JammingJapanSumoSoul Posted August 19, 2010 ID:302255 Share Posted August 19, 2010 Occasionally when I start up my laptop and enter my password on the profile screen, it takes me to a basic set-up with standard wallpaper and all my files bar firefox, IE and a few other icons have disappeared. If I go to the start menu all the programs installed on my machine are still there and if I do a search, I can find all the files. This problem goes away if I do a system restore and tends to happen after I update my virus software (Kaspersky) or after a windows updae it seems to happen a lot. Today I tried to run Malwarebytes quick and full scan but it stopped for some reason, the quick scan stopped after 6-8 minutes and the full scan after 1 hour and 45 minutes (give or take). Any recommendations? What should I run next and post and I can't post a Malwarebytes scan (I did the renaming trick too).This has been a bit of an on-going problem but it's got worse recently. I have previously run my Kaspersky scan and Malwaregytes and they both have never picked up anything nasty at all.Thanks Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 19, 2010 Author ID:302265 Share Posted August 19, 2010 Occasionally when I start up my laptop and enter my password on the profile screen, it takes me to a basic set-up with standard wallpaper and all my files bar firefox, IE and a few other icons have disappeared. If I go to the start menu all the programs installed on my machine are still there and if I do a search, I can find all the files. This problem goes away if I do a system restore and tends to happen after I update my virus software (Kaspersky) or after a windows updae it seems to happen a lot. Today I tried to run Malwarebytes quick and full scan but it stopped for some reason, the quick scan stopped after 6-8 minutes and the full scan after 1 hour and 45 minutes (give or take). Any recommendations? What should I run next and post and I can't post a Malwarebytes scan (I did the renaming trick too).This has been a bit of an on-going problem but it's got worse recently. I have previously run my Kaspersky scan and Malwaregytes and they both have never picked up anything nasty at all.ThanksI've read the what to do thread and I'll do all that tonight and try post the results later. Re-installed MWB but it always says it encountered a problem and has to stop. Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 19, 2010 Author ID:302310 Share Posted August 19, 2010 I've read the what to do thread and I'll do all that tonight and try post the results later. Re-installed MWB but it always says it encountered a problem and has to stop.OK, I've tried MWB again, definitely not running through. I have Super Anit Spyware installed as well and that won't start up. When I try a full scan with Kaspersky, the laptop shuts down after about 5 minutes into the scan. I tried to open the computer in safe mode and it won't let me. A blue screen comes up with an error warning and says the process has been stopped for the laptop's safety, that can't be good.I am about to try the defogger and the other thing recommended in the try first thread. Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 19, 2010 Author ID:302331 Share Posted August 19, 2010 Here are the two logs. I tried to run GMER Rootkit scanner but the computer crashed!!"Windows has been shut down to protect your computer etcetc"STOP 0x00000003 (0x00000003, 0x82C6FB98, 0x82C6FD06, 0x805FB146) They were the codes I saw. Log Files of DDSDDS (Ver_10-03-17.01)Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume1Install Date: 3/24/2007 3:44:04 AMSystem Uptime: 8/19/2010 8:21:39 PM (0 hours ago)Motherboard: TOSHIBA | | Satellite L100Processor: Genuine Intel® CPU T1350 @ 1.86GHz | U2E1 | 1862/133mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 56 GiB total, 7.355 GiB free.==== Disabled Device Manager Items ================= System Restore Points ===================RP595: 5/17/2010 8:21:42 AM - System CheckpointRP596: 5/21/2010 8:34:22 AM - System CheckpointRP597: 5/22/2010 7:52:42 PM - System CheckpointRP598: 5/27/2010 10:51:12 PM - System CheckpointRP599: 5/28/2010 12:22:37 AM - Software Distribution Service 3.0RP600: 5/29/2010 8:59:09 AM - System CheckpointRP601: 6/1/2010 9:50:48 PM - System CheckpointRP602: 6/2/2010 10:23:24 PM - System CheckpointRP603: 6/4/2010 9:02:02 AM - System CheckpointRP604: 6/5/2010 8:32:35 AM - Software Distribution Service 3.0RP605: 6/7/2010 1:25:33 PM - System CheckpointRP606: 6/9/2010 8:11:57 AM - Software Distribution Service 3.0RP607: 6/10/2010 10:37:57 PM - System CheckpointRP608: 6/14/2010 9:13:12 PM - System CheckpointRP609: 6/15/2010 11:44:47 PM - System CheckpointRP610: 6/17/2010 9:49:14 PM - Software Distribution Service 3.0RP611: 6/21/2010 12:47:54 PM - System CheckpointRP612: 6/23/2010 9:36:21 PM - System CheckpointRP613: 6/23/2010 9:57:33 PM - Software Distribution Service 3.0RP614: 6/26/2010 8:21:52 PM - System CheckpointRP615: 6/27/2010 9:32:22 PM - System CheckpointRP616: 6/29/2010 9:03:19 PM - System CheckpointRP617: 7/1/2010 11:35:06 PM - System CheckpointRP618: 7/5/2010 9:23:51 PM - System CheckpointRP619: 7/11/2010 9:39:32 AM - System CheckpointRP620: 7/12/2010 3:07:22 PM - Installed QuickTimeRP621: 7/14/2010 12:48:21 PM - System CheckpointRP622: 7/15/2010 7:38:19 AM - Software Distribution Service 3.0RP623: 7/15/2010 9:49:39 PM - Restore OperationRP624: 7/16/2010 9:37:40 PM - Software Distribution Service 3.0RP625: 7/17/2010 10:49:18 PM - Configured VeohTV BETARP626: 7/21/2010 8:20:29 AM - System CheckpointRP627: 7/22/2010 11:24:21 PM - System CheckpointRP628: 7/25/2010 9:52:44 PM - System CheckpointRP629: 7/29/2010 10:39:46 PM - Installed iTunesRP630: 7/31/2010 9:25:08 PM - System CheckpointRP631: 8/2/2010 9:04:15 PM - System CheckpointRP632: 8/3/2010 9:37:29 PM - Software Distribution Service 3.0RP633: 8/8/2010 5:48:14 PM - System CheckpointRP634: 8/9/2010 7:15:02 PM - System CheckpointRP635: 8/11/2010 9:16:45 PM - Software Distribution Service 3.0RP636: 8/12/2010 7:46:47 AM - Software Distribution Service 3.0RP637: 8/13/2010 11:43:27 AM - System CheckpointRP638: 8/14/2010 7:29:06 PM - System CheckpointRP639: 8/16/2010 7:38:24 PM - System CheckpointRP640: 8/17/2010 7:58:52 AM - Restore OperationRP641: 8/19/2010 7:20:10 AM - Restore OperationRP642: 8/19/2010 9:22:57 AM - Restore OperationRP643: 8/19/2010 8:39:17 PM - Installed Java 6 Update 21==== Installed Programs ======================Adobe Flash Player 10 PluginAdobe Flash Player ActiveXAdobe Reader 7.0.9Adobe Reader Japanese FontsAdobe Shockwave PlayerApple Application SupportApple Mobile Device SupportApple Software UpdateAutoUpdateAviSynth 2.5BonjourBUFFALO Disk ManagerBUFFALO eco????? for HDBUFFALO INC. DISK FORMATTERBUFFALO SecureLock +GuardBUFFALO TurboUSB for FLASH/HDDCANON iMAGE GATEWAY ?????? MP610Canon MP Navigator EX 1.0Canon MP610 seriesCanon Utilities Easy-PhotoPrint EXCanon Utilities Solution MenuCanon ?? ????CCleanerCD/DVD Drive Acoustic SilencerCMS-V19Conexant HD AudioCritical Update for Windows Media Player 11 (KB959772)DefragglerDigiBookBrowser Version 0.8.3.0DigiBookToolsDivX CodecDivX ConverterDivX PlayerDivX Web PlayerDVD-RAM DriverFINALDATA2007 ????? ???Google ChromeGoogle DesktopHDAUDIO Soft Data Fax Modem with SmartCPHigh Definition Audio Driver Package - KB888111HijackThis 2.0.2Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB954708)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)ImageMixer 3 SE Ver.3iMi?????Intel® Graphics Media Accelerator DriverIntel® PROSet/Wireless SoftwareInterVideo WinDVD Creator 2InterVideo WinDVD for TOSHIBAiTunesJ2SE Runtime Environment 5.0 Update 11J2SE Runtime Environment 5.0 Update 6Java Auto UpdaterJava 6 Update 2Java 6 Update 21Java 6 Update 3Java 6 Update 5Java 6 Update 7Java SE Runtime Environment 6 Update 1Junk Mail filter updateKaspersky Internet Security 2010Kaspersky Online ScannerLiveUpdate 2.6 (Symantec Corporation)Malwarebytes' Anti-MalwaremCoremDrWiFimHelpMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft AppLocaleMicrosoft Choice GuardMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office 2000 SR-1 ProfessionalMicrosoft Office OneNote 2003Microsoft Search Enhancement PackMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Windows Application Compatibility DatabasemIWAmLogViewmMHouseMobileMe Control PanelMozilla Firefox (3.5.11)mPfMgrmPfWizmProSafeMSVCRTMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)mWlsSafemXMLmZConfigOneCare Advisor (Windows Live Toolbar)OpenOffice.org Installer 1.0PC Tune-UpPopup Blocker (Windows Live Toolbar)QkbfiltrQuickTimeRealPlayerREALTEK Gigabit and Fast Ethernet NIC DriverSafariSecurity Update for CAPICOM (KB931906)Security Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB937143)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB969897)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB972260)Security Update for Windows Internet Explorer 8 (KB974455)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Segoe UISkype web featuresSkype? 4.1Smart Menus (Windows Live Toolbar)Sonic DLASUPERAntiSpyware Free EditionSynaptics Pointing Device DriverTeLL me More CJTOSHIBA AssistTOSHIBA ConfigFreeToshiba Hotkey UtilityTOSHIBA PC Diagnostic ToolTOSHIBA Power SaverTOSHIBA Speech System ApplicationsTOSHIBA Speech System SR Engine(U.S.) Version1.0TOSHIBA Speech System TTS Engine(U.S.) Version1.0Toshiba Touchpad UtilityToshiba UtilityTOSHIBA Zooming UtilityTouch and LaunchUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 8 (KB969497)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB976749)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB961503)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)VideoLAN VLC media player 0.8.6bVideora iPod Converter 5.03Visual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01WebFldrs XPWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 7Windows Internet Explorer 8Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live Favorites for Windows Live ToolbarWindows Live MailWindows Live MessengerWindows Live OneCare safety scannerWindows Live Outlook Toolbar (Windows Live Toolbar)Windows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live ToolbarWindows Live Toolbar Extension (Windows Live Toolbar)Windows Live Toolbar Feed Detector (Windows Live Toolbar)Windows Live Upload ToolWindows Live WriterWindows Media Format 11 runtimeWindows Media Player 11Windows XP Service Pack 3Yahoo! Browser ServicesYahoo! Install ManagerYahoo! Internet MailYouTube Downloader App 2.03????????Lite??????????????????PLUS?????????????CD????????? for Canon????????????????Lite==== Event Viewer Messages From Past Week ========8/19/2010 8:52:05 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file explorer.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.8/15/2010 9:56:02 AM, error: Service Control Manager [7022] - The Kaspersky Internet Security service hung on starting.8/15/2010 10:03:15 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.8/14/2010 9:20:43 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.8/14/2010 8:39:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd8/13/2010 12:01:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.8/12/2010 4:39:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001636C103EC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).8/12/2010 12:38:01 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.==== End Of File ===========================DDS (Ver_10-03-17.01) - NTFSx86 Run by inadmin at 20:43:13.15 on 08/19/2010 ThuInternet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.502.211 [GMT 9:00]AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Toshiba\Windows Utilities\Hotkey.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Synaptics\SynTP\Toshiba.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exeC:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\igfxext.exeC:\WINDOWS\system32\RAMASST.exeC:\WINDOWS\system32\igfxsrvc.