Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by shawnh

  1. Yes I guess the time had come eh Starbuck. Thank you so much once again. Cheers Shawn
  2. Thanks everybody... well I just decided to go ahead and do a full reformat and reinstall of XP. I had actually did a backup about a week before the laptop crashed, and while in the PE environment, I saved the rest of my important stuff to a USB stick. I was just tying to avoid the hassles of re-installing all my software and programs (of which there was a lot)... but ah well, it was time to just bite the bullet. It's an old old laptop anyway, and like Plastic Nev says, is likely just due for another failure. I even tried Goku's Registry Hive suggestion before the reformat, but it didn't make any difference. So I'd like to thank everybody for helping me, you guys are great. Starbuck, thanks for your detailed attention. Thanks! Shawn
  3. Thanks Starbuck. I'm a little concerned by this sentence on the website Goku suggested: "Warning Do not use the procedure that is described in this article if your computer has an OEM-installed operating system. The system hive on OEM installations creates passwords and user accounts that did not exist previously. " .. Now, my computer *did* have two copies of the OS on it - the original (OEM) in C:\WINDOWS (which was not operational), and the working one in C:\WINXP. This one was installed a few years back when I was having some problems with the computer. I'm 99% sure I would have used the original Compaq Windows XP OS CD's to do that installation. So does that make my C:\WINXP installation also an "OEM" installation? And therefore I can't use Goku's instructions? Thanks Shawn
  4. Well buddy, I followed those instructions and did the whole chkdsk /r (I had actually did a couple of these before I contacted you and they didn't help). It didn't do any good. Judging by that message I got last time: ""Windows could not start because the following file is missing or corrupt: \WINXP\SYSTEM32\CONFIG\SYSTEM You can attempt to repair this file by starting Windows Setup using the original Setup CD-ROM. Select 'r' at the first screen to start repair." ... I was assuming that the "repair" process would allow me to selectively target the corrupted file and replace it with a fresh copy. Your friends instructions never hinted at that, it only said to do a chkdsk /r. Anyway, after I did it and rebooted (without the CD in), it came up to the choices of OS: Microsoft Windows XP Home Recovery Console Microsoft Windows XP Home .. the 1st one was highlighted and it quickly selected it and proceeded. Almost immediately it came up with: "Windows could not start because the following file is missing or corrupt: \WINXP\SYSTEM32\CONFIG\SYSTEM You can attempt to repair this file by starting Windows Setup using the original Setup CD-ROM. Select 'r' at the first screen to start repair." ... same as before. When I reboot again and quickly choose the 3rd option for OS, it takes me to a blue Windows XP window showing "Setup is being restarted...". Then it goes black and that same Lsass.exe error appears. Then it reboots automatically. I guess the Recovery Console or Repair is not gonna work eh? Time for Goku's suggestion? Cheers Shawn P.S: During this last time when trying to run Recovery Console from the OS boot selections, it wouldn't work... it said: "NTLDR is compressed Press Ctrl+Alt+Del to restart " ... so I had to put the OS CD back in and run the Recovery Console from that. I guess that really doesn't make a difference eh?
  5. OK Starbuck, thanks... did all that and at the end of the OTL run it said I needed to re-boot in order to finish the process. So at that point I popped out the CD (so it wouldn't boot from CD), then exited OTL and did a shutdown. I rebooted and it presented 3 boot choices for me (as it has, ever since I tried to do that recovery repair thing): Microsoft Windows XP home edition Recovery Console Microsoft Windows XP home edition .. it only give like 2 seconds to make a choice here before it automatically goes ahead by itself with the 1st option the list. It did so and it then began to try to resume the blue screen "Setup is resuming..." process that the Recovery thing bombed out on. I immediately shut the system down at that point and booted up again to try the 3rd boot choice in the list. It went to the same thing so I let it go. It then gave the same old "Lsass.exe" error. But after that disappeared, something different appeared in a black screen: "Windows could not start because the following file is missing or corrupt: \WINXP\SYSTEM32\CONFIG\SYSTEM You can attempt to repair this file by starting Windows Setup using the original Setup CD-ROM. Select 'r' at the first screen to start repair." ... this is something new. Should I try this? Thanks! Shawn
  6. Thanks Starbuck! Yeah I guess the repair install I attempted rolled everything back to the original version of XP.... even though it never did complete the repair install, it would get partways then reboot by itself.
  7. are you still with me Starbuck? Cheers Shawn
  8. So should I just go maybe ahead with that Registry Recovery procedure that Goku suggested some time ago (http://support.microsoft.com/kb/307545), or should we continue with trying to find/delete the malware? Thanks Shawn
  9. I'm pretty sure I had Service Pack 2 on there Starbuck. Did that OTL report find any bad stuff? Cheers Shawn
  10. Thanks so much Starbuck. OK, I followed your instructions and noted a few things along the way: - After I downloaded OTLPENet.exe, I doubleclicked OTLPENet.exe, not OTLPEStd.exe. I wasn't sure what you meant by OTLPEStd.exe - When I invoked OTLPE from the REATOGO environment, it only asked: ""Do you wish to load remote user profile(s) for scanning"". I clicked YES, and it displayed a list of other "users", I guess. The first one was highlighted and the checkbox "Automatically Load All Remaining Users" was checked so I just clicked OK. - it then displayed a window saying "One of the files containing the system's Registry data had to be recovered by use of a log or alternate copy. The recovery was successful". I clicked OK on that. - I then ran OTLPE with the default settings and clicked "Run Scan". It completed pretty quick (10-15 mins)... is that normal? here is the report below: OTL logfile created on: 11/1/2011 7:11:22 PM - Run OTLPE by OldTimer - Version Folder = X:\Programs\OTLPE Microsoft Windows XP (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 547.00 Mb Available Physical Memory | 71.00% Memory free 707.00 Mb Paging File | 584.00 Mb Available in Paging File | 83.00% Paging File free Paging file location(s): c:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files Drive C: | 27.95 Gb Total Space | 6.07 Gb Free Space | 21.72% Space Free | Partition Type: NTFS Drive D: | 1.92 Gb Total Space | 0.55 Gb Free Space | 28.47% Space Free | Partition Type: FAT Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (PEVSystemStart) SRV - File not found [Auto] -- -- (LMIGuardianSvc) SRV - File not found [Auto] -- -- (Irmon) SRV - File not found [Disabled] -- -- (HidServ) SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINXP\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2007/12/05 05:18:59 | 000,594,600 | ---- | M] ( ) [Auto] -- C:\WINXP\System32\lxdncoms.exe -- (lxdn_device) SRV - [2007/12/05 05:18:53 | 000,098,984 | ---- | M] () [Auto] -- C:\WINXP\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService) SRV - [2006/03/21 10:30:26 | 000,368,724 | ---- | M] (Atheros) [Auto] -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe -- (ACS) SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) SRV - [2001/10/03 20:21:52 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto] -- C:\WINXP\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | Boot] -- -- (tclondrv) DRV - File not found [Kernel | On_Demand] -- -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20) DRV - File not found [Kernel | On_Demand] -- -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00) DRV - File not found [Kernel | On_Demand] -- -- (SWMX00) Sierra Wireless USB MUX Driver (#00) DRV - File not found [Kernel | On_Demand] -- -- (Rasirda) WAN Miniport (IrDA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (mxDisk) DRV - File not found [Kernel | Auto] -- -- (LXARScan) DRV - File not found [Kernel | On_Demand] -- -- (LMImirr) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [File_System | Boot] -- -- (Lbd) DRV - File not found [Kernel | On_Demand] -- -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | Auto] -- -- (irda) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | Boot] -- -- (fytnbit) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | On_Demand] -- -- (catchme) DRV - [2010/02/23 09:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) DRV - [2010/02/23 09:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) DRV - [2010/02/23 09:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) DRV - [2010/02/23 09:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) DRV - [2009/04/23 15:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) DRV - [2009/02/15 23:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINXP\system32\vsdatant.sys -- (vsdatant) DRV - [2008/12/11 21:32:42 | 000,148,496 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\WINXP\system32\drivers\klif.sys -- (KLIF) DRV - [2008/11/17 01:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot] -- C:\WINXP\system32\ZoneLabs\srescan.sys -- (srescan) DRV - [2008/02/29 16:08:08 | 000,024,840 | ---- | M] () [Kernel | On_Demand] -- C:\WINXP\System32\drivers\swmsflt.sys -- (swmsflt) DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\winusb.sys -- (winusb) DRV - [2006/05/19 17:16:24 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINXP\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2006/05/19 17:16:24 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINXP\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2006/05/16 01:37:44 | 000,999,968 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\ar5416.sys -- (AR5416) DRV - [2004/02/23 08:40:38 | 000,014,976 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto] -- C:\WINXP\system32\drivers\portd2k.sys -- (portD) DRV - [2003/11/13 21:47:00 | 000,640,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003/11/08 02:00:02 | 001,063,040 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2003/11/08 02:00:02 | 000,631,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/08 02:00:02 | 000,196,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2001/08/18 10:00:00 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\HSF_MSFT.sys -- (hsf_msft) DRV - [2001/08/18 10:00:00 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\HSF_BSC2.sys -- (basic2) DRV - [2001/08/18 10:00:00 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\HSF_SAMP.sys -- (Rksample) DRV - [2001/08/16 21:20:34 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator.N-66I8K7FUN69C1.000_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService.NT_AUTHORITY.000_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LogMeInRemoteUser.N-66I8K7FUN69C1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\Moe_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Moe_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\Moe_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = <local> IE - HKU\NetworkService.NT_AUTHORITY.000_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINXP\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version= C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version= C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/07/04 17:20:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/13 13:51:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/13 13:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2001/08/18 10:00:00 | 000,000,734 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKU\Moe_ON_C\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [PrinTray] C:\WINXP\system32\spool\drivers\w32x86\3\printray.exe (Lexmark) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKU\Moe_ON_C..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - Startup: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe (D-Link) O4 - Startup: C:\Documents and Settings\Moe\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\Administrator.N-66I8K7FUN69C1.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService.NT_AUTHORITY.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LogMeInRemoteUser.N-66I8K7FUN69C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LogMeInRemoteUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Moe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\Moe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKU\Moe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\NetworkService.NT_AUTHORITY.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.) O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.) O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe () O9 - Extra 'Tools' menuitem : Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINXP\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/04/08 22:47:00 | 000,000,018 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/11/20 19:36:58 | 000,000,000 | ---D | M] - C:\autoresponder -- [ NTFS ] O32 - AutoRun File - [2009/10/13 15:51:20 | 000,000,000 | ---D | M] - C:\AutoResponsePlus -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (sprestrt) - C:\WINXP\System32\sprestrt.exe (Microsoft Corporation) O34 - HKLM BootExecute: (sprestrt) - C:\WINXP\System32\sprestrt.exe (Microsoft Corporation) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2100/02/08 15:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe [2012/04/13 16:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moe\Start Menu\Programs\Push-Button Option Trader [2012/04/13 16:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Push-Button Option Trader [2011/10/30 12:31:48 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2011/10/23 12:59:14 | 000,000,000 | -HSD | C] -- C:\found.003 [2011/10/20 20:39:47 | 000,000,000 | -HSD | C] -- C:\found.002 [2011/10/13 13:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011/10/12 12:14:17 | 000,000,000 | ---D | C] -- C:\FirefoxBookmarks [2011/10/12 10:34:38 | 000,000,000 | ---D | C] -- C:\Eastlink [2009/04/20 15:06:15 | 000,262,144 | ---- | C] (ZoneAlarm) -- C:\Program Files\Uninstall Spy Blocker.dll [2008/09/25 17:37:57 | 000,438,272 | ---- | C] ( ) -- C:\WINXP\System32\LXDNhcp.dll [2008/09/25 17:37:56 | 000,364,544 | ---- | C] ( ) -- C:\WINXP\System32\lxdninpa.dll [2008/09/25 17:37:56 | 000,339,968 | ---- | C] ( ) -- C:\WINXP\System32\lxdniesc.dll [2008/09/25 17:37:55 | 001,101,824 | ---- | C] ( ) -- C:\WINXP\System32\lxdnserv.dll [2008/09/25 17:37:55 | 000,843,776 | ---- | C] ( ) -- C:\WINXP\System32\lxdnusb1.dll [2008/09/25 17:37:54 | 000,647,168 | ---- | C] ( ) -- C:\WINXP\System32\lxdnpmui.dll [2008/09/25 17:37:54 | 000,569,344 | ---- | C] ( ) -- C:\WINXP\System32\lxdnlmpm.dll [2008/09/25 17:37:54 | 000,053,248 | ---- | C] ( ) -- C:\WINXP\System32\lxdnprox.dll [2008/09/25 17:37:52 | 000,320,168 | ---- | C] ( ) -- C:\WINXP\System32\lxdnih.exe [2008/09/25 17:37:51 | 000,663,552 | ---- | C] ( ) -- C:\WINXP\System32\lxdnhbn3.dll [2008/09/25 17:37:49 | 000,851,968 | ---- | C] ( ) -- C:\WINXP\System32\lxdncomc.dll [2008/09/25 17:37:49 | 000,594,600 | ---- | C] ( ) -- C:\WINXP\System32\lxdncoms.exe [2008/09/25 17:37:49 | 000,376,832 | ---- | C] ( ) -- C:\WINXP\System32\lxdncomm.dll [2008/09/25 17:37:48 | 000,365,224 | ---- | C] ( ) -- C:\WINXP\System32\lxdncfg.exe [2006/10/11 18:58:30 | 000,563,712 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Moe\gotomypc_370.exe [2006/02/08 15:13:19 | 003,167,744 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Moe\gosetup.exe [2006/01/21 01:40:40 | 000,563,712 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Moe\370_gotomypc.exe [2005/08/11 11:36:20 | 000,483,401 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Moe\gotomypc.exe ========== Files - Modified Within 30 Days ========== [2011/10/31 00:49:16 | 804,704,256 | -HS- | M] () -- C:\hiberfil.sys [2011/10/30 20:47:41 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat [2011/10/30 20:47:29 | 000,153,976 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT [2011/10/26 18:03:13 | 000,000,370 | RHS- | M] () -- C:\boot.ini [2011/10/26 18:00:40 | 000,000,318 | ---- | M] () -- C:\WINXP\System32\$winnt$.inf [2011/10/24 17:12:36 | 2306,569,248 | -HS- | M] () -- C:\WINXP\System32\drivers\fidbox.dat [2011/10/24 17:12:36 | 030,244,864 | -HS- | M] () -- C:\WINXP\System32\drivers\fidbox.idx [2011/10/22 23:57:00 | 000,000,970 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-854245398-1004UA.job [2011/10/22 23:36:00 | 000,000,880 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job [2011/10/22 17:26:42 | 001,660,488 | ---- | M] () -- C:\Program Files\Ace WINScreen.rar [2011/10/22 15:10:27 | 000,000,998 | ---- | M] () -- C:\Documents and Settings\Moe\Desktop\magicJack.lnk [2011/10/22 12:57:01 | 000,000,918 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-854245398-1004Core.job [2011/10/22 12:40:00 | 000,000,486 | ---- | M] () -- C:\WINXP\tasks\Ad-Aware Update (Weekly).job [2011/10/22 00:36:01 | 000,000,876 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job [2011/10/21 18:49:00 | 000,013,002 | ---- | M] () -- C:\WINXP\System32\wpa.dbl [2011/10/21 18:48:54 | 000,350,210 | ---- | M] () -- C:\WINXP\System32\vsconfig.xml [2011/10/19 21:28:06 | 000,001,198 | -H-- | M] () -- C:\Documents and Settings\Moe\My Documents\Default.rdp [2011/10/16 14:07:26 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerCPLApp.cpl [2011/10/13 13:51:12 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Moe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/10/13 13:51:12 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Mozilla Firefox.lnk [2011/10/13 13:51:11 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Mozilla Firefox.lnk [2011/10/06 19:02:00 | 000,002,248 | ---- | M] () -- C:\Documents and Settings\Moe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/10/06 19:01:57 | 000,002,270 | ---- | M] () -- C:\Documents and Settings\Moe\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2100/02/23 13:35:34 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat [2100/02/08 14:53:34 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini [2011/10/24 17:10:31 | 804,704,256 | -HS- | C] () -- C:\hiberfil.sys [2011/10/22 17:26:39 | 001,660,488 | ---- | C] () -- C:\Program Files\Ace WINScreen.rar [2011/10/13 13:51:12 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Moe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/10/13 13:51:12 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Mozilla Firefox.lnk [2011/10/13 13:51:11 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Mozilla Firefox.lnk [2011/05/12 07:10:30 | 000,291,864 | ---- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\census.cache [2011/05/12 07:09:26 | 000,262,705 | ---- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\ars.cache [2011/05/11 13:09:06 | 000,005,694 | -HS- | C] () -- C:\Documents and Settings\All Users.WINXP\Application Data\8d3477s2b521076 [2011/05/11 13:09:05 | 000,005,694 | -HS- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\8d3477s2b521076 [2011/04/19 23:15:42 | 000,815,104 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll [2011/04/19 23:15:41 | 000,180,224 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll [2011/01/24 01:06:10 | 000,256,512 | ---- | C] () -- C:\WINXP\PEV.exe [2011/01/24 01:06:10 | 000,098,816 | ---- | C] () -- C:\WINXP\sed.exe [2011/01/24 01:06:10 | 000,089,088 | ---- | C] () -- C:\WINXP\MBR.exe [2011/01/24 01:06:10 | 000,080,412 | ---- | C] () -- C:\WINXP\grep.exe [2011/01/24 01:06:10 | 000,068,096 | ---- | C] () -- C:\WINXP\zip.exe [2011/01/16 19:17:42 | 000,102,400 | ---- | C] () -- C:\WINXP\RegBootClean.exe [2011/01/16 00:56:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\housecall.guid.cache [2011/01/11 17:18:28 | 000,001,437 | ---- | C] () -- C:\WINXP\ydownloaderlibpr.INI [2010/02/17 18:30:53 | 000,000,026 | ---- | C] () -- C:\WINXP\refsdm.dll [2010/02/17 17:29:09 | 000,000,299 | ---- | C] () -- C:\WINXP\winsrvm.dll [2010/02/17 17:29:09 | 000,000,001 | ---- | C] () -- C:\WINXP\dwatson.dll [2010/02/17 17:13:55 | 000,000,006 | ---- | C] () -- C:\WINXP\client.dll [2010/02/17 17:13:53 | 000,000,019 | ---- | C] () -- C:\WINXP\MCLDR.dll [2010/02/14 23:50:49 | 000,253,952 | ---- | C] () -- C:\WINXP\ddedll.dll [2009/12/17 18:14:30 | 000,000,070 | ---- | C] () -- C:\WINXP\MediaManager.INI [2009/12/17 16:53:02 | 000,007,207 | R--- | C] () -- C:\WINXP\Disktool.INI [2009/12/17 16:53:02 | 000,006,399 | R--- | C] () -- C:\WINXP\fwupgrade.ini [2009/12/17 16:53:02 | 000,003,677 | R--- | C] () -- C:\WINXP\PlaySnd.INI [2009/05/24 13:36:13 | 2306,569,248 | -HS- | C] () -- C:\WINXP\System32\drivers\fidbox.dat [2009/04/15 22:19:12 | 000,000,000 | ---- | C] () -- C:\WINXP\nsreg.dat [2009/03/31 14:37:34 | 000,000,056 | -H-- | C] () -- C:\WINXP\System32\ezsidmv.dat [2008/11/02 18:10:45 | 000,000,043 | ---- | C] () -- C:\WINXP\ib.ini [2008/11/02 04:00:33 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat [2008/09/25 17:48:51 | 000,040,960 | ---- | C] () -- C:\WINXP\System32\lxdnvs.dll [2008/09/25 17:48:43 | 000,348,160 | ---- | C] () -- C:\WINXP\System32\lxdncoin.dll [2008/09/25 17:46:36 | 000,782,336 | ---- | C] () -- C:\WINXP\System32\lxdndrs.dll [2008/09/25 17:46:36 | 000,081,920 | ---- | C] () -- C:\WINXP\System32\lxdncaps.dll [2008/09/25 17:46:35 | 000,069,632 | ---- | C] () -- C:\WINXP\System32\lxdncnv4.dll [2008/09/25 17:44:24 | 000,012,288 | ---- | C] () -- C:\WINXP\System32\LXF3PMRC.DLL [2008/09/25 17:38:20 | 000,000,044 | ---- | C] () -- C:\WINXP\System32\lxdnrwrd.ini [2008/09/25 17:37:57 | 000,348,160 | ---- | C] () -- C:\WINXP\System32\LXDNinst.dll [2008/09/25 17:37:51 | 000,208,896 | ---- | C] () -- C:\WINXP\System32\lxdngrd.dll [2008/02/29 16:08:08 | 000,024,840 | ---- | C] () -- C:\WINXP\System32\drivers\swmsflt.sys [2008/02/15 15:26:01 | 000,000,008 | RH-- | C] () -- C:\Documents and Settings\Moe\hwid [2008/02/15 13:42:12 | 000,027,136 | ---- | C] () -- C:\WINXP\toFront.dll [2008/02/15 13:42:12 | 000,026,624 | ---- | C] () -- C:\WINXP\GetIe.dll [2007/10/16 13:19:04 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Moe\g2mdlhlpx.exe [2007/03/13 22:32:48 | 000,000,035 | ---- | C] () -- C:\WINXP\LMDUJBQ.INI [2006/12/31 23:37:18 | 000,000,038 | ---- | C] () -- C:\WINXP\iltwain.ini [2006/10/27 22:47:06 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Moe\log.dat [2006/10/08 18:14:37 | 000,000,502 | ---- | C] () -- C:\Documents and Settings\Moe\bookies.xml [2006/09/06 07:44:27 | 000,000,182 | ---- | C] () -- C:\WINXP\System32\EBPPORT.DAT [2006/07/18 17:54:01 | 000,000,144 | ---- | C] () -- C:\WINXP\gvcasinos.ini [2006/07/17 16:19:48 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Moe\PUTTY.RND [2006/06/20 14:39:07 | 000,000,053 | ---- | C] () -- C:\WINXP\zbj22.ini [2006/04/10 11:18:12 | 000,008,784 | ---- | C] () -- C:\WINXP\System32\ractrlkeyhook.dll [2006/03/21 13:11:58 | 000,000,000 | ---- | C] () -- C:\WINXP\VPC32.INI [2005/11/08 20:25:12 | 000,107,520 | ---- | C] () -- C:\WINXP\System32\UnCasino5.exe [2005/10/28 14:25:47 | 000,000,059 | ---- | C] () -- C:\WINXP\ANS2000.INI [2005/10/28 14:25:47 | 000,000,020 | -H-- | C] () -- C:\WINXP\akebook.ini [2005/10/28 14:25:47 | 000,000,004 | -H-- | C] () -- C:\WINXP\a3kebook.ini [2005/09/23 23:03:41 | 000,000,227 | ---- | C] () -- C:\WINXP\ARKS-FAC.INI [2005/09/23 23:03:35 | 000,000,000 | ---- | C] () -- C:\WINXP\ARK-LOCK.DAT [2005/08/12 17:57:09 | 003,596,288 | ---- | C] () -- C:\WINXP\System32\qt-dx331.dll [2005/07/11 21:00:06 | 000,040,960 | ---- | C] () -- C:\WINXP\uneng.exe [2005/07/03 00:17:31 | 000,003,134 | ---- | C] () -- C:\WINXP\cdplayer.ini [2005/06/22 16:56:20 | 000,072,192 | ---- | C] () -- C:\WINXP\System32\zlib.dll [2005/06/21 20:17:52 | 000,000,052 | ---- | C] () -- C:\WINXP\winros.ini [2005/06/20 21:58:52 | 000,004,569 | ---- | C] () -- C:\WINXP\System32\secupd.dat [2005/06/19 22:54:46 | 000,001,252 | ---- | C] () -- C:\WINXP\ODBC.INI [2005/06/19 22:54:30 | 000,000,037 | ---- | C] () -- C:\WINXP\Server.INI [2005/06/15 18:46:12 | 000,000,043 | ---- | C] () -- C:\WINXP\WALLSTRT.INI [2005/06/14 21:04:16 | 000,000,000 | ---- | C] () -- C:\WINXP\OPPRIN~1.INI [2005/06/08 18:00:00 | 000,360,448 | ---- | C] () -- C:\WINXP\System32\fmtkit60.dll [2005/06/06 13:21:01 | 000,000,064 | ---- | C] () -- C:\WINXP\eFaxView.ini [2005/06/03 18:55:53 | 000,032,768 | ---- | C] () -- C:\WINXP\BBUninstall.exe [2005/05/30 14:24:35 | 000,000,044 | ---- | C] () -- C:\WINXP\System32\msssc.dll [2005/05/29 23:52:14 | 000,000,061 | ---- | C] () -- C:\WINXP\URLPROXY.INI [2005/05/26 18:33:18 | 000,004,212 | -H-- | C] () -- C:\WINXP\System32\zllictbl.dat [2005/05/26 18:19:41 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/05/26 18:03:18 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat [2005/05/26 17:54:14 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat [2005/05/26 13:07:51 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI [2005/05/26 13:06:09 | 000,153,976 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT [2005/05/26 13:01:09 | 000,000,006 | ---- | C] () -- C:\WINXP\System32\rasmon.bin [2005/05/26 13:01:09 | 000,000,004 | -H-- | C] () -- C:\WINXP\System32\ddefact.bin [2003/11/13 21:38:26 | 000,086,016 | ---- | C] () -- C:\WINXP\System32\ati2evxx.dll [2003/11/13 21:36:54 | 000,385,024 | ---- | C] () -- C:\WINXP\System32\ati2evxx.exe [2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINXP\lsb_un20.exe [2002/03/10 17:36:14 | 000,012,288 | ---- | C] () -- C:\WINXP\System32\impborl.dll [2001/10/12 06:42:52 | 000,032,768 | ---- | C] () -- C:\WINXP\System32\LXARICO.DLL [2001/10/12 06:42:50 | 000,000,643 | ---- | C] () -- C:\WINXP\LEXSTAT.INI [2001/08/18 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINXP\System32\oembios.bin [2001/08/18 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINXP\System32\mlang.dat [2001/08/18 10:00:00 | 000,434,676 | ---- | C] () -- C:\WINXP\System32\perfh009.dat [2001/08/18 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINXP\System32\perfi009.dat [2001/08/18 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINXP\System32\dssec.dat [2001/08/18 10:00:00 | 000,152,576 | ---- | C] () -- C:\WINXP\System32\qasf.dll [2001/08/18 10:00:00 | 000,068,750 | ---- | C] () -- C:\WINXP\System32\perfc009.dat [2001/08/18 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINXP\System32\mib.bin [2001/08/18 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINXP\System32\perfd009.dat [2001/08/18 10:00:00 | 000,027,440 | ---- | C] () -- C:\WINXP\System32\drivers\secdrv.sys [2001/08/18 10:00:00 | 000,004,461 | ---- | C] () -- C:\WINXP\System32\oembios.dat [2001/08/18 10:00:00 | 000,001,420 | ---- | C] () -- C:\WINXP\System32\Dcache.bin [2001/08/18 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINXP\System32\noise.dat [2001/07/20 09:48:06 | 000,008,116 | ---- | C] () -- C:\Program Files\OSLO3071b2.USB [2001/01/18 14:55:22 | 000,131,584 | ---- | C] () -- C:\WINXP\System32\Ptlic32.exe [2000/12/05 14:56:34 | 000,114,688 | ---- | C] () -- C:\Program Files\lxarscan.dll [2000/01/11 11:50:48 | 000,000,047 | ---- | C] () -- C:\Program Files\ACMonitor_X73.ini ========== LOP Check ========== [2011/01/15 21:08:46 | 000,000,000 | ---D | M] -- C:\WINXP\system32\config\systemprofile\Application Data\Application Updater [2009/04/19 18:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.N-66I8K7FUN69C1.000\Application Data\VCOM [2008/09/08 15:58:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Moe\Application Data\.# [2010/11/15 13:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\acccore [2005/06/10 14:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Aim [2005/11/08 19:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Alien Skin [2005/07/05 13:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Allume Systems [2008/07/22 17:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\AtomPark [2008/08/27 18:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Aurora Web Editor [2011/03/25 22:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\eBookPro6 [2011/02/07 20:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\FEXTrader [2009/04/28 15:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\FLVPlayer2700 [2009/09/01 15:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\GlobalSCAPE [2008/08/22 18:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Good Keywords v2 [2010/09/15 18:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\HTML Executable [2009/05/22 18:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\IBP [2005/07/11 15:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\ICQ [2007/01/22 23:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\iMesh [2005/05/30 14:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\InterVideo [2008/06/24 07:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\iolo [2008/08/29 21:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\KompoZer [2008/09/25 18:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Lexmark Productivity Studio [2009/05/24 13:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\MailFrontier [2011/04/10 18:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Maxthon3 [2007/03/21 13:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Microgaming [2007/01/12 21:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\MindTerm [2011/10/22 15:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\mjusbsp [2009/08/25 14:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\MyLogoMaker [2010/09/16 19:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\NCH Swift Sound [2005/09/07 17:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Novosoft [2009/07/27 19:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\OpenCube Inc [2009/11/10 13:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\PADGen [2009/02/01 14:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Rbet [2009/04/01 20:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Sierra Wireless [2007/07/08 18:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Stilesoft [2005/07/28 01:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Tenebril [2008/08/29 19:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Trellian [2008/10/19 19:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Uniblue [2005/06/15 18:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\VCOM [2008/06/02 17:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\08lJQ [2008/06/02 17:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\1Bpg9VMaiQ40s [2008/05/29 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\1BS57MeaiQ40s [2009/05/14 09:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\1stWorks [2010/11/15 13:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\AIM [2008/05/29 19:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\cWTQ4y84iQ40sXrXpS0 [2009/09/01 15:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\GlobalSCAPE [2005/10/12 01:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Insight Software Solutions [2011/01/15 21:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\IObit [2008/06/24 07:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\iolo [2011/10/12 10:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\LogMeIn [2011/09/29 21:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\magicJack [2007/09/20 21:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\MailFrontier [2010/08/08 19:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\MGS [2008/10/07 19:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Microgaming [2010/09/16 19:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\NCH Swift Sound [2005/10/02 15:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\RoboForm [2010/02/17 15:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Save Data [2010/09/16 19:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\TEMP [2010/09/16 19:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\TuneClone [2008/06/02 16:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\YOcTEDCHiQ40sXrX [2011/10/22 12:40:00 | 000,000,486 | ---- | M] () -- C:\WINXP\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== < End of report > Thanks!!! Shawn P.S: Thanks RandyL for the reply regarding the "Registry Recovery" procedure. Good to know that I won't lose any of my installed programs. if I have to do this.
  11. The repair installation recommendation recommended by Starbuck kind of hit a brick wall, as I mentioned above. I even tried running a Kaspersky Rescue CD on it to get any viruses out - it found a couple, but I'm still having the same Lsass.exe error when I try to boot :-( Starbuck, can you give me any more assistance on that "repair install" procedure? What about the option of ding a repair using the "Recovery Console"... would that help? Thanks! Shawn P.S: Goku, does following that "registry recovery" procedure make you lose any of your data, or installed programs?
  12. I'm sorry to be a nag, but would you have any other advice for me Starbuck? I'm so dead right now! Thanks Shawn
  13. Thanks Starbuck, well here's what happened: it did the Repair process up to Step 8, after it completed Step 8 it said it would do a re-boot and continue on with the Setup. During the reboot, it gave 3 choices of OS's to boot from: Microsoft Windows in C:\WINXP Microsoft Windows Recovery Console Microsoft Windows in C:\WINXP (please note that before I did have 2 OS's - the one I would always use was C:\WINXP. There was another one installed in C:\WINDOWS but that was corrupted from years before and I just left it there) Anyway, the first one of the 3 above was automatically highlighed and it did the reboot using that. It proceeded to a sort of "blue screen" looking window that said "Setup is continuing", with progress dots following. After that screen it brought up a black screen with the cursor arrow in the middle. This looked good and I was expecting it to come up with the "Windows" logo and proceed, but it then quickly flashed a "blue screen" of some sort with a short message at the upper left which I did not have time to read, then it self re-booted again. Next time, I selected the OS choice in the middle "Microsoft Windows Recovery Console", but this didn't get very far as it quickly gave a black screen message something about a file NTDRL or something. I rebooted again and chose the 3rd OS option (Microsoft Windows in C:\WINXP"), but this option just ultimately gave the LSASS.EXE error message again. So it looks like I'm stuck again Starbuck! Shawn
  14. Thanks for the reply Starbuck - yes I have all the original installation CD's that came with the laptop (years ago!): - Compaq Operating System CD - Compaq Restore CD - Compaq Application Restore CD Thanks! Shawn
  15. No I never tried that Goku, although I have come across it while googling. That looks like a HELL of a procedure... I'm hoping that's a last resort.
  16. Thanks for the reply Randy. OK, I just tried and I couldn't do it. It came up with the little "Safe Mode" things on each on the 4 corners, but then gave that same message as before: Lsass.exe - "when trying to update a password, this return status indicates that the value provided as the current password is not correct" ... bummer! Thanks Shawn
  17. Would anyone have any thoughts on this? I'm dead in the water! Cheers Shawn
  18. Hi everyone, I've got an old Compaq Presario laptop running XP Home (SP2) that certainly is well past its Best Before date, but cheap like I am, I'm trying to squeeze some more use out of. Today when I tried to boot up, it gave this message as it was just starting to bring Windows up: lsass.exe - "An invalid parameter was passed to a service or function" ... followed by an OK button. When clicked, it just goes back to booting up and then gives this error over again. I do have a "BartPE" CD that has saved my ass numerous times and hoped that it would do so again. I booted up using that and once in that environment did a full CHKDSK \R. It indeed found some corrupted crap that it rectified, then I attempted to boot again. This time it was again an Lsass error, but with a different message: Lsass.exe - "when trying to update a password, this return status indicates that the value provided as the current password is not correct" ... and it won't allow me to get any further than that. Googling around I found a site that said it could be a virus and it suggested to click START then RUN and type in a certain command ("shutdown -a") during the 60 seconds before the virus shuts your system down again - but I never get as far as being able to access START, so maybe it's not that virus. Any thoughts please anyone? Thanks! Shawn
  19. OK, MBAM seems to have fixed it, phew. I'm gonna run TrendMicro HouseCall tonight, the do another backup, then try deleting that old Windows directory - folder by folder. Thanks! Shawn
  20. ah cripes, now I got a new problem to worry about on this same laptop - this IKW.EXE virus has appeared. It poses as a Windows XP antivirus thing and shows a window doing a fake "scan". I deleted the running ikw.exe file from my task manager, but it's making it difficult to launch any programs now - a window will come up saying "what program do you wish to run to launch this program...", and show the choice of programs or "Browse". I tried to launch Malwarebytes and this window came up so I browsed to my malwarebytes folder and chose the mbam.exe file. Luckily, I can run it and am doing so now. Hope it can find it and clean it out. Should Malwarebytes clean it up for me, or do you have any other suggestions Starbuck? Sorry to throw this at you too - there's always something eh. I make one step forward, then another back. Thanks Shawn P.S: I'm on my other PC right now writing this.
  21. Didn't try that, as there's about 40 subfolders and I hoped to get them all with one fell swoop. I'll try deleting them individually and see how that goes then. If the files are protected, is there a way to un-protect them? Thanks Shawn
  22. Hi Starbuck, I just tried to delete that WINDOWS folder from Windows Explorer... it came up with the normal "Deleting..." window briefly, but then the window disappeared. It doesn't look like anything got deleted. RandyL - but I already have my functional Windows XP in the folder C:\WINXP. Still, you think it's dangerous though? Thanks Shawn
  23. so green light to go ahead and delete that folder then? I'll get round to that tonight or this weekend. Speaking of freeing up HD space, in my C: root folder, there's 2 huge huge files: pagefile.sys - 1.2 gigs hiberfil.sys - 800 megs Can we do anything with them? Thanks Shawn
  24. Starbuck, the fellow who helped me a few years back actually physically mailed me a recovery CD... and from that CD I installed a fresh copy of XP. If there's a recovery partition on this computer, I haven't seen it. I've just got the C: hard drive and D: is the CD drive. Thanks Shawn
  • Create New...