Jump to content

LordFett

Member
  • Posts

    210
  • Joined

  • Last visited

  • Donations

    0.00 USD 
  • Country

    United States

Posts posted by LordFett

  1. I changed my mouse cursors to animated ones I used in XP. In the preview they are animated, however once I apply they are not animated. Is it the cursors? Or is it windows? Or am I missing a setting somewhere to turn the animations on?

    http://lordfett.com/files/TIE_wait.ani

    http://lordfett.com/files/Imperial_Pilot_Busy.ani

    I hope posting these doesn't violate any rules or anything, if it does I'll remove the files and the links.

  2. I have used this thread and the article linked in it to remap my caps lock key to tab. Was trying it tonight with Windows 7 but am getting an error.

    regedit.png

    I am running regedit as admin.

    My first question is, does W7 allow for an easier way to remap the keyboard then registry editing?

    Does this method of keyboard remapping work in W7?

  3. Very nice. Couple questions, is it possible to move this to the left next to the Window's Icon? And is it possible to have it show just the icon and no name?

    [edit]Ok got rid of the text. Now to figure out how to get it to the left side. Also I found there is a button to the right of the clock without an icon that shows desktop.[/edit]

  4. Did SUPERAntiSpyware or Malwarebytes find anything?

    SUPERAntiSpyware might have found some tracking cookies, malwarebytes found nothing.

    You log appears clean.

    That is what I thought.

    Your Firefox may not be starting due to an addon. Try starting it in safe mode through the start menu, or by adding -safe-mode to the shortcut.

    Restarted it with all add-ons disabled and it started. I ran an update and everything was up to day except for noscript.

    List of add-ons:

    Adblock

    Broadband Speed Test and Diagnostic

    Domain Details

    Forecastfox

    Foxmarks

    Gmail Manager

    Gmail Space

    IE Tab

    Java Quick Starter (not sure about this one, I don't remember installing it for him nor does he remember it)

    Noscript

    Speed Dial

    Any idea about Chrome? I'm going to try and reinstall it shortly.

    I reenabled all of the addons in FX3 save the Java quick starter and it came right up.

  5. Rename HijackThis to scanner.exe and check again, reposting your log. :)
    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 1:00:38 AM, on 26-Nov-08

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\S24EvMon.exe

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

    C:\WINDOWS\system32\RegSrvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

    C:\Program Files\UPHClean\uphclean.exe

    c:\program files\lenovo\system update\suservice.exe

    C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Documents and Settings\nocturne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

    C:\WINDOWS\system32\TpScrLk.exe

    C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Program Files\Opera\opera.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Program Files\Trend Micro\HijackThis\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kendallclan.net/

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

    O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

    O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe

    O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

    O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide

    O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

    O23 - Service: TKIRHKTM - Unknown owner - C:\DOCUME~1\nocturne\LOCALS~1\Temp\TKIRHKTM.exe (file missing)

    O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

    --

    End of file - 5856 bytes

  6. Ok ran everything in your tool kit Tarun.

    Here is my new Hijack this log:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:04:48 PM, on 25-Nov-08

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\S24EvMon.exe

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

    C:\WINDOWS\system32\RegSrvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

    C:\Program Files\UPHClean\uphclean.exe

    c:\program files\lenovo\system update\suservice.exe

    C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Documents and Settings\nocturne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

    C:\WINDOWS\system32\TpScrLk.exe

    C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Documents and Settings\nocturne\Desktop\RootkitRevealer.exe

    C:\DOCUME~1\nocturne\LOCALS~1\Temp\BGQT.exe

    C:\Documents and Settings\nocturne\Desktop\RootkitRevealer.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kendallclan.net/

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

    O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

    O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe

    O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

    O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide

    O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: BOAHY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\nocturne\LOCALS~1\Temp\BOAHY.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

    O23 - Service: TKIRHKTM - Unknown owner - C:\DOCUME~1\nocturne\LOCALS~1\Temp\TKIRHKTM.exe (file missing)

    O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

    --

    End of file - 6040 bytes

    And rootkit revealer:

    HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 02-Apr-07 8:31 PM 0 bytes Key name contains embedded nulls (*)

    HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\License information* 02-Jul-08 6:49 PM 0 bytes Key name contains embedded nulls (*)

    HKLM\SECURITY\Policy\Secrets\SAC* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)

    HKLM\SECURITY\Policy\Secrets\SAI* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)

    HKLM\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o 02-Aug-07 5:02 PM 0 bytes Key name contains embedded nulls (*)

    Same problems, Firefox won't open at all now though and Chrome is being super crashtastic.

  7. HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 02-Apr-07 8:31 PM 0 bytes Key name contains embedded nulls (*)

    HKU\S-1-5-21-823518204-527237240-725345543-1003\Software\SecuROM\License information* 02-Jul-08 6:49 PM 0 bytes Key name contains embedded nulls (*)

    HKLM\SECURITY\Policy\Secrets\SAC* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)

    HKLM\SECURITY\Policy\Secrets\SAI* 09-Jan-06 9:42 PM 0 bytes Key name contains embedded nulls (*)

    HKLM\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&y@^t! #^$ g9^$&pgb SDB36o 02-Aug-07 5:02 PM 0 bytes Key name contains embedded nulls (*)

    HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 24-Nov-08 2:52 PM 80 bytes Data mismatch between Windows API and raw hive data.

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage\ProductFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage\WORDFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.

    C:\Documents and Settings\nocturne\Application Data\Microsoft\Office\Recent\Chrome Crash.doc.LNK 24-Nov-08 2:54 PM 454 bytes Hidden from Windows API.

    C:\Documents and Settings\nocturne\Application Data\Microsoft\Office\Recent\Jedi Handbook 13a.doc.LNK 06-Oct-08 11:05 AM 1.05 KB Visible in Windows API, but not in MFT or directory index.

    C:\Documents and Settings\nocturne\Desktop\Chrome Crash.doc 24-Nov-08 2:54 PM 20.50 KB Hidden from Windows API.

    C:\Documents and Settings\nocturne\Local Settings\Temp\mmc12627FA0.xml 24-Nov-08 2:28 PM 0 bytes Visible in Windows API, but not in MFT or directory index.

    C:\Documents and Settings\nocturne\Local Settings\Temp\~DF4E61.tmp 24-Nov-08 2:53 PM 512 bytes Visible in Windows API, but not in MFT or directory index.

    C:\Documents and Settings\nocturne\Local Settings\Temp\~DFAD88.tmp 24-Nov-08 2:53 PM 512 bytes Visible in Windows API, but not in MFT or directory index.

    C:\Documents and Settings\nocturne\Recent\Chrome Crash.doc.lnk 24-Nov-08 2:54 PM 522 bytes Hidden from Windows API.

    C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083857.ini 24-Nov-08 1:10 PM 12.11 KB Hidden from Windows API.

    C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083858.ini 24-Nov-08 1:10 PM 22.85 KB Hidden from Windows API.

    C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083859.ax 24-Nov-08 1:10 PM 7.50 KB Hidden from Windows API.

    C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083860.ax 24-Nov-08 1:10 PM 7.50 KB Hidden from Windows API.

    C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083861.dir 24-Nov-08 1:10 PM 2.13 KB Hidden from Windows API.

    C:\System Volume Information\_restore{0FB8F9A7-355D-488D-AA4E-F599DAF76985}\RP958\A0083862.ini 23-Nov-08 10:41 PM 3.79 KB Hidden from Windows API.

    These are the two that I'm most worried about:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage \ProductFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\9040820900063D11C8EF00054038389C\Usage \WORDFiles 22-Nov-08 11:10 AM 4 bytes Data mismatch between Windows API and raw hive data.

    As this is when things really stopped working.

    I've run Panda's antirootkit, rootkit buster, rootkit detective, removeany. I'm running gmer now.

  8. I am working on a friend's laptop. He said his firefox started taking up huge ammounts of memory after running for a while so he started using Chrome. Now firefox crashes upon opening, it never gets as far as an actual browser opening, it just goes right to the crash report. chrome on the otherhand will open and try to load the last page visited or the start page then within 30 seconds it crashes.

    Opera is running fine, IE runs ok but after 30 minutes or so it slows way down. I've scanned the system with NOD32, Avast!, Clamav, Adaware, PCTools Spyware Doctor, Spybot S&D and Malwarebytes anti-malware. Only thing that has been picked up by anything has been tracking cookies.

    System is a Lenovo/IBM x40 laptop running XP SP3.

    Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 8:29:09 AM, on 24-Nov-08

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\S24EvMon.exe

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

    C:\WINDOWS\runservice.exe

    C:\WINDOWS\system32\RegSrvc.exe

    C:\Program Files\Spyware Doctor\pctsAuxs.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

    c:\program files\lenovo\system update\suservice.exe

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

    C:\WINDOWS\system32\TpScrLk.exe

    C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Documents and Settings\nocturne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Opera\opera.exe

    C:\Program Files\Pidgin\pidgin.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kendallclan.net/

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

    O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe

    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

    O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe

    O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

    O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide

    O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

    O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

    O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe

    O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

    O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE

    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

    --

    End of file - 6303 bytes

  9. Thanks for all the info everyone, I tried a couple of the programs on your list Iceman, no dice. But with one WinXP setup reconized the installation and attempted to repair it, to no avail. I am running a defrag on the disk now then I will try the seagate discwizard since both discs are maxtors. Thanks Charolotte, hopfully it will get me from here to eternity.

  10. I have a computer I basically use as network storage, but the system drive is only 20gb and since I have a spare 100gb I'd like to use that one without having to reinstall everything. I did a back up of the system drive and restored it onto the new system drive. The first time I got an error for a bad file, forget the name of it, but it wouldn't boot. So I did a new back up and restore this time as soon as it passes bios i just get a cursor.

    Neither time would my winxp reconize that there was an istallation of windows on the new system hdd. Is there a way I can check the backup before I do a restore? Would it be better if i removed the old system disk and did a backup with it as a non-system disk on another computer?

    I've looked at norton ghost, but I've never been a fan of their and shelling out 70 bones for this isn't something I want to do right now. I'm not looking for something 100%, if there is a good program that will help me with this I'll gladly purchase it... but not for $70.

  11. All interupts changed from 11 to autoselect. Reenabled wireless and got this screen.

    100_3525.jpg

    http://lordfett.com/rpf/100_3526.jpg

    http://lordfett.com/rpf/100_3527.jpg

    Changed interupts back to auto and disabled wireless and it booted fine.

    Also notice the error for the wireless changed, this normally appears but flashes for a second before going to the first screen I posted, so I've never been able to take a picture of it.

  12. Not 100% sure this is the best place for this problem, but it is a start.

    Laptop was fine, powered down, put in my satchel, went to school, came home, turned on and I get an error when booting. If in BIOS I disable my internal wireless it boots fine. I've tried disabling my wired connection (never use it with the laptop) but unless I disable the wireless I have the error.

    100_3524.jpg

    ERROR:

    Resource Conflict - PCI Network Controller in slot 01, Bus:02, Device:02, Function:00

    Press <F1> to enter setup.

    the laptop is an IBM/Lenovo x40. I have removed the battery, the hard drive. Anyone know if the wireless care is removeable or soldered to the mobo like my fraking cpu is?

  13. Actually the 2nd is the 20gb version of what the laptop uses.

    And I don't consider mini/nano/shuffle real iPods, I knew what you meant. I've had the drive to my laptop out (lost the screw that holds the caddy in too) and had an iPod (3rd gen) apart and I still think the size is different by far too much. I will do a size comparison tonight (I know I said that before) of my IBM Hitatchi drive, a standard 2.5" a 3.5" my iPod and a metal ruler if I can find it. (And given my track record for remembering this kind of stuff I will be dead wrong on everything I have said, but if my photos prove i am wrong I'll eat my hat).

    http://www.tomshardware.com/2006/04/28/sma...iful/page3.html

    Article about the 1.8" drive with some good photos. Last photo on the page is the bottom of the X40's hard drive.



×
×
  • Create New...