Content Type
Profiles
Forums
Events
Posts posted by LordFett
-
-
I changed my mouse cursors to animated ones I used in XP. In the preview they are animated, however once I apply they are not animated. Is it the cursors? Or is it windows? Or am I missing a setting somewhere to turn the animations on?
http://lordfett.com/files/TIE_wait.ani
http://lordfett.com/files/Imperial_Pilot_Busy.ani
I hope posting these doesn't violate any rules or anything, if it does I'll remove the files and the links.
0 -
Thank dnrc, I'll give that a try.
0 -
I have used this thread and the article linked in it to remap my caps lock key to tab. Was trying it tonight with Windows 7 but am getting an error.
I am running regedit as admin.
My first question is, does W7 allow for an easier way to remap the keyboard then registry editing?
Does this method of keyboard remapping work in W7?
0 -
Very nice. Couple questions, is it possible to move this to the left next to the Window's Icon? And is it possible to have it show just the icon and no name?
[edit]Ok got rid of the text. Now to figure out how to get it to the left side. Also I found there is a button to the right of the clock without an icon that shows desktop.[/edit]
0 -
As much as I love Firefox I am falling for Chrome hard. I just hope they come out with something like adblock.
0 -
Well since I started running Firefox without that java plugin both FX3 and Chrome are running fine.
thanks for the help Tarun and that link Staffnrod.
0 -
Did SUPERAntiSpyware or Malwarebytes find anything?
SUPERAntiSpyware might have found some tracking cookies, malwarebytes found nothing.
You log appears clean.That is what I thought.
Your Firefox may not be starting due to an addon. Try starting it in safe mode through the start menu, or by adding -safe-mode to the shortcut.Restarted it with all add-ons disabled and it started. I ran an update and everything was up to day except for noscript.
List of add-ons:
Adblock
Broadband Speed Test and Diagnostic
Domain Details
Forecastfox
Foxmarks
Gmail Manager
Gmail Space
IE Tab
Java Quick Starter (not sure about this one, I don't remember installing it for him nor does he remember it)
Noscript
Speed Dial
Any idea about Chrome? I'm going to try and reinstall it shortly.
I reenabled all of the addons in FX3 save the Java quick starter and it came right up.
0 -
Rename HijackThis to scanner.exe and check again, reposting your log.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:38 AM, on 26-Nov-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\UPHClean\uphclean.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\nocturne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kendallclan.net/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TKIRHKTM - Unknown owner - C:\DOCUME~1\nocturne\LOCALS~1\Temp\TKIRHKTM.exe (file missing)
O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 5856 bytes
0 -
Ok ran everything in your tool kit Tarun.
Here is my new Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:04:48 PM, on 25-Nov-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\UPHClean\uphclean.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\nocturne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\nocturne\Desktop\RootkitRevealer.exe
C:\DOCUME~1\nocturne\LOCALS~1\Temp\BGQT.exe
C:\Documents and Settings\nocturne\Desktop\RootkitRevealer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kendallclan.net/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BOAHY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\nocturne\LOCALS~1\Temp\BOAHY.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TKIRHKTM - Unknown owner - C:\DOCUME~1\nocturne\LOCALS~1\Temp\TKIRHKTM.exe (file missing)
O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 6040 bytes
And rootkit revealer:
HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 02-Apr-07 8:31 PM 0 bytes Key name contains embedded nulls (*)HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\License information* 02-Jul-08 6:49 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAC* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o 02-Aug-07 5:02 PM 0 bytes Key name contains embedded nulls (*)
Same problems, Firefox won't open at all now though and Chrome is being super crashtastic.
0 -
Thanks Tarun, I had already download your stuff but hadn't installed it yet. That was going to be my next step and then reinstalling the OS.
0 -
HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 02-Apr-07 8:31 PM 0 bytes Key name contains embedded nulls (*)
HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\License information* 02-Jul-08 6:49 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAC* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o 02-Aug-07 5:02 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 24-Nov-08 2:52 PM 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage\ProductFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage\WORDFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\nocturne\Application Data\Microsoft\Office\Recent\Chrome Crash.doc.LNK 24-Nov-08 2:54 PM 454 bytes Hidden from Windows API.
C:\Documents and Settings\nocturne\Application Data\Microsoft\Office\Recent\Jedi Handbook 13a.doc.LNK 06-Oct-08 11:05 AM 1.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\nocturne\Desktop\Chrome Crash.doc 24-Nov-08 2:54 PM 20.50 KB Hidden from Windows API.
C:\Documents and Settings\nocturne\Local Settings\Temp\mmc12627FA0.xml 24-Nov-08 2:28 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\nocturne\Local Settings\Temp\~DF4E61.tmp 24-Nov-08 2:53 PM 512 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\nocturne\Local Settings\Temp\~DFAD88.tmp 24-Nov-08 2:53 PM 512 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\nocturne\Recent\Chrome Crash.doc.lnk 24-Nov-08 2:54 PM 522 bytes Hidden from Windows API.
C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083857.ini 24-Nov-08 1:10 PM 12.11 KB Hidden from Windows API.
C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083858.ini 24-Nov-08 1:10 PM 22.85 KB Hidden from Windows API.
C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083859.ax 24-Nov-08 1:10 PM 7.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083860.ax 24-Nov-08 1:10 PM 7.50 KB Hidden from Windows API.
C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083861.dir 24-Nov-08 1:10 PM 2.13 KB Hidden from Windows API.
C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083862.ini 23-Nov-08 10:41 PM 3.79 KB Hidden from Windows API.
These are the two that I'm most worried about:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage \ProductFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage \WORDFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.
As this is when things really stopped working.
I've run Panda's antirootkit, rootkit buster, rootkit detective, removeany. I'm running gmer now.
0 -
Ran rootkitrevealer, found quite a few things. Looking for a reliable rootkit remover now.
0 -
I am working on a friend's laptop. He said his firefox started taking up huge ammounts of memory after running for a while so he started using Chrome. Now firefox crashes upon opening, it never gets as far as an actual browser opening, it just goes right to the crash report. chrome on the otherhand will open and try to load the last page visited or the start page then within 30 seconds it crashes.
Opera is running fine, IE runs ok but after 30 minutes or so it slows way down. I've scanned the system with NOD32, Avast!, Clamav, Adaware, PCTools Spyware Doctor, Spybot S&D and Malwarebytes anti-malware. Only thing that has been picked up by anything has been tracking cookies.
System is a Lenovo/IBM x40 laptop running XP SP3.
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:29:09 AM, on 24-Nov-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\nocturne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kendallclan.net/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 6303 bytes
0 -
Used the seagate program, looks like it worked. Was really simple, I think you over explained it a little Charlotte. D/L program install made cd reboot from cd copy disk.
Up the irons.
0 -
I understood how to do what you posted, I just was already in the process of doing what I tried and realize now my mistake, the 100gb had previously been used in this instance of windows.
Giving your method a whirl.
0 -
Installed windows on the new drive then did a windows restore then used the winxp disk to repair. once it booted up I ran into a slight problem... The computer sees the drive with it's old letter... I:\
0 -
Thanks for all the info everyone, I tried a couple of the programs on your list Iceman, no dice. But with one WinXP setup reconized the installation and attempted to repair it, to no avail. I am running a defrag on the disk now then I will try the seagate discwizard since both discs are maxtors. Thanks Charolotte, hopfully it will get me from here to eternity.
0 -
I have a computer I basically use as network storage, but the system drive is only 20gb and since I have a spare 100gb I'd like to use that one without having to reinstall everything. I did a back up of the system drive and restored it onto the new system drive. The first time I got an error for a bad file, forget the name of it, but it wouldn't boot. So I did a new back up and restore this time as soon as it passes bios i just get a cursor.
Neither time would my winxp reconize that there was an istallation of windows on the new system hdd. Is there a way I can check the backup before I do a restore? Would it be better if i removed the old system disk and did a backup with it as a non-system disk on another computer?
I've looked at norton ghost, but I've never been a fan of their and shelling out 70 bones for this isn't something I want to do right now. I'm not looking for something 100%, if there is a good program that will help me with this I'll gladly purchase it... but not for $70.
0 -
All interupts changed from 11 to autoselect. Reenabled wireless and got this screen.
http://lordfett.com/rpf/100_3526.jpg
http://lordfett.com/rpf/100_3527.jpg
Changed interupts back to auto and disabled wireless and it booted fine.
Also notice the error for the wireless changed, this normally appears but flashes for a second before going to the first screen I posted, so I've never been able to take a picture of it.
0 -
Odd that there would suddenly be an issue on a laptop that has been in use for 2+ years. Going to change them all to auto assign.
0 -
Not 100% sure this is the best place for this problem, but it is a start.
Laptop was fine, powered down, put in my satchel, went to school, came home, turned on and I get an error when booting. If in BIOS I disable my internal wireless it boots fine. I've tried disabling my wired connection (never use it with the laptop) but unless I disable the wireless I have the error.
ERROR:Resource Conflict - PCI Network Controller in slot 01, Bus:02, Device:02, Function:00
Press <F1> to enter setup.
the laptop is an IBM/Lenovo x40. I have removed the battery, the hard drive. Anyone know if the wireless care is removeable or soldered to the mobo like my fraking cpu is?
0 -
I have an ASUS A8N-SLI Premium 939 NVIDIA nForce4 SLI ATX AMD Motherboard and it has two NICs, a Yukon and nVidia for Dual 10/100/1000Mbps. If both are hooked up would it increase my connection? Such as allowing one for tx and one for rx? Or would it be used to connect one to the network and one to the internet?
0 -
Hard drive next to my 4th gen iPod.
Next to a 3.5" drive.
Bottom of the drive out of caddy
All of the pictures I took http://lordfett.com/hdd
0 -
Actually the 2nd is the 20gb version of what the laptop uses.
And I don't consider mini/nano/shuffle real iPods, I knew what you meant. I've had the drive to my laptop out (lost the screw that holds the caddy in too) and had an iPod (3rd gen) apart and I still think the size is different by far too much. I will do a size comparison tonight (I know I said that before) of my IBM Hitatchi drive, a standard 2.5" a 3.5" my iPod and a metal ruler if I can find it. (And given my track record for remembering this kind of stuff I will be dead wrong on everything I have said, but if my photos prove i am wrong I'll eat my hat).
http://www.tomshardware.com/2006/04/28/sma...iful/page3.html
Article about the 1.8" drive with some good photos. Last photo on the page is the bottom of the X40's hard drive.
0
Remapping the keyboard in W7 - How?
in Windows 7
Posted
Very nice, worked like a champ and much easier then regedit.