Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

user profile service failed the logon/configuration only works toshiba systems


  • This topic is locked This topic is locked
45 replies to this topic

#1 alaskagirl

alaskagirl

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 04 November 2010 - 07:09 PM

hello, i don't know if it all goes together. first a while back my speakers sometimes work and sometimes not. they say they are working even when they aren't. my usb ports would not identify whatever i plugged in half the time.when my system first messed up, i took it to best buy. they had the warranty. they did a recovery. they said it was a software problem. that was in march. it started acting up immediately with windows when i got it back. i tried doing a back up but it kept failing. windows kept needing to do an update on microsoft.net framework 4 client profile for windows vista x64,system update readiness tool for windows vista for x64 based system, and update for windows vista for x65 based systems but none of them could update. then my son decides to look up a porn site :angry: then i notice i can't log onto my user account. it says: "the user profile service failed the log on. user profile cannot be loaded." when i am on guest user it says "configuration only works on toshiba systems". i can still use that user account. on another account which also has administration rights it started saying "the user profile service failed the log on"..... i went and did a system restore for the day before that my younger son looked at the porn site. it let me back onto that user account but not my main user account. i tried mr. fix it and i thought it fixed it when it asked for me to change my password before i could go further. but when i did that it went back to saying the same thing. i also tried to take the password off from going into the other administrator account. when i just did the gmer you requested i got to rookit/malware and it didn't let me check all the ones you required. the only ones it let me check were: services, registry, files, c:/, ads. it also said gmer has not found any system modification. so i'm not sure what i did wrong.i was trying to upload the ark.txt and realized it shows 0 bytes and will not upload. i tried it again and it did the same thing.Attached File  Attach.txt   6.19KB   1 downloads


DDS (Ver_10-11-03.01) - NTFS_AMD64
Run by cristian at 22:16:07.72 on Wed 11/03/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4085.2510 [GMT -8:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Belvedere\Belvedere.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\cristian\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101103135717.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BELVED~1.LNK - C:\Program Files (x86)\Belvedere\Belvedere.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files\MozyHome\mozystat.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~4\GOEC62~1.DLL
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101103135717.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - C:\Users\cristian\AppData\Roaming\Mozilla\Firefox\Profiles\9rg8mbdo.default\
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-12 529128]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2010-2-17 531968]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-10-12 75032]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-10-12 283360]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-12-2 173984]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2010-5-29 110312]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-12 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-12 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-12 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-10-12 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-10-12 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-10-12 149032]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-5-12 1153368]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-10-12 62800]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2008-2-15 8704]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-12 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-10-12 441328]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-12-2 40832]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2007-9-26 3196416]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-12 135664]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2010-5-27 61288]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-5-12 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-12 94864]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2009-12-18 25600]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\System32\drivers\nwusbser2.sys [2009-12-18 213376]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-2-17 93184]
S4 KR10I64;KR10I64;C:\Windows\System32\drivers\KR10I64.sys [2008-2-15 248320]
S4 KR10N64;KR10N64;C:\Windows\System32\drivers\KR10N64.sys [2008-2-15 237568]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-11-04 00:48:04 -------- d-----w- C:\Users\cristian\AppData\Local\Adobe
2010-11-03 06:28:35 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{B5FB0C1C-91ED-4F3E-8959-3A872A683B53}\mpengine.dll
2010-10-23 07:11:46 -------- d-----w- C:\Users\cristian\AppData\Roaming\WinBatch
2010-10-23 00:38:11 -------- d-----w- C:\Users\cristian\AppData\Local\MigWiz
2010-10-23 00:33:57 -------- d-----w- C:\Users\cristian\AppData\Local\Toshiba
2010-10-22 20:55:24 -------- d-----w- C:\Program Files (x86)\Your Uninstaller 2010
2010-10-17 04:37:54 -------- d-----w- C:\57c3079c34549d65037c20c80742ba7a
2010-10-13 11:17:07 316416 ----a-w- C:\Windows\System32\msshsq.dll
2010-10-13 11:17:07 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2010-10-13 00:31:54 -------- d-----w- C:\Program Files\McAfee.com
2010-10-13 00:30:38 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2010-10-13 00:30:36 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2010-10-13 00:30:24 149032 ----a-w- C:\Windows\System32\mfevtps.exe
2010-10-13 00:30:17 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2010-10-13 00:30:16 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2010-10-13 00:30:16 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2010-10-13 00:30:16 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2010-10-13 00:30:15 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2010-10-13 00:30:15 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2010-10-13 00:30:15 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2010-10-13 00:30:15 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2010-10-12 20:05:34 1923584 ----a-w- C:\Windows\System32\ole32.dll
2010-10-12 20:05:33 408064 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-12 20:05:32 339968 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-12 20:05:32 1315840 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-12 20:05:24 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-10-12 20:05:24 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-10-12 20:04:09 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-10-12 20:04:09 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-10-12 20:04:02 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-10-12 20:04:01 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-10-12 20:03:55 2751488 ----a-w- C:\Windows\System32\win32k.sys
2010-10-12 20:00:44 171008 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-12 20:00:43 168960 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-12 20:00:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-10-12 20:00:40 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-12 19:58:20 461824 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-10-12 19:58:19 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-10-12 19:58:19 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-10-12 19:58:19 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-10-12 19:58:18 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-10-12 19:58:17 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-10-12 19:58:17 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-10-12 19:58:17 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-10-12 19:57:21 343040 ----a-w- C:\Windows\System32\schannel.dll
2010-10-12 19:57:21 274432 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-10-12 19:57:13 866816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-12 19:57:13 1090048 ----a-w- C:\Windows\System32\wmpmde.dll

==================== Find3M ====================

2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-08 19:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 19:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-08-17 14:04:48 267776 ----a-w- C:\Windows\System32\spoolsv.exe

============= FINISH: 22:17:56.76 ===============

Edited by alaskagirl, 04 November 2010 - 11:47 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 PM

Posted 12 November 2010 - 09:16 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 alaskagirl

alaskagirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 13 November 2010 - 04:19 PM

hey, i just saw your message! i was wondering about scans on macfee. that should stay on i am assuming? i also have spybot. thank you beforehand for your time and energies.:happy:

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 PM

Posted 13 November 2010 - 04:46 PM

i was wondering about scans on macfee. that should stay on i am assuming? i also have spybot.


When we're scanning, McAfee and Spybot must be disabled. They can interfere with the tools we are using so during their use we have to do that.

This is an unusual one. We will first start looking for possible causes and see what we're dealing with.


TDSSKiller will find and remove the TDSS rootkit, if it's present

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 alaskagirl

alaskagirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 14 November 2010 - 02:03 AM

this may sound stupid...but, how do i disable everything i need to for you.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 PM

Posted 14 November 2010 - 06:43 AM

That doesn't sound stupid. Here you go:

Open McAfee Security Centre
  • Under Common Tasks click on Home
  • Click Computer Files
  • Click Configure
  • Make sure the following are disabled by ticking the "Off" button.

    Virus protection
    Spyware protection
    System Guards Protection
    Script Scanning Protection (you may have to scroll down to see it)

  • Next, select never for "When to re-enable real time scanning"
  • and click OK.


Then disable Spybot's realtime scanner, Teatimer like this:

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

Posted Image
m0le is a proud member of UNITE

#7 alaskagirl

alaskagirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 14 November 2010 - 06:57 PM

ok the mcafee security was not set up the way you described so i hope i did it right. i turned everything in the off position. the spybot has been done. when i went into it, it said i needed administrator rights when i got to the resident protection part. then it let me in, but the tea timer was not checked anyways. it will not let me uncheck the sd helper box. so where do i go from here?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 PM

Posted 14 November 2010 - 07:01 PM

If the Teatimer box is not ticked then the realtime protection is already disabled.

At this point you can run TDSSKiller anyway as this tool isn't afected by these programs.
Posted Image
m0le is a proud member of UNITE

#9 alaskagirl

alaskagirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 14 November 2010 - 08:29 PM

this happened when i rebooted:

Checking file system on C:
The type of the file system is NTFS.
Volume label is SQ004709V01.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
211008 file records processed.

1014 large file records processed.

0 bad file records processed.

0 EA records processed.

92 reparse records processed.

The multi-sector header signature for VCN 0x0 of index $I30
in file 0x598e is incorrect.
ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 ......JFIF.....H
00 48 00 00 ff e2 05 40 49 43 43 5f 50 52 4f 46 .H.....@ICC_PROF
The multi-sector header signature for VCN 0x1 of index $I30
in file 0x598e is incorrect.
8a 03 aa f8 b2 f2 f9 e1 b9 bb d3 5e 1b 5d 3a 75 ...........^.]:u
93 ed 39 f5 70 d4 70 be d5 d3 ae b9 69 f2 fb 48 ..9.p.p.....i..H
The multi-sector header signature for VCN 0x2 of index $I30
in file 0x598e is incorrect.
bc 0b fd c2 d6 fd 2f f3 b9 ea 75 e2 45 b9 45 37 ....../...u.E.E7
bb 3b 02 a8 02 80 0a 00 28 00 a0 02 80 0a 00 28 .;......(......(
The multi-sector header signature for VCN 0x3 of index $I30
in file 0x598e is incorrect.
01 40 05 00 14 00 50 01 40 05 00 14 00 13 8e a7 .@....P.@.......
f3 a2 fb eb b6 ff 00 f0 40 4c 8f 51 f9 f7 a4 da ........@L.Q....
Correcting error in index $I30 for file 22926.
The index bitmap $I30 in file 0x598e is incorrect.
Correcting error in index $I30 for file 22926.
The down pointer of current index entry with length 0x78 is invalid.
14 fd 01 00 00 00 0e 00 78 00 5a 00 01 00 00 00 ........x.Z.....
8e 59 00 00 00 00 26 00 9e ce 91 80 6f 7f cb 01 .Y....&.....o...
9e ce 91 80 6f 7f cb 01 7e d6 d6 80 6f 7f cb 01 ....o...~...o...
9e ce 91 80 6f 7f cb 01 00 40 00 00 00 00 00 00 ....o....@......
74 21 00 00 00 00 00 00 20 20 00 00 00 00 00 00 t!...... ......
0c 02 47 00 4c 00 35 00 43 00 32 00 38 00 7e 00 ..G.L.5.C.2.8.~.
31 00 2e 00 43 00 53 00 53 00 43 00 53 00 53 00 1...C.S.S.C.S.S.
ff ff ff ff ff ff ff ff 0a fd 01 00 00 00 0c 00 ................
78 00 5a 00 01 00 00 00 8e 59 00 00 00 00 26 00 x.Z......Y....&.
Sorting index $I30 in file 22926.
The file reference 0xe00000001fd14 of index entry GL5C28~1.CSS of index $I30
with parent 0x598e is not the same as 0x1200000001fd14.
Deleting index entry GL5C28~1.CSS in index $I30 of file 22926.
Index entry GLOBAL~1.CSS of index $I30 in file 0x598e points to unused file 0x1fd0a.
Deleting index entry GLOBAL~1.CSS in index $I30 of file 22926.
The file reference 0x3800000001fd4c of index entry NEWUSERCOMM.JS of index $I30
with parent 0x598e is not the same as 0x3c00000001fd4c.
Deleting index entry NEWUSERCOMM.JS in index $I30 of file 22926.
The file reference 0x1000000000d62e of index entry SystemIndex.144.gthr of index $I30
with parent 0xcc0c is not the same as 0xf00000000d62e.
Deleting index entry SystemIndex.144.gthr in index $I30 of file 52236.
The file reference 0x1000000000d62e of index entry SYSTEM~3.GTH of index $I30
with parent 0xcc0c is not the same as 0xf00000000d62e.
Deleting index entry SYSTEM~3.GTH in index $I30 of file 52236.
280038 index entries processed.

CHKDSK is recovering lost files.
Recovering orphaned file WAIT.GIF (52870) into directory file 22926.
Recovering orphaned file AUTHAP~1.JPG (52889) into directory file 22926.
Recovering orphaned file AUTHAPP_HEADER.JPG (52889) into directory file 22926.
Recovering orphaned file BUTTON.JS (54830) into directory file 22926.
Recovering orphaned file USGTHR~1 (130230) into directory file 2853.
Recovering orphaned file usgthrsvc (130230) into directory file 2853.
11 unindexed files processed.

211008 security descriptors processed.

Cleaning up 1851 unused index entries from index $SII of file 0x9.
Cleaning up 1851 unused index entries from index $SDH of file 0x9.
Cleaning up 1851 unused security descriptors.
34516 data files processed.

CHKDSK is verifying Usn Journal...
34443760 USN bytes processed.

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

311033855 KB total disk space.
106977300 KB in 167127 files.
96068 KB in 34519 indexes.
0 KB in bad sectors.
326655 KB in use by the system.
65536 KB occupied by the log file.
203633832 KB available on disk.

4096 bytes in each allocation unit.
77758463 total allocation units on disk.
50908458 allocation units available on disk.

Internal Info:
40 38 03 00 b7 13 03 00 3d 7c 05 00 00 00 00 00 @8......=|......
86 0f 00 00 5c 00 00 00 00 00 00 00 00 00 00 00 ....\...........
e0 64 40 77 00 00 00 00 50 23 06 ff 00 00 00 00 .d@w....P#......

Windows has finished checking your disk.
Please wait while your computer restarts.






also this is the only other thing i could find in the c:/ reports. but, it doesn't look like what i saw when the tdsskiller report finished. when it finished, it said there were no problems. i can't remember the exact words. sorry...is it checking all the users on the computer? even mine (the one i can't get into)?

2010/11/14 15:32:43.0620 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/14 15:32:43.0620 ================================================================================
2010/11/14 15:32:43.0620 SystemInfo:
2010/11/14 15:32:43.0620
2010/11/14 15:32:43.0620 OS Version: 6.0.6001 ServicePack: 1.0
2010/11/14 15:32:43.0620 Product type: Workstation
2010/11/14 15:32:43.0621 ComputerName: OWNER-PC
2010/11/14 15:32:43.0621 UserName: cristian
2010/11/14 15:32:43.0621 Windows directory: C:\Windows
2010/11/14 15:32:43.0621 System windows directory: C:\Windows
2010/11/14 15:32:43.0621 Running under WOW64
2010/11/14 15:32:43.0621 Processor architecture: Intel x64
2010/11/14 15:32:43.0621 Number of processors: 2
2010/11/14 15:32:43.0622 Page size: 0x1000
2010/11/14 15:32:43.0622 Boot type: Normal boot
2010/11/14 15:32:43.0622 ================================================================================
2010/11/14 15:32:43.0623 Utility is running under WOW64
2010/11/14 15:32:44.0261 Initialize success
2010/11/14 15:32:53.0912 Deinitialize success

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 PM

Posted 14 November 2010 - 09:06 PM

This is a checkdisk process which checks and repairs damaged files on the computer. It has been set to work on reboot.

It looks like we ought to look for other damage.

You may have corrupt critical system files. Let's see if we can fix that.
  • Select Posted Image
  • Select All Programs
  • Select Accessories
  • Right click Command Prompt and choose Run as administrator
Posted Image
  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
  • Type in sfc /scannow in the command window and press enter.
  • Note the space between the c and the /
  • If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue. This can be done with a borrowed DVD if you don't have one.
  • Be patient because the scan may take some time.
  • Allow the scan to run and when completed, reboot the system.
Let me know what happens.
Posted Image
m0le is a proud member of UNITE

#11 alaskagirl

alaskagirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 15 November 2010 - 11:02 PM

ok....after it finished i had to walk away a minute before i got all the info down. it shut itself down. i ran the check again so i could tell you exactly what it said. hope that was ok.? it wouldn't let me copy and paste so i will type it

verification 100% complete
windows resource protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\Windows\system32>_

that didn't sound good to me. would that be from a virus or from my computer? anyway, this country girl is waiting on an english computer knight in shining armor.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 PM

Posted 16 November 2010 - 06:15 PM

Unfortunately the PC has some corrupt files and neither of these custom repairers will work.

So, this knight will have to suggest a repair installation. Please as if any of these steps are not clear or sound Greek :P

1. Boot up with the Vista install disc

2. You should see a screen that says "Windows is loading files"

3. After a few minutes you will get a language option. Select your language and hit next.

4. On the install screen select "Repair your computer"

5. Windows will find your copy of Vista on the machine

6. Select your copy of Vista and click next

7. Choose Startup repair and answer any questions that are asked. It may reboot the PC.

Let me know when you have completed this and of any improvements or errors you encounter.
Posted Image
m0le is a proud member of UNITE

#13 alaskagirl

alaskagirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 16 November 2010 - 09:21 PM

i only have the toshiba recovery and application drivers...windows vista home premium 64 bit sp1 discs. is there another disc i need?

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:26 PM

Posted 17 November 2010 - 01:51 PM

It's the recovery disk that you need. :)
Posted Image
m0le is a proud member of UNITE

#15 alaskagirl

alaskagirl
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:26 PM

Posted 17 November 2010 - 02:47 PM

good morning or afternoon, in your case. i'm glad it didn't ask me for language, i don't think there is an option for southern english slang......sigh. ok, down to business. when my disc booted up,
install or run program
run install.exe
general options
open folder to view files
set auto play defaults in control

when i go to install, it asks me if i want to continue. so i press continue. then i have the choice of:
install applications and drivers
restore the original default system install

so i understand that the first one is the repair one. but when i go to it, it wants you to pick which applications and drivers you want to address. do i go through each one of them? it never says repair or asks any questions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users