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\NTTW\FletsConnectionTool\fct.exeC:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\TPSBattM.exeC:\WINDOWS\system32\msiexec.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\conime.exeC:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\inadmin\My Documents\Downloads\dds.com============== Pseudo HJT Report ===============uStart Page = hxxp://www.yahoo.co.jp/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = hxxp://pc.support.global.toshiba.com/uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar HelperBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dllBHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLLBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No FileTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No FileuRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\toscdspd.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exeuRun: [Google Update] "c:\documents and settings\inadmin\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgroundmRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exemRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"mRun: [smoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXEmRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang enmRun: [PadTouch] "c:\program files\toshiba\touch and launch\PadExe.exe"mRun: [TPSMain] TPSMain.exemRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/WirelessmRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNCmRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNCmRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMENamemRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [FCTICoUpd] c:\progra~1\nttw\fletsc~1\icoupd.exemRun: [CheckPoint Cleanup] c:\docume~1\inadmin\locals~1\temp\cpes_clean_launcher.exe c:\docume~1\inadmin\locals~1\temp\cpes_clean.exe -restarted -s -norebootmRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mExplorerRun: [FCTLoginWatcher] c:\progra~1\nttw\fletsc~1\FCToolW.exe -init -runStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.3\CameraMonitor.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exemPolicies-system: EnableLUA = 0 (0x0)IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htmIE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htmIE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htmIE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htmIE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dllIE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLIE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dllDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cabDPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cabDPF: {287C8635-2B41-11D2-8769-00000E4E0AD6} - hxxp://www.kitapri.net/pu2/inst/BFup.CABDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dllDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175758081656DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175758072781DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cabTCP: {D0CB6AC6-5359-4E3A-A5C5-55EA361D84F5} = 221.113.139.147 202.234.233.211Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dllNotify: fwMDialer - MultiDialerMain.dllNotify: igfxcui - igfxdev.dllNotify: klogon - c:\windows\system32\klogon.dllAppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dl c:\progra~1\kasper~1\kasper~1\kloehk.dll c:\progra~1\google\google~1\GOEC62~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\inadmin\applic~1\mozilla\firefox\profiles\5krapx2z.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - bbc.co.ukFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - component: c:\documents and settings\inadmin\application data\mozilla\firefox\profiles\5krapx2z.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dllFF - component: c:\documents and settings\inadmin\application data\mozilla\firefox\profiles\5krapx2z.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dllFF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dllFF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dllFF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dllFF - plugin: c:\documents and settings\inadmin\application data\mozilla\firefox\profiles\5krapx2z.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dllFF - plugin: c:\documents and settings\inadmin\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dllFF - plugin: c:\program files\tvuplayer\npTVUAx.dllFF - plugin: c:\program files\veetle\player\npvlc.dllFF - plugin: c:\program files\veetle\plugins\npVeetle.dllFF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}---- FIREFOX POLICIES ----FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Servicec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");============= SERVICES / DRIVERS ===============R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-5-24 128016]R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-7-4 296976]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-5-25 311680]R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-28 54752]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2009-6-8 17152]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-8 30192]S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-8-19 38224]S3 PAC7311;CMS-V19;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]=============== Created Last 30 ================2010-08-19 11:18:37 0 ----a-w- c:\documents and settings\inadmin\defogger_reenable2010-08-19 07:50:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-08-19 07:50:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-08-19 00:22:24 0 d-----w- c:\windows\system32\wbem\Repository2010-08-19 00:18:54 0 d-----w- c:\windows\system32\wbem\Repository.tmp2010-08-09 11:28:42 0 d-----w- c:\docume~1\inadmin\applic~1\Azureus2010-08-09 11:24:14 0 d-----w- c:\program files\Conduit2010-07-29 13:55:22 0 d-----w- c:\program files\iPod2010-07-29 13:54:57 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2010-07-29 13:54:56 0 d-----w- c:\program files\iTunes==================== Find3M ====================2010-07-30 12:40:39 97549 ----a-w- c:\windows\system32\drivers\klick.dat2010-07-30 12:40:39 113933 ----a-w- c:\windows\system32\drivers\klin.dat2010-07-16 20:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll2008-09-18 23:20:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091920080920\index.dat2009-07-04 00:20:51 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat============= FINISH: 20:44:58.15 =============== Link to post Share on other sites More sharing options...
Elise Posted August 20, 2010 ID:302836 Share Posted August 20, 2010 Hello , And My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. -----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)GMER log Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 20, 2010 Author ID:302841 Share Posted August 20, 2010 OTL logfile created on: 8/20/2010 11:22:32 PM - Run 1OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\inadmin\My Documents\DownloadsWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyyHere you go. The OTL scan502.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 41.00% Memory free1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File freePaging file location(s): C:\pagefile.sys 756 1512 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 55.88 Gb Total Space | 7.18 Gb Free Space | 12.85% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: CWIIANCCurrent User Name: inadminLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/08/20 23:22:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\inadmin\My Documents\Downloads\OTL.exePRC - [2010/07/31 09:18:11 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Chrome\Application\chrome.exePRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exePRC - [2010/03/18 21:51:23 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\inadmin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exePRC - [2009/09/19 23:52:48 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exePRC - [2008/09/16 17:52:18 | 001,209,776 | ---- | M] (???????????) -- C:\Program Files\NTTW\FletsConnectionTool\fct.exePRC - [2008/04/28 15:49:36 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exePRC - [2008/04/14 09:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2007/04/04 10:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXEPRC - [2006/01/28 07:13:58 | 001,589,248 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\TOSHIBA\Windows Utilities\Hotkey.exePRC - [2005/12/17 02:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exePRC - [2005/12/06 15:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exePRC - [2005/12/05 14:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exePRC - [2005/11/28 23:55:50 | 000,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exePRC - [2005/11/28 13:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exePRC - [2005/11/28 13:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exePRC - [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exePRC - [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exePRC - [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exePRC - [2005/10/06 22:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXEPRC - [2005/06/01 14:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exePRC - [2005/06/01 13:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exePRC - [2005/04/27 09:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exePRC - [2005/01/18 02:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exePRC - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exePRC - [2004/12/30 17:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exePRC - [2004/08/28 10:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exePRC - [2004/08/28 10:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe========== Modules (SafeList) ==========MOD - [2010/08/20 23:22:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\inadmin\My Documents\Downloads\OTL.exeMOD - [2008/04/14 09:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx========== Win32 Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)SRV - [2010/08/19 07:46:20 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)SRV - [2010/08/05 06:28:43 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)SRV - [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®SRV - [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®SRV - [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®SRV - [2005/01/18 02:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)SRV - [2005/01/14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)SRV - [2004/08/28 10:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)DRV - [2009/07/10 21:37:39 | 000,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)DRV - [2009/07/10 21:37:39 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)DRV - [2009/05/16 20:59:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)DRV - [2009/05/13 17:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)DRV - [2008/12/15 20:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)DRV - [2008/12/04 13:50:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)DRV - [2008/12/04 13:50:04 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)DRV - [2008/12/04 13:50:02 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)DRV - [2008/04/14 01:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)DRV - [2008/02/12 10:48:06 | 000,017,152 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bfturboh.sys -- (bfturboh)DRV - [2007/12/06 10:56:18 | 000,042,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PPPoEWin.SYS -- (PPPoEWin)DRV - [2006/01/13 09:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)DRV - [2005/12/30 00:20:38 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)DRV - [2005/12/17 02:15:06 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)DRV - [2005/12/05 11:55:30 | 001,428,096 | ---- | M] (Intel Link to post Share on other sites More sharing options...
Elise Posted August 20, 2010 ID:302864 Share Posted August 20, 2010 Hello again, for the time being, please do not do a system restore, as to not to confuse things. If you have a problem, just report it here. COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 21, 2010 Author ID:303112 Share Posted August 21, 2010 ComboFix 10-08-19.02 - inadmin 1/2010 Sat 9:03.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.502.200 [GMT 9:00]Running from: c:\documents and settings\inadmin\My Documents\Downloads\ComboFix.exeAV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\inadmin\Application Data\MSAc:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdbc:\windows\system32\Temp.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_TDSSSERV.SYS((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 ))))))))))))))))))))))))))))))).2010-08-19 07:50 . 2010-04-29 06:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-08-19 07:50 . 2010-04-29 06:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-08-19 00:22 . 2010-08-19 00:22 -------- d-----w- c:\windows\system32\wbem\Repository2010-08-19 00:18 . 2010-08-19 00:18 -------- d-----w- c:\windows\system32\wbem\Repository.tmp2010-08-18 22:10 . 2010-08-18 22:10 -------- d-----w- c:\documents and settings\TEMP.CWIIANC.009\IETldCache2010-08-18 21:59 . 2010-08-19 00:19 -------- d-s---w- c:\documents and settings\TEMP.CWIIANC.0092010-08-16 22:45 . 2010-08-19 00:18 -------- d-----w- c:\documents and settings\TEMP.CWIIANC.008\Local Settings\Application Data\Microsoft2010-08-16 22:39 . 2010-08-19 00:19 -------- d-s---w- c:\documents and settings\TEMP.CWIIANC.0082010-08-09 11:28 . 2010-08-19 07:33 -------- d-----w- c:\documents and settings\inadmin\Application Data\Azureus2010-08-09 11:24 . 2010-08-09 11:24 -------- d-----w- c:\documents and settings\inadmin\Local Settings\Application Data\Conduit2010-08-09 11:24 . 2010-08-09 11:24 -------- d-----w- c:\program files\Conduit2010-07-29 13:55 . 2010-07-29 13:55 -------- d-----w- c:\program files\iPod2010-07-29 13:54 . 2010-07-29 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2010-07-29 13:54 . 2010-07-29 14:14 -------- d-----w- c:\program files\iTunes.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-08-20 23:47 . 2007-11-04 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab2010-08-19 11:40 . 2010-08-19 11:40 503808 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11827ad7-n\msvcp71.dll2010-08-19 11:40 . 2010-08-19 11:40 499712 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11827ad7-n\jmc.dll2010-08-19 11:40 . 2010-08-19 11:40 61440 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-21e058a1-n\decora-sse.dll2010-08-19 11:40 . 2010-08-19 11:40 348160 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11827ad7-n\msvcr71.dll2010-08-19 11:40 . 2010-08-19 11:40 12800 ----a-w- c:\documents and settings\inadmin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-21e058a1-n\decora-d3d.dll2010-08-19 11:40 . 2006-02-06 21:36 -------- d-----w- c:\program files\Java2010-08-19 11:08 . 2007-11-03 12:16 -------- d-----w- c:\program files\TVAnts2010-08-19 11:05 . 2008-11-06 12:28 -------- d-----w- c:\program files\uTorrent2010-08-19 11:04 . 2007-05-04 02:09 -------- d-----w- c:\documents and settings\inadmin\Application Data\uTorrent2010-08-19 09:54 . 2009-01-13 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-08-18 22:46 . 2010-08-18 22:46 303376 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\avp.exe2010-08-18 22:46 . 2010-08-18 22:46 166416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\prloader.dll2010-08-18 22:45 . 2010-08-18 22:45 170584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\prloader.dll2010-08-18 22:45 . 2010-08-18 22:45 311680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\avp.exe2010-08-09 12:40 . 2010-08-09 12:39 4177856 ----a-w- c:\documents and settings\inadmin\Application Data\Azureus\plugins\azemp\vuzeplayer.exe2010-08-09 11:31 . 2010-08-09 11:31 310208 ----a-w- c:\documents and settings\inadmin\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe2010-08-06 03:29 . 2007-04-05 17:10 -------- d-----w- c:\program files\CCleaner2010-07-30 12:40 . 2009-07-04 00:15 97549 ----a-w- c:\windows\system32\drivers\klick.dat2010-07-30 12:40 . 2009-07-04 00:15 113933 ----a-w- c:\windows\system32\drivers\klin.dat2010-07-29 13:55 . 2008-02-06 15:56 -------- d-----w- c:\program files\Common Files\Apple2010-07-26 14:36 . 2007-04-15 12:00 -------- d-----w- c:\documents and settings\inadmin\Application Data\Skype2010-07-26 10:01 . 2009-07-26 10:31 -------- d-----w- c:\documents and settings\inadmin\Application Data\skypePM2010-07-21 07:30 . 2010-07-21 07:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe2010-07-17 13:54 . 2007-12-23 08:00 -------- d-----w- c:\program files\Free Internet Window Washer2010-07-17 13:51 . 2006-02-06 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information2010-07-17 13:44 . 2007-04-20 15:18 -------- d-----w- c:\program files\Yahoo!2010-07-16 20:00 . 2010-04-19 12:55 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-07-15 12:52 . 2010-07-15 12:52 -------- d-----w- c:\program files\QuickTime2010-07-15 12:52 . 2010-07-12 06:13 -------- d-----w- c:\program files\QuickTime(2)2010-07-06 14:21 . 2010-03-28 22:22 439816 ----a-w- c:\documents and settings\inadmin\Application Data\Real\Update\setup3.10\setup.exe2010-06-30 12:31 . 2006-02-06 12:57 149504 ----a-w- c:\windows\system32\schannel.dll2010-06-24 12:22 . 2006-02-06 12:57 916480 ----a-w- c:\windows\system32\wininet.dll2010-06-23 13:44 . 2006-02-06 12:57 1851904 ----a-w- c:\windows\system32\win32k.sys2010-06-21 15:27 . 2006-02-06 12:57 354304 ----a-w- c:\windows\system32\drivers\srv.sys2010-06-19 11:42 . 2010-06-19 11:42 5642000 ----a-w- c:\documents and settings\inadmin\Application Data\TVU Networks\TVU AutoUpgrade\TVUPlayer2.5.3.1.exe2010-06-17 14:03 . 2006-02-06 12:57 80384 ----a-w- c:\windows\system32\iccvid.dll2010-06-15 13:16 . 2010-06-15 13:16 129624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll2010-06-14 14:31 . 2006-02-06 21:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe2010-06-14 07:41 . 2006-02-06 12:57 1172480 ----a-w- c:\windows\system32\msxml3.dll2010-08-04 21:28 . 2007-05-07 23:26 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll2009-07-04 00:20 . 2009-07-04 00:20 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]"Google Update"="c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-31 133104][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 1589248]"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]"TPSMain"="TPSMain.exe" [2005-06-01 282624]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-04 30192]"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]"FCTICoUpd"="c:\progra~1\NTTW\FLETSC~1\icoupd.exe" [2007-12-14 83376]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-19 198160]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552][HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]"FCTLoginWatcher"="c:\progra~1\NTTW\FLETSC~1\FCToolW.exe" [2008-08-26 697776]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]ImageMixer 3 SE Camera Monitor Ver.3.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe [2009-10-10 253952]Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-7 155648][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2008-12-03 05:56 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fwMDialer]2008-03-02 15:58 94208 ----a-w- c:\windows\system32\MultiDialerMain.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@=""[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Documents and Settings\\inadmin\\Desktop\\Programs\\utorrent.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 1:50 PM 8944]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [6/8/2009 9:38 PM 17152]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/8/2007 8:25 AM 30192]S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/19/2010 4:50 PM 38224]S3 PAC7311;CMS-V19;c:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 11:48 AM 154752]S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408].Contents of the 'Scheduled Tasks' folder2010-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:34]2010-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507736718-1475498009-266197039-1006Core.job- c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-31 07:30]2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507736718-1475498009-266197039-1006UA.job- c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-31 07:30]..------- Supplementary Scan -------.uStart Page = hxxp://www.yahoo.co.jp/uDefault_Search_URL = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = hxxp://pc.support.global.toshiba.com/uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htmIE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htmIE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htmIE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htmTCP: {D0CB6AC6-5359-4E3A-A5C5-55EA361D84F5} = 221.113.139.147 202.234.233.211DPF: {287C8635-2B41-11D2-8769-00000E4E0AD6} - hxxp://www.kitapri.net/pu2/inst/BFup.CABDPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cabFF - ProfilePath - c:\documents and settings\inadmin\Application Data\Mozilla\Firefox\Profiles\5krapx2z.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - bbc.co.ukFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dllFF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dllFF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dllFF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dllFF - plugin: c:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dllFF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Servicec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);.- - - - ORPHANS REMOVED - - - -Notify-NavLogon - (no file)**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-08-21 09:17Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_USERS\.Default\RemoteAccess\Profile\?0??0?0 *IQ?0?0?0?0 *?0??0?0?`1X?0?0?0]"EnableAutodisconnect"=dword:00000000"DisconnectIdleTime"=dword:00000014"EnableExitDisconnect"=dword:00000000"RedialAttempts"=dword:0000000a"RedialWait"=dword:00000005[HKEY_USERS\S-1-5-21-507736718-1475498009-266197039-1006\RemoteAccess\Profile\?0??0?0 *IQ?0?0?0?0 *?0??0?0?`1X?0?0?0]"AutoConnect"=dword:00000000[HKEY_LOCAL_MACHINE\software\Classes\P*h*o*t*o*b*o*o*k* *D*e*s*i*g*n*e*r*??T\DefaultIcon]@="c:\\Program Files\\KITAMURA\\PGW\\ChokkoubinEXv1.exe,0"[HKEY_LOCAL_MACHINE\software\Classes\P*h*o*t*o*b*o*o*k* *D*e*s*i*g*n*e*r*??T\shell\open\command]@="c:\\Program Files\\KITAMURA\\PGW\\ChokkoubinEXv1.exe \"%1\"".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(1244)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\WININET.dllc:\windows\system32\MultiDialerMain.dll- - - - - - - > 'explorer.exe'(3180)c:\windows\system32\WININET.dllc:\program files\iTunes\iTunesMiniPlayer.dllc:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dllc:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dllc:\windows\system32\TPwrCfg.DLLc:\windows\system32\TPwrReg.dllc:\windows\system32\TPSTrace.DLL.------------------------ Other Running Processes ------------------------.c:\program files\Intel\Wireless\Bin\EvtEng.exec:\program files\Intel\Wireless\Bin\S24EvMon.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\TOSHIBA\ConfigFree\CFSvcs.exec:\windows\system32\DVDRAMSV.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Intel\Wireless\Bin\RegSrvc.exec:\windows\system32\conime.exec:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\windows\System32\PAStiSvc.exec:\program files\Synaptics\SynTP\Toshiba.exec:\windows\system32\TPSMain.exec:\windows\system32\igfxext.exec:\windows\system32\igfxsrvc.exec:\windows\system32\TPSBattM.exec:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exec:\program files\iPod\bin\iPodService.exec:\documents and settings\inadmin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe.**************************************************************************.Completion time: 2010-08-21 09:34:01 - machine was rebootedComboFix-quarantined-files.txt 2010-08-21 00:33Pre-Run: 7,577,985,024 bytes freePost-Run: 7,397,208,064 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect- - End Of File - - 3A4B18A7A1505EF5705729D0E64E9B43Other than the problems I've already mentioned, my laptop won't let me re-install itunes either. Do you still need the other scan, the GMER one? Please let me know and I'll do it later and paste the results. Couldn't do it last night as it was taking too long. Thanks for all the help so far though Link to post Share on other sites More sharing options...
Elise Posted August 21, 2010 ID:303200 Share Posted August 21, 2010 Can you please tell me what the name is of the userprofile you are usually using and if this ought to be a profile with administrator rights. Is this "inadmin"? Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 21, 2010 Author ID:303202 Share Posted August 21, 2010 Can you please tell me what the name is of the userprofile you are usually using and if this ought to be a profile with administrator rights. Is this "inadmin"?I always use Admin userprofile. I think the actual name of the profile is my name Link to post Share on other sites More sharing options...
Elise Posted August 21, 2010 ID:303216 Share Posted August 21, 2010 Please click Start > Log OUt. Let me know at the login screen, what options (usernames) you have there.Alternatively, open c:\documents and settings and let me know what folders are in there. Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 21, 2010 Author ID:303218 Share Posted August 21, 2010 Two names:Dave (admin)Misato (never ever used) Link to post Share on other sites More sharing options...
Elise Posted August 21, 2010 ID:303220 Share Posted August 21, 2010 I take it Dave is your normal userprofile?Please list me now the folders in c:\documents and settings. Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 21, 2010 Author ID:303222 Share Posted August 21, 2010 Administrator, All Users, inadmin, Intel, Misato, TEMP, Temp.CWIIANC, temp.CWIIANC08 (2), Temp.CWIIANC.000, Temp.CWIIANC.001, Temp.CWIIANC.002, Temp.CWIIANC.003, Temp.CWIIANC.004, Temp.CWIIANC.005, Temp.CWIIANC.006, Temp.CWIIANC.007, Temp.CWIIANC.008, Temp.CWIIANC.009, Temp.CWIIANC.010That's all the folders I can see Link to post Share on other sites More sharing options...
Elise Posted August 21, 2010 ID:303224 Share Posted August 21, 2010 Did you at one point rename one of your userprofiles to Dave? I don't see the userprofile Dave there. Can you look into the folders (subfolder My Documents), to see which of these may be it? Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 21, 2010 Author ID:303263 Share Posted August 21, 2010 There is no folder named dave. There is a dave's documents in My Computer but in the C: Drive there is only the Admin and Inadmin folder Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 21, 2010 Author ID:303264 Share Posted August 21, 2010 I'd like to fix this laptop but I might be resigned to buying a new one. I'll keep plugging away at it but my battery lasts 5 minutes at best, power supply unit has a dodgy connection and keeps stopping meaning I can't use the laptop and the disk drive is broken. This might be the straw that broke the camel's back.Any idea what the problem might be? Link to post Share on other sites More sharing options...
Elise Posted August 21, 2010 ID:303297 Share Posted August 21, 2010 That sounds to me as hardware problems and there's not really much we can do about it online. Someone should have a look at the battery connections and measure it to see how its power output is. Might be just a "lazy" battery, but its also possible something more is wrong. As for the software problems, this sounds to me like a corrupted userprofile. You log in to an account named Dave, but in fact such an account doesn't exist, although it is possible the Inadmin account is in fact renamed. I don't think this is anything malware-related, since you mention you have also other problems, it might be a hardware error.If your computer remains on for longer periods, we can try to run the checkdisk utility to check for disk errors. Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 21, 2010 Author ID:303301 Share Posted August 21, 2010 Yes the hardware problems are annoying but cheap to solve.corrupt userprofile? That sounds a lot nice than malware related. Like I said, I"m pretty careful what I do online and Kasperky is very good at protecting the computer. IF the power supply stays online, I"ll be online for around 4 more hours. How do I run a checkdisk utility for disk errors? How long does it take? cAn I use the laptop whilst it's running? Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 21, 2010 Author ID:303303 Share Posted August 21, 2010 Yes the hardware problems are annoying but cheap to solve.corrupt userprofile? That sounds a lot nice than malware related. Like I said, I"m pretty careful what I do online and Kasperky is very good at protecting the computer. IF the power supply stays online, I"ll be online for around 4 more hours. How do I run a checkdisk utility for disk errors? How long does it take? cAn I use the laptop whilst it's running?Sorry to add to the above, would a cprrupt userprofile cause Malwarebytes to stop halfway through and also cause my Kasperky full scanner to shut down my laptop? Also stop Superantiapyware from loading up? Link to post Share on other sites More sharing options...
Elise Posted August 21, 2010 ID:303314 Share Posted August 21, 2010 Hi, a corrupt userprofile can have many causes, but if your scanners never picked up anything, I doubt that will be the cause (although, it is possible).To run checkdisk, click Start > Run, type chkdsk /r and press enter. Type Y and press enter to schedule the scan for next reboot.Restart the computer and let the disk check run unhindered. This may take some time (up to one hour, depending on how big your disk is). Link to post Share on other sites More sharing options...
JammingJapanSumoSoul Posted August 23, 2010 Author ID:303945 Share Posted August 23, 2010 Hi, a corrupt userprofile can have many causes, but if your scanners never picked up anything, I doubt that will be the cause (although, it is possible).To run checkdisk, click Start > Run, type chkdsk /r and press enter. Type Y and press enter to schedule the scan for next reboot.Restart the computer and let the disk check run unhindered. This may take some time (up to one hour, depending on how big your disk is).I did the above and the disk check literally lasted all of 5 seconds.This can be closed now anyways. Thanks a lot for your help. In the end I decided the hardware issues, CD drive broken, battery dead, power supply starting to have blue sparks coming out of it, warranted a new laptop. I have my Kaspersky installed and going to download MWB in a sec to stay safeThanks againJJSS Link to post Share on other sites More sharing options...
Elise Posted August 23, 2010 ID:303986 Share Posted August 23, 2010 Ouch, especially the sparks from the power supply sound as no good at all. I'm glad to hear things are fine now though. Please let me know if you have any other questions. If not this topic will be closed. Link to post Share on other sites More sharing options...
Staff screen317 Posted August 29, 2010 Staff ID:306457 Share Posted August 29, 2010 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts