like to help with?

Thanks for your input,

Jenna
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP