Jump to content

Recommended Posts

Posted

Hi everyone, I've got an old Compaq Presario laptop running XP Home (SP2) that certainly is well past its Best Before date, but cheap like I am, I'm trying to squeeze some more use out of. Today when I tried to boot up, it gave this message as it was just starting to bring Windows up:

 

lsass.exe - "An invalid parameter was passed to a service or function"

 

... followed by an OK button. When clicked, it just goes back to booting up and then gives this error over again. I do have a "BartPE" CD that has saved my ass numerous times and hoped that it would do so again. I booted up using that and once in that environment did a full CHKDSK \R.

It indeed found some corrupted crap that it rectified, then I attempted to boot again. This time it was again an Lsass error, but with a different message:

 

Lsass.exe - "when trying to update a password, this return status indicates that the value provided as the current password is not correct"

 

... and it won't allow me to get any further than that. Googling around I found a site that said it could be a virus and it suggested to click START then RUN and type in a certain command ("shutdown -a") during the 60 seconds before the virus shuts your system down again - but I never get as far as being able to access START, so maybe it's not that virus. Any thoughts please anyone?

 

Thanks!

Shawn

  • Replies 34
  • Created
  • Last Reply

Top Posters In This Topic

Posted
This could be a virus as you said. Can you boot into safemode?

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted

Thanks for the reply Randy. OK, I just tried and I couldn't do it. It came up with the little "Safe Mode" things on each on the 4 corners, but then gave that same message as before:

 

Lsass.exe - "when trying to update a password, this return status indicates that the value provided as the current password is not correct"

 

... bummer!

 

Thanks

Shawn

Posted
I think we better let our malware experts take a look at this before going on. I'll let them know.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted
No I never tried that Goku, although I have come across it while googling. That looks like a HELL of a procedure... I'm hoping that's a last resort.
Posted

Thanks for the reply Starbuck - yes I have all the original installation CD's that came with the laptop (years ago!):

 

- Compaq Operating System CD

- Compaq Restore CD

- Compaq Application Restore CD

 

Thanks!

Shawn

Posted

Hi Shawnh,

 

I'm assuming that the Compaq Operating System CD is very much like the Windows operating disc.

I think your best course of action is a repair install:

 

a repair installation does not alter any programs or data, other than Windows XP itself.

 

Follow the instructions in the following link, it'll explain everything in detail.

After reading each page, just click on 'Next' to move on to the following page.

 

http://pcsupport.about.com/od/operatingsystems/ss/instxprepair1.htm

 

Let us know how things go.

Member of:

UNITE

Posted

Thanks Starbuck, well here's what happened: it did the Repair process up to Step 8, after it completed Step 8 it said it would do a re-boot and continue on with the Setup. During the reboot, it gave 3 choices of OS's to boot from:

 

Microsoft Windows in C:\WINXP

Microsoft Windows Recovery Console

Microsoft Windows in C:\WINXP

 

(please note that before I did have 2 OS's - the one I would always use was C:\WINXP. There was another one installed in C:\WINDOWS but that was corrupted from years before and I just left it there)

 

Anyway, the first one of the 3 above was automatically highlighed and it did the reboot using that. It proceeded to a sort of "blue screen" looking window that said "Setup is continuing", with progress dots following. After that screen it brought up a black screen with the cursor arrow in the middle. This looked good and I was expecting it to come up with the "Windows" logo and proceed, but it then quickly flashed a "blue screen" of some sort with a short message at the upper left which I did not have time to read, then it self re-booted again.

 

Next time, I selected the OS choice in the middle "Microsoft Windows Recovery Console", but this didn't get very far as it quickly gave a black screen message something about a file NTDRL or something. I rebooted again and chose the 3rd OS option (Microsoft Windows in C:\WINXP"), but this option just ultimately gave the LSASS.EXE error message again.

 

So it looks like I'm stuck again Starbuck!

 

Shawn

Posted
You could try what Goku suggested.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted

The repair installation recommendation recommended by Starbuck kind of hit a brick wall, as I mentioned above. I even tried running a Kaspersky Rescue CD on it to get any viruses out - it found a couple, but I'm still having the same Lsass.exe error when I try to boot :-(

 

Starbuck, can you give me any more assistance on that "repair install" procedure? What about the option of ding a repair using the "Recovery Console"... would that help?

 

Thanks!

Shawn

 

P.S: Goku, does following that "registry recovery" procedure make you lose any of your data, or installed programs?

Posted
does following that "registry recovery" procedure make you lose any of your data, or installed programs?

No it will not. You will still have everything.

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

Posted

Hi shawnh

 

Sorry for the delay in responding to you.

 

Because Lsass.exe serves as the Local Security Authentication Server by Microsoft, Inc and is responsible for the enforcement of the security policy within the operating system,

I wanted to try and see if we could repair this using the repair install option.

As it hasn't happened, it may well be related to malware.

Without the system booting up properly this obviously causes us a few problems.

 

Let's see if we can get a report using a PE environment.

You will need to use another system to download the program and transfer it to a disc.

I assume you haven't backed up all your data from the 'bad' system and that's why you asked about the 'Registry Recovery' and losing data.

By using the following program, it will not only produce a report of the system, it will also allow you to backup anything that you require, just in case we have no option but to do a full reinstall.

 

Please print these instruction out so that you know what you are doing

 

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your bad system using the boot CD you just created.

.

Note : If you do not know how to set your computer to boot from CD follow the steps here

  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
    .
     
  • Your system should now display a Reatogo desktop.
  • Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS now.
  • Please post the contents of the C:\OTL.txt file in your reply.

Member of:

UNITE

Posted

Thanks so much Starbuck. OK, I followed your instructions and noted a few things along the way:

 

- After I downloaded OTLPENet.exe, I doubleclicked OTLPENet.exe, not OTLPEStd.exe. I wasn't sure what you meant by OTLPEStd.exe

- When I invoked OTLPE from the REATOGO environment, it only asked: ""Do you wish to load remote user profile(s) for scanning"". I clicked YES, and it

displayed a list of other "users", I guess. The first one was highlighted and the checkbox "Automatically Load All Remaining Users" was checked so I just clicked OK.

- it then displayed a window saying "One of the files containing the system's Registry data had to be recovered by use of a log or

alternate copy. The recovery was successful". I clicked OK on that.

- I then ran OTLPE with the default settings and clicked "Run Scan". It completed pretty quick (10-15 mins)... is that normal? here is the report below:

 

 

OTL logfile created on: 11/1/2011 7:11:22 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

767.00 Mb Total Physical Memory | 547.00 Mb Available Physical Memory | 71.00% Memory free

707.00 Mb Paging File | 584.00 Mb Available in Paging File | 83.00% Paging File free

Paging file location(s): c:\pagefile.sys 1152 2304 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files

Drive C: | 27.95 Gb Total Space | 6.07 Gb Free Space | 21.72% Space Free | Partition Type: NTFS

Drive D: | 1.92 Gb Total Space | 0.55 Gb Free Space | 28.47% Space Free | Partition Type: FAT

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet003

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto] -- -- (PEVSystemStart)

SRV - File not found [Auto] -- -- (LMIGuardianSvc)

SRV - File not found [Auto] -- -- (Irmon)

SRV - File not found [Disabled] -- -- (HidServ)

SRV - File not found [On_Demand] -- -- (AppMgmt)

SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINXP\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2007/12/05 05:18:59 | 000,594,600 | ---- | M] ( ) [Auto] -- C:\WINXP\System32\lxdncoms.exe -- (lxdn_device)

SRV - [2007/12/05 05:18:53 | 000,098,984 | ---- | M] () [Auto] -- C:\WINXP\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)

SRV - [2006/03/21 10:30:26 | 000,368,724 | ---- | M] (Atheros) [Auto] -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exe -- (ACS)

SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

SRV - [2001/10/03 20:21:52 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto] -- C:\WINXP\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | Boot] -- -- (tclondrv)

DRV - File not found [Kernel | On_Demand] -- -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)

DRV - File not found [Kernel | On_Demand] -- -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)

DRV - File not found [Kernel | On_Demand] -- -- (SWMX00) Sierra Wireless USB MUX Driver (#00)

DRV - File not found [Kernel | On_Demand] -- -- (Rasirda) WAN Miniport (IrDA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand] -- -- (mxDisk)

DRV - File not found [Kernel | Auto] -- -- (LXARScan)

DRV - File not found [Kernel | On_Demand] -- -- (LMImirr)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [File_System | Boot] -- -- (Lbd)

DRV - File not found [Kernel | On_Demand] -- -- (Lavasoft Kernexplorer)

DRV - File not found [Kernel | Auto] -- -- (irda)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | Boot] -- -- (fytnbit)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - [2010/02/23 09:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)

DRV - [2010/02/23 09:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)

DRV - [2010/02/23 09:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)

DRV - [2010/02/23 09:51:48 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)

DRV - [2009/04/23 15:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)

DRV - [2009/02/15 23:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINXP\system32\vsdatant.sys -- (vsdatant)

DRV - [2008/12/11 21:32:42 | 000,148,496 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\WINXP\system32\drivers\klif.sys -- (KLIF)

DRV - [2008/11/17 01:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot] -- C:\WINXP\system32\ZoneLabs\srescan.sys -- (srescan)

DRV - [2008/02/29 16:08:08 | 000,024,840 | ---- | M] () [Kernel | On_Demand] -- C:\WINXP\System32\drivers\swmsflt.sys -- (swmsflt)

DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\winusb.sys -- (winusb)

DRV - [2006/05/19 17:16:24 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINXP\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2006/05/19 17:16:24 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINXP\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2006/05/16 01:37:44 | 000,999,968 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\ar5416.sys -- (AR5416)

DRV - [2004/02/23 08:40:38 | 000,014,976 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto] -- C:\WINXP\system32\drivers\portd2k.sys -- (portD)

DRV - [2003/11/13 21:47:00 | 000,640,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2003/11/08 02:00:02 | 001,063,040 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2003/11/08 02:00:02 | 000,631,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/08 02:00:02 | 000,196,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2001/08/18 10:00:00 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\HSF_MSFT.sys -- (hsf_msft)

DRV - [2001/08/18 10:00:00 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\HSF_BSC2.sys -- (basic2)

DRV - [2001/08/18 10:00:00 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\HSF_SAMP.sys -- (Rksample)

DRV - [2001/08/16 21:20:34 | 000,028,396 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINXP\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Administrator.N-66I8K7FUN69C1.000_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\LocalService.NT_AUTHORITY.000_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\LogMeInRemoteUser.N-66I8K7FUN69C1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm

IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]

IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\Moe_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\Moe_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Moe_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\Moe_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = <local>

 

IE - HKU\NetworkService.NT_AUTHORITY.000_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINXP\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/07/04 17:20:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/13 13:51:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011/10/13 13:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

 

O1 HOSTS File: ([2001/08/18 10:00:00 | 000,000,734 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKU\Moe_ON_C\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4 - HKLM..\Run: [PrinTray] C:\WINXP\system32\spool\drivers\w32x86\3\printray.exe (Lexmark)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKU\Moe_ON_C..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - Startup: C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\wirelesscm.exe (D-Link)

O4 - Startup: C:\Documents and Settings\Moe\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Administrator.N-66I8K7FUN69C1.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService.NT_AUTHORITY.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LogMeInRemoteUser.N-66I8K7FUN69C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LogMeInRemoteUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Moe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\Moe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\Moe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\NetworkService.NT_AUTHORITY.000_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)

O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\Icq.exe (ICQ Inc.)

O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe ()

O9 - Extra 'Tools' menuitem : Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINXP\system32\nwprovau.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/04/08 22:47:00 | 000,000,018 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/11/20 19:36:58 | 000,000,000 | ---D | M] - C:\autoresponder -- [ NTFS ]

O32 - AutoRun File - [2009/10/13 15:51:20 | 000,000,000 | ---D | M] - C:\AutoResponsePlus -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (sprestrt) - C:\WINXP\System32\sprestrt.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (sprestrt) - C:\WINXP\System32\sprestrt.exe (Microsoft Corporation)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2100/02/08 15:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe

[2012/04/13 16:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Moe\Start Menu\Programs\Push-Button Option Trader

[2012/04/13 16:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Push-Button Option Trader

[2011/10/30 12:31:48 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2011/10/23 12:59:14 | 000,000,000 | -HSD | C] -- C:\found.003

[2011/10/20 20:39:47 | 000,000,000 | -HSD | C] -- C:\found.002

[2011/10/13 13:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011/10/12 12:14:17 | 000,000,000 | ---D | C] -- C:\FirefoxBookmarks

[2011/10/12 10:34:38 | 000,000,000 | ---D | C] -- C:\Eastlink

[2009/04/20 15:06:15 | 000,262,144 | ---- | C] (ZoneAlarm) -- C:\Program Files\Uninstall Spy Blocker.dll

[2008/09/25 17:37:57 | 000,438,272 | ---- | C] ( ) -- C:\WINXP\System32\LXDNhcp.dll

[2008/09/25 17:37:56 | 000,364,544 | ---- | C] ( ) -- C:\WINXP\System32\lxdninpa.dll

[2008/09/25 17:37:56 | 000,339,968 | ---- | C] ( ) -- C:\WINXP\System32\lxdniesc.dll

[2008/09/25 17:37:55 | 001,101,824 | ---- | C] ( ) -- C:\WINXP\System32\lxdnserv.dll

[2008/09/25 17:37:55 | 000,843,776 | ---- | C] ( ) -- C:\WINXP\System32\lxdnusb1.dll

[2008/09/25 17:37:54 | 000,647,168 | ---- | C] ( ) -- C:\WINXP\System32\lxdnpmui.dll

[2008/09/25 17:37:54 | 000,569,344 | ---- | C] ( ) -- C:\WINXP\System32\lxdnlmpm.dll

[2008/09/25 17:37:54 | 000,053,248 | ---- | C] ( ) -- C:\WINXP\System32\lxdnprox.dll

[2008/09/25 17:37:52 | 000,320,168 | ---- | C] ( ) -- C:\WINXP\System32\lxdnih.exe

[2008/09/25 17:37:51 | 000,663,552 | ---- | C] ( ) -- C:\WINXP\System32\lxdnhbn3.dll

[2008/09/25 17:37:49 | 000,851,968 | ---- | C] ( ) -- C:\WINXP\System32\lxdncomc.dll

[2008/09/25 17:37:49 | 000,594,600 | ---- | C] ( ) -- C:\WINXP\System32\lxdncoms.exe

[2008/09/25 17:37:49 | 000,376,832 | ---- | C] ( ) -- C:\WINXP\System32\lxdncomm.dll

[2008/09/25 17:37:48 | 000,365,224 | ---- | C] ( ) -- C:\WINXP\System32\lxdncfg.exe

[2006/10/11 18:58:30 | 000,563,712 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Moe\gotomypc_370.exe

[2006/02/08 15:13:19 | 003,167,744 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Moe\gosetup.exe

[2006/01/21 01:40:40 | 000,563,712 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Moe\370_gotomypc.exe

[2005/08/11 11:36:20 | 000,483,401 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Moe\gotomypc.exe

 

========== Files - Modified Within 30 Days ==========

 

[2011/10/31 00:49:16 | 804,704,256 | -HS- | M] () -- C:\hiberfil.sys

[2011/10/30 20:47:41 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat

[2011/10/30 20:47:29 | 000,153,976 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT

[2011/10/26 18:03:13 | 000,000,370 | RHS- | M] () -- C:\boot.ini

[2011/10/26 18:00:40 | 000,000,318 | ---- | M] () -- C:\WINXP\System32\$winnt$.inf

[2011/10/24 17:12:36 | 2306,569,248 | -HS- | M] () -- C:\WINXP\System32\drivers\fidbox.dat

[2011/10/24 17:12:36 | 030,244,864 | -HS- | M] () -- C:\WINXP\System32\drivers\fidbox.idx

[2011/10/22 23:57:00 | 000,000,970 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-854245398-1004UA.job

[2011/10/22 23:36:00 | 000,000,880 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job

[2011/10/22 17:26:42 | 001,660,488 | ---- | M] () -- C:\Program Files\Ace WINScreen.rar

[2011/10/22 15:10:27 | 000,000,998 | ---- | M] () -- C:\Documents and Settings\Moe\Desktop\magicJack.lnk

[2011/10/22 12:57:01 | 000,000,918 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-2111687655-854245398-1004Core.job

[2011/10/22 12:40:00 | 000,000,486 | ---- | M] () -- C:\WINXP\tasks\Ad-Aware Update (Weekly).job

[2011/10/22 00:36:01 | 000,000,876 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job

[2011/10/21 18:49:00 | 000,013,002 | ---- | M] () -- C:\WINXP\System32\wpa.dbl

[2011/10/21 18:48:54 | 000,350,210 | ---- | M] () -- C:\WINXP\System32\vsconfig.xml

[2011/10/19 21:28:06 | 000,001,198 | -H-- | M] () -- C:\Documents and Settings\Moe\My Documents\Default.rdp

[2011/10/16 14:07:26 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerCPLApp.cpl

[2011/10/13 13:51:12 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Moe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/10/13 13:51:12 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Mozilla Firefox.lnk

[2011/10/13 13:51:11 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Mozilla Firefox.lnk

[2011/10/06 19:02:00 | 000,002,248 | ---- | M] () -- C:\Documents and Settings\Moe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/10/06 19:01:57 | 000,002,270 | ---- | M] () -- C:\Documents and Settings\Moe\Desktop\Google Chrome.lnk

 

========== Files Created - No Company Name ==========

 

[2100/02/23 13:35:34 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat

[2100/02/08 14:53:34 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini

[2011/10/24 17:10:31 | 804,704,256 | -HS- | C] () -- C:\hiberfil.sys

[2011/10/22 17:26:39 | 001,660,488 | ---- | C] () -- C:\Program Files\Ace WINScreen.rar

[2011/10/13 13:51:12 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Moe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2011/10/13 13:51:12 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Desktop\Mozilla Firefox.lnk

[2011/10/13 13:51:11 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Mozilla Firefox.lnk

[2011/05/12 07:10:30 | 000,291,864 | ---- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\census.cache

[2011/05/12 07:09:26 | 000,262,705 | ---- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\ars.cache

[2011/05/11 13:09:06 | 000,005,694 | -HS- | C] () -- C:\Documents and Settings\All Users.WINXP\Application Data\8d3477s2b521076

[2011/05/11 13:09:05 | 000,005,694 | -HS- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\8d3477s2b521076

[2011/04/19 23:15:42 | 000,815,104 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll

[2011/04/19 23:15:41 | 000,180,224 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll

[2011/01/24 01:06:10 | 000,256,512 | ---- | C] () -- C:\WINXP\PEV.exe

[2011/01/24 01:06:10 | 000,098,816 | ---- | C] () -- C:\WINXP\sed.exe

[2011/01/24 01:06:10 | 000,089,088 | ---- | C] () -- C:\WINXP\MBR.exe

[2011/01/24 01:06:10 | 000,080,412 | ---- | C] () -- C:\WINXP\grep.exe

[2011/01/24 01:06:10 | 000,068,096 | ---- | C] () -- C:\WINXP\zip.exe

[2011/01/16 19:17:42 | 000,102,400 | ---- | C] () -- C:\WINXP\RegBootClean.exe

[2011/01/16 00:56:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\housecall.guid.cache

[2011/01/11 17:18:28 | 000,001,437 | ---- | C] () -- C:\WINXP\ydownloaderlibpr.INI

[2010/02/17 18:30:53 | 000,000,026 | ---- | C] () -- C:\WINXP\refsdm.dll

[2010/02/17 17:29:09 | 000,000,299 | ---- | C] () -- C:\WINXP\winsrvm.dll

[2010/02/17 17:29:09 | 000,000,001 | ---- | C] () -- C:\WINXP\dwatson.dll

[2010/02/17 17:13:55 | 000,000,006 | ---- | C] () -- C:\WINXP\client.dll

[2010/02/17 17:13:53 | 000,000,019 | ---- | C] () -- C:\WINXP\MCLDR.dll

[2010/02/14 23:50:49 | 000,253,952 | ---- | C] () -- C:\WINXP\ddedll.dll

[2009/12/17 18:14:30 | 000,000,070 | ---- | C] () -- C:\WINXP\MediaManager.INI

[2009/12/17 16:53:02 | 000,007,207 | R--- | C] () -- C:\WINXP\Disktool.INI

[2009/12/17 16:53:02 | 000,006,399 | R--- | C] () -- C:\WINXP\fwupgrade.ini

[2009/12/17 16:53:02 | 000,003,677 | R--- | C] () -- C:\WINXP\PlaySnd.INI

[2009/05/24 13:36:13 | 2306,569,248 | -HS- | C] () -- C:\WINXP\System32\drivers\fidbox.dat

[2009/04/15 22:19:12 | 000,000,000 | ---- | C] () -- C:\WINXP\nsreg.dat

[2009/03/31 14:37:34 | 000,000,056 | -H-- | C] () -- C:\WINXP\System32\ezsidmv.dat

[2008/11/02 18:10:45 | 000,000,043 | ---- | C] () -- C:\WINXP\ib.ini

[2008/11/02 04:00:33 | 000,000,664 | ---- | C] () -- C:\WINXP\System32\d3d9caps.dat

[2008/09/25 17:48:51 | 000,040,960 | ---- | C] () -- C:\WINXP\System32\lxdnvs.dll

[2008/09/25 17:48:43 | 000,348,160 | ---- | C] () -- C:\WINXP\System32\lxdncoin.dll

[2008/09/25 17:46:36 | 000,782,336 | ---- | C] () -- C:\WINXP\System32\lxdndrs.dll

[2008/09/25 17:46:36 | 000,081,920 | ---- | C] () -- C:\WINXP\System32\lxdncaps.dll

[2008/09/25 17:46:35 | 000,069,632 | ---- | C] () -- C:\WINXP\System32\lxdncnv4.dll

[2008/09/25 17:44:24 | 000,012,288 | ---- | C] () -- C:\WINXP\System32\LXF3PMRC.DLL

[2008/09/25 17:38:20 | 000,000,044 | ---- | C] () -- C:\WINXP\System32\lxdnrwrd.ini

[2008/09/25 17:37:57 | 000,348,160 | ---- | C] () -- C:\WINXP\System32\LXDNinst.dll

[2008/09/25 17:37:51 | 000,208,896 | ---- | C] () -- C:\WINXP\System32\lxdngrd.dll

[2008/02/29 16:08:08 | 000,024,840 | ---- | C] () -- C:\WINXP\System32\drivers\swmsflt.sys

[2008/02/15 15:26:01 | 000,000,008 | RH-- | C] () -- C:\Documents and Settings\Moe\hwid

[2008/02/15 13:42:12 | 000,027,136 | ---- | C] () -- C:\WINXP\toFront.dll

[2008/02/15 13:42:12 | 000,026,624 | ---- | C] () -- C:\WINXP\GetIe.dll

[2007/10/16 13:19:04 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Moe\g2mdlhlpx.exe

[2007/03/13 22:32:48 | 000,000,035 | ---- | C] () -- C:\WINXP\LMDUJBQ.INI

[2006/12/31 23:37:18 | 000,000,038 | ---- | C] () -- C:\WINXP\iltwain.ini

[2006/10/27 22:47:06 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\Moe\log.dat

[2006/10/08 18:14:37 | 000,000,502 | ---- | C] () -- C:\Documents and Settings\Moe\bookies.xml

[2006/09/06 07:44:27 | 000,000,182 | ---- | C] () -- C:\WINXP\System32\EBPPORT.DAT

[2006/07/18 17:54:01 | 000,000,144 | ---- | C] () -- C:\WINXP\gvcasinos.ini

[2006/07/17 16:19:48 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Moe\PUTTY.RND

[2006/06/20 14:39:07 | 000,000,053 | ---- | C] () -- C:\WINXP\zbj22.ini

[2006/04/10 11:18:12 | 000,008,784 | ---- | C] () -- C:\WINXP\System32\ractrlkeyhook.dll

[2006/03/21 13:11:58 | 000,000,000 | ---- | C] () -- C:\WINXP\VPC32.INI

[2005/11/08 20:25:12 | 000,107,520 | ---- | C] () -- C:\WINXP\System32\UnCasino5.exe

[2005/10/28 14:25:47 | 000,000,059 | ---- | C] () -- C:\WINXP\ANS2000.INI

[2005/10/28 14:25:47 | 000,000,020 | -H-- | C] () -- C:\WINXP\akebook.ini

[2005/10/28 14:25:47 | 000,000,004 | -H-- | C] () -- C:\WINXP\a3kebook.ini

[2005/09/23 23:03:41 | 000,000,227 | ---- | C] () -- C:\WINXP\ARKS-FAC.INI

[2005/09/23 23:03:35 | 000,000,000 | ---- | C] () -- C:\WINXP\ARK-LOCK.DAT

[2005/08/12 17:57:09 | 003,596,288 | ---- | C] () -- C:\WINXP\System32\qt-dx331.dll

[2005/07/11 21:00:06 | 000,040,960 | ---- | C] () -- C:\WINXP\uneng.exe

[2005/07/03 00:17:31 | 000,003,134 | ---- | C] () -- C:\WINXP\cdplayer.ini

[2005/06/22 16:56:20 | 000,072,192 | ---- | C] () -- C:\WINXP\System32\zlib.dll

[2005/06/21 20:17:52 | 000,000,052 | ---- | C] () -- C:\WINXP\winros.ini

[2005/06/20 21:58:52 | 000,004,569 | ---- | C] () -- C:\WINXP\System32\secupd.dat

[2005/06/19 22:54:46 | 000,001,252 | ---- | C] () -- C:\WINXP\ODBC.INI

[2005/06/19 22:54:30 | 000,000,037 | ---- | C] () -- C:\WINXP\Server.INI

[2005/06/15 18:46:12 | 000,000,043 | ---- | C] () -- C:\WINXP\WALLSTRT.INI

[2005/06/14 21:04:16 | 000,000,000 | ---- | C] () -- C:\WINXP\OPPRIN~1.INI

[2005/06/08 18:00:00 | 000,360,448 | ---- | C] () -- C:\WINXP\System32\fmtkit60.dll

[2005/06/06 13:21:01 | 000,000,064 | ---- | C] () -- C:\WINXP\eFaxView.ini

[2005/06/03 18:55:53 | 000,032,768 | ---- | C] () -- C:\WINXP\BBUninstall.exe

[2005/05/30 14:24:35 | 000,000,044 | ---- | C] () -- C:\WINXP\System32\msssc.dll

[2005/05/29 23:52:14 | 000,000,061 | ---- | C] () -- C:\WINXP\URLPROXY.INI

[2005/05/26 18:33:18 | 000,004,212 | -H-- | C] () -- C:\WINXP\System32\zllictbl.dat

[2005/05/26 18:19:41 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/05/26 18:03:18 | 000,002,048 | --S- | C] () -- C:\WINXP\bootstat.dat

[2005/05/26 17:54:14 | 000,021,640 | ---- | C] () -- C:\WINXP\System32\emptyregdb.dat

[2005/05/26 13:07:51 | 000,004,073 | ---- | C] () -- C:\WINXP\ODBCINST.INI

[2005/05/26 13:06:09 | 000,153,976 | ---- | C] () -- C:\WINXP\System32\FNTCACHE.DAT

[2005/05/26 13:01:09 | 000,000,006 | ---- | C] () -- C:\WINXP\System32\rasmon.bin

[2005/05/26 13:01:09 | 000,000,004 | -H-- | C] () -- C:\WINXP\System32\ddefact.bin

[2003/11/13 21:38:26 | 000,086,016 | ---- | C] () -- C:\WINXP\System32\ati2evxx.dll

[2003/11/13 21:36:54 | 000,385,024 | ---- | C] () -- C:\WINXP\System32\ati2evxx.exe

[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINXP\lsb_un20.exe

[2002/03/10 17:36:14 | 000,012,288 | ---- | C] () -- C:\WINXP\System32\impborl.dll

[2001/10/12 06:42:52 | 000,032,768 | ---- | C] () -- C:\WINXP\System32\LXARICO.DLL

[2001/10/12 06:42:50 | 000,000,643 | ---- | C] () -- C:\WINXP\LEXSTAT.INI

[2001/08/18 10:00:00 | 013,107,200 | ---- | C] () -- C:\WINXP\System32\oembios.bin

[2001/08/18 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINXP\System32\mlang.dat

[2001/08/18 10:00:00 | 000,434,676 | ---- | C] () -- C:\WINXP\System32\perfh009.dat

[2001/08/18 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINXP\System32\perfi009.dat

[2001/08/18 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINXP\System32\dssec.dat

[2001/08/18 10:00:00 | 000,152,576 | ---- | C] () -- C:\WINXP\System32\qasf.dll

[2001/08/18 10:00:00 | 000,068,750 | ---- | C] () -- C:\WINXP\System32\perfc009.dat

[2001/08/18 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINXP\System32\mib.bin

[2001/08/18 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINXP\System32\perfd009.dat

[2001/08/18 10:00:00 | 000,027,440 | ---- | C] () -- C:\WINXP\System32\drivers\secdrv.sys

[2001/08/18 10:00:00 | 000,004,461 | ---- | C] () -- C:\WINXP\System32\oembios.dat

[2001/08/18 10:00:00 | 000,001,420 | ---- | C] () -- C:\WINXP\System32\Dcache.bin

[2001/08/18 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINXP\System32\noise.dat

[2001/07/20 09:48:06 | 000,008,116 | ---- | C] () -- C:\Program Files\OSLO3071b2.USB

[2001/01/18 14:55:22 | 000,131,584 | ---- | C] () -- C:\WINXP\System32\Ptlic32.exe

[2000/12/05 14:56:34 | 000,114,688 | ---- | C] () -- C:\Program Files\lxarscan.dll

[2000/01/11 11:50:48 | 000,000,047 | ---- | C] () -- C:\Program Files\ACMonitor_X73.ini

 

========== LOP Check ==========

 

[2011/01/15 21:08:46 | 000,000,000 | ---D | M] -- C:\WINXP\system32\config\systemprofile\Application Data\Application Updater

[2009/04/19 18:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.N-66I8K7FUN69C1.000\Application Data\VCOM

[2008/09/08 15:58:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Moe\Application Data\.#

[2010/11/15 13:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\acccore

[2005/06/10 14:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Aim

[2005/11/08 19:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Alien Skin

[2005/07/05 13:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Allume Systems

[2008/07/22 17:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\AtomPark

[2008/08/27 18:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Aurora Web Editor

[2011/03/25 22:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\eBookPro6

[2011/02/07 20:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\FEXTrader

[2009/04/28 15:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\FLVPlayer2700

[2009/09/01 15:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\GlobalSCAPE

[2008/08/22 18:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Good Keywords v2

[2010/09/15 18:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\HTML Executable

[2009/05/22 18:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\IBP

[2005/07/11 15:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\ICQ

[2007/01/22 23:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\iMesh

[2005/05/30 14:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\InterVideo

[2008/06/24 07:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\iolo

[2008/08/29 21:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\KompoZer

[2008/09/25 18:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Lexmark Productivity Studio

[2009/05/24 13:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\MailFrontier

[2011/04/10 18:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Maxthon3

[2007/03/21 13:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Microgaming

[2007/01/12 21:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\MindTerm

[2011/10/22 15:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\mjusbsp

[2009/08/25 14:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\MyLogoMaker

[2010/09/16 19:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\NCH Swift Sound

[2005/09/07 17:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Novosoft

[2009/07/27 19:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\OpenCube Inc

[2009/11/10 13:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\PADGen

[2009/02/01 14:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Rbet

[2009/04/01 20:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Sierra Wireless

[2007/07/08 18:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Stilesoft

[2005/07/28 01:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Tenebril

[2008/08/29 19:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Trellian

[2008/10/19 19:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\Uniblue

[2005/06/15 18:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Moe\Application Data\VCOM

[2008/06/02 17:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\08lJQ

[2008/06/02 17:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\1Bpg9VMaiQ40s

[2008/05/29 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\1BS57MeaiQ40s

[2009/05/14 09:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\1stWorks

[2010/11/15 13:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\AIM

[2008/05/29 19:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\cWTQ4y84iQ40sXrXpS0

[2009/09/01 15:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\GlobalSCAPE

[2005/10/12 01:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Insight Software Solutions

[2011/01/15 21:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\IObit

[2008/06/24 07:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\iolo

[2011/10/12 10:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\LogMeIn

[2011/09/29 21:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\magicJack

[2007/09/20 21:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\MailFrontier

[2010/08/08 19:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\MGS

[2008/10/07 19:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Microgaming

[2010/09/16 19:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\NCH Swift Sound

[2005/10/02 15:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\RoboForm

[2010/02/17 15:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\Save Data

[2010/09/16 19:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\TEMP

[2010/09/16 19:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\TuneClone

[2008/06/02 16:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\YOcTEDCHiQ40sXrX

[2011/10/22 12:40:00 | 000,000,486 | ---- | M] () -- C:\WINXP\Tasks\Ad-Aware Update (Weekly).job

 

========== Purity Check ==========

 

 

< End of report >

 

 

 

Thanks!!!

Shawn

 

P.S: Thanks RandyL for the reply regarding the "Registry Recovery" procedure. Good to know that I won't lose any of my installed programs. if I have to do this.

Posted

Hi shawnh

 

I then ran OTLPE with the default settings and clicked "Run Scan". It completed pretty quick (10-15 mins)... is that normal?

It's not as quick as when OTL is run on a Windows system, but the report is fine.

 

Microsoft Windows XP (Version = 5.1.2600)

Are you running on the original Win XP.... no services packs??

Member of:

UNITE

Posted

Hi shawnh,

 

are you still with me Starbuck?

Yep, still here, just got in from work.

 

I'm pretty sure I had Service Pack 2 on there

I was thinking about that today, i know what's happened now.

Because we ran the repair install, it reverted back to the original version of the OS.

When you get an internet connection for 'Windows' you'll need to get all the windows updates again.

 

Did that OTL report find any bad stuff?

It found some bad entries dating back quite awhile.

But nothing to suggest the problems you are currently experiencing.

I'll go through the report again and double check again before posting a fix.

 

So should I just go maybe ahead with that Registry Recovery procedure that Goku suggested

Wait until i've posted the fix, this will clear off all the old bad entries and will tidy things up a bit.

If after running the fix, nothing has changed.... then we'll try out the procedure that Goku suggested.

 

Back in about 15 mins, after i've double checked the report.

Member of:

UNITE

Posted

Thanks Starbuck!

 

Yeah I guess the repair install I attempted rolled everything back to the original version of XP.... even though it never did complete the repair install, it would get partways then reboot by itself.

Posted

Hi shawnh,

 

Open Notepad - it must be Notepad, not Wordpad.

Copy the text below in the code box by highlighting all the text and pressing Ctrl+C

:otl
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Moe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Moe_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
[2011/05/11 13:09:06 | 000,005,694 | -HS- | C] () -- C:\Documents and Settings\All Users.WINXP\Application Data\8d3477s2b521076
[2011/05/11 13:09:05 | 000,005,694 | -HS- | C] () -- C:\Documents and Settings\Moe\Local Settings\Application Data\8d3477s2b521076
[2005/10/28 14:25:47 | 000,000,059 | ---- | C] () -- C:\WINXP\ANS2000.INI
[2005/10/28 14:25:47 | 000,000,020 | -H-- | C] () -- C:\WINXP\akebook.ini
[2005/10/28 14:25:47 | 000,000,004 | -H-- | C] () -- C:\WINXP\a3kebook.ini
[2008/06/02 17:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\08lJQ
[2008/06/02 17:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\1Bpg9VMaiQ40s
[2008/05/29 21:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\1BS57MeaiQ40s
[2008/05/29 19:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\cWTQ4y84iQ40sXrXpS0
[2008/06/02 16:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINXP\Application Data\YOcTEDCHiQ40sXrX

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

Go to the Notepad window and click Edit >> Paste

Then click File >> Save

Name the file fix.txt ...( notepad will add the .txt, so just save as fix)

Save the file to a USB stick.

 

Start OTLPE as you did previously from CD

 

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible

 

If you still can't get 'Windows' to run after this.... then try the procedure that Goku recommended.

If it's still a 'no go' after that, we may have to consider a full reinstall.

If it comes to that, make sure you have saved everything that you need from the system as everything will be wiped out.

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...