System have some problem

Guddaji · 10-17-2009, 11:52 PM

Hi

My system is showing some hidden folders and files and it is restricting to access some folders.

please help. Please find the attached DDS log files.

Thanks

also find the ark.txt.

thanks

Guddaji · 10-21-2009, 07:36 AM

DDS (Ver_09-07-30.01) - NTFSx86
Run by L S Deshpande at 11:12:05.14 on 18-10-2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.91.1033.18.3002.1894 [GMT 5.5:30]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\L S Deshpande\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Presario&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Presario&pf=cnnb
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.0.0.125\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
dRunOnce: [<NO NAME>]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-in\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://inmumm12.tcs.com/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {22FBBA82-0ECD-4120-B9CF-799F2CFE7F20} = 111.111.111.111,111.111.111.112
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\lsdesh~1\appdata\roaming\mozilla\firefox\profiles\kwpife06.default\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1000000.07d\SymEFA.sys [2009-4-13 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1000000.07d\BHDrvx86.sys [2009-4-13 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1000000.07d\ccHPx86.sys [2009-4-13 362544]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20080826.006\IDSVix86.sys [2009-4-13 289840]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_e7ea6efc\AEstSrv.exe [2009-8-2 77824]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [2009-4-13 115560]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-13 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-13 222512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-13 99376]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-15 112128]
R3 sit_bus;SIT_1x_usbmodem Device;c:\windows\system32\drivers\sit_bus.sys [2007-4-17 22144]
R3 sit_flt;SUNGIL USB Filter Service;c:\windows\system32\drivers\sit_flt.sys [2007-4-18 4352]
R3 sit_mdm;SIT_1x_usbmodem ;c:\windows\system32\drivers\sit_mdm.sys [2007-4-17 39680]
R3 sit_prt;SIT_1x_usbmodem Port;c:\windows\system32\drivers\sit_prt.sys [2007-4-17 38656]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nis\1000000.07d\symndisv.sys [2009-4-13 40496]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 100184]

============== File Associations ===============

inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
piffile="%1" %*"

=============== Created Last 30 ================

2009-10-17 23:44 3,599,960 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-17 23:44 3,547,736 a------- c:\windows\system32\ntoskrnl.exe
2009-10-16 22:39 61,440 a------- c:\windows\system32\msasn1.dll
2009-10-16 22:39 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-16 22:39 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-16 22:29 <DIR> --d----- c:\users\lsdesh~1\appdata\roaming\WildTangent
2009-10-16 21:45 <DIR> --d-h--- c:\windows\PIF
2009-10-16 20:53 <DIR> --d----- c:\users\lsdesh~1\appdata\roaming\SUNGIL TELECOM
2009-10-16 20:51 <DIR> --d----- c:\program files\EpiValley
2009-10-11 23:24 <DIR> --d----- c:\users\l s deshpande\Bluetooth Software
2009-10-11 02:15 2,048 a------- c:\windows\system32\tzres.dll
2009-10-11 02:08 <DIR> --d----- c:\program files\MSXML 4.0
2009-10-11 01:46 <DIR> --d----- c:\users\lsdesh~1\appdata\roaming\FloodLightGames
2009-10-11 01:46 <DIR> --d----- c:\programdata\FloodLightGames
2009-10-11 01:46 <DIR> --d----- c:\progra~2\FloodLightGames
2009-10-11 01:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-10-11 01:39 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-11 01:33 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-10-11 01:33 104,960 a------- c:\windows\system32\netiohlp.dll
2009-10-11 01:33 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-10-11 01:33 19,968 a------- c:\windows\system32\ARP.EXE
2009-10-11 01:33 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-10-11 01:33 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-10-11 01:33 10,240 a------- c:\windows\system32\finger.exe
2009-10-11 01:33 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-10-11 01:33 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-10-11 01:33 17,920 a------- c:\windows\system32\netevent.dll
2009-10-11 01:19 499,200 a------- c:\windows\system32\wbem\WmiPrvSD.dll
2009-10-11 01:19 615,424 a------- c:\windows\system32\wbem\fastprox.dll
2009-10-11 01:19 551,424 a------- c:\windows\system32\rpcss.dll
2009-10-11 01:19 247,296 a------- c:\windows\system32\wbem\WmiPrvSE.exe
2009-10-11 01:19 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-10-11 01:19 183,296 a------- c:\windows\system32\sdohlp.dll
2009-10-11 01:19 129,024 a------- c:\windows\system32\wbem\WmiDcPrv.dll
2009-10-11 01:19 98,304 a------- c:\windows\system32\iasrecst.dll
2009-10-11 01:19 54,784 a------- c:\windows\system32\iasads.dll
2009-10-11 01:19 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-10-11 01:19 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-10-11 01:19 17,408 a------- c:\windows\system32\iashost.exe
2009-10-11 01:16 1,256,448 a------- c:\windows\system32\lsasrv.dll
2009-10-11 01:16 499,712 a------- c:\windows\system32\kerberos.dll
2009-10-11 01:16 439,896 a------- c:\windows\system32\drivers\ksecdd.sys
2009-10-11 01:16 270,848 a------- c:\windows\system32\schannel.dll
2009-10-11 01:16 213,504 a------- c:\windows\system32\msv1_0.dll
2009-10-11 01:16 175,104 a------- c:\windows\system32\wdigest.dll
2009-10-11 01:16 72,704 a------- c:\windows\system32\secur32.dll
2009-10-11 01:16 9,728 a------- c:\windows\system32\lsass.exe
2009-10-11 01:15 2,868,224 a------- c:\windows\system32\mf.dll
2009-10-11 01:14 24,064 a------- c:\windows\system32\amxread.dll
2009-10-11 01:14 13,824 a------- c:\windows\system32\apilogen.dll
2009-10-11 01:12 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-10-11 01:10 <DIR> --d----- c:\program files\AskBarDis
2009-10-11 01:10 <DIR> --d----- c:\users\lsdesh~1\appdata\roaming\Foxit
2009-10-11 01:10 <DIR> --d----- c:\program files\Foxit Software
2009-10-11 01:09 <DIR> --d----- C:\Soft
2009-10-11 01:08 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-10-11 01:07 91,136 a------- c:\windows\system32\avifil32.dll
2009-10-11 01:06 <DIR> --d----- C:\Data
2009-10-11 01:06 636,928 a------- c:\windows\system32\localspl.dll
2009-10-11 01:04 2,033,152 a------- c:\windows\system32\win32k.sys
2009-10-11 01:03 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-10-11 01:03 38,912 a------- c:\windows\system32\xolehlp.dll
2009-10-11 01:03 71,680 a------- c:\windows\system32\atl.dll
2009-10-11 01:02 289,792 a------- c:\windows\system32\atmfd.dll
2009-10-11 01:02 156,672 a------- c:\windows\system32\t2embed.dll
2009-10-11 01:02 72,704 a------- c:\windows\system32\fontsub.dll
2009-10-11 01:02 10,240 a------- c:\windows\system32\dciman32.dll
2009-10-11 01:02 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-10-11 01:02 376,832 a------- c:\windows\system32\winhttp.dll
2009-10-11 01:01 160,256 a------- c:\windows\system32\wkssvc.dll
2009-10-11 01:01 147,456 a------- c:\windows\system32\Faultrep.dll
2009-10-11 01:01 125,952 a------- c:\windows\system32\wersvc.dll
2009-10-11 00:44 25,136 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-10-11 00:44 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-11 00:44 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-11 00:44 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-11 00:44 <DIR> --d----- c:\program files\Symantec
2009-10-11 00:44 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-10-11 00:36 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-10-11 00:36 83,456 a------- c:\windows\system32\wudriver.dll
2009-10-11 00:36 162,064 a------- c:\windows\system32\wuwebv.dll
2009-10-11 00:36 31,232 a------- c:\windows\system32\wuapp.exe
2009-10-11 00:28 <DIR> --d----- c:\windows\system32\%COREALLUSERPATH%
2009-10-10 18:04 <DIR> --d----- c:\program files\Reliance Netconnect - Broadband+
2009-10-10 15:01 <DIR> --d----- c:\users\lsdesh~1\appdata\roaming\HP TCS
2009-10-10 15:00 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Presario CQ40 Notebook PC_Y5335KV_0U_QCND9313106_E516765-373_4A_I3607_SCompal_V99.AF_F.43_T090709_WV2-1_L409_M3003_J320_7Intel_867A_92.10_#090801_N10EC8136;14E44315_(VB639PA#ACJ)_XMOBILE_CN10_Z_2F.43.MRK
2009-10-10 14:59 <DIR> --d----- c:\users\L S Deshpande

==================== Find3M ====================

2009-10-16 20:52 86,016 a------- c:\windows\inf\infstrng.dat
2009-10-16 20:52 86,016 a------- c:\windows\inf\infstor.dat
2009-10-16 20:52 51,200 a------- c:\windows\inf\infpub.dat
2009-08-28 18:09 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 18:08 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 18:08 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 18:08 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-02 11:34 1,053,232 a------- c:\windows\system32\MFC71u.dll
2009-08-02 11:34 505,392 a------- c:\windows\system32\msvcp71.dll
2009-08-02 11:34 353,840 a------- c:\windows\system32\msvcr71.dll
2009-08-02 11:34 1,066,544 a------- c:\windows\system32\MFC71.dll
2009-08-02 10:59 3,809,280 a------- c:\windows\system32\bcmihvsrv.dll
2009-08-02 10:59 3,502,080 a------- c:\windows\system32\bcmihvui.dll
2009-08-02 10:59 87,280 a------- c:\windows\system32\bcmwlcoi.dll
2009-08-02 10:59 6,656 a------- c:\windows\system32\bcmwlrc.dll
2009-04-13 18:26 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 08:27 174 a--sh--- c:\program files\desktop.ini
2006-11-02 18:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 18:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 18:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 18:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:12:25.04 ===============
should I send the DDS log like this.

Ried · 10-22-2009, 09:42 PM

Hello Guddaji,

What folders are you trying to access?

Guddaji · 11-03-2009, 11:05 AM

I am not trying to access any specific folder but my laptop previously not showing these many hidden folder and i have not changed the setting. only after inserting a pendrive I come to know that one recycler named folder become visible which is looking like a hidden folder. I also seen some file which was not coming previously. Apart from this I am not able to access document and settings folder while previously I was able to do that. Please Help.

Thanks

Ried · 11-03-2009, 01:57 PM

Thank you for explaining it a bit better. The more detail we have, the better we can assist you. :)

I'll need to take a deeper look. Download rsit.exe and save it to your desktop.

Double click on RSIT.exe to run it.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

If you do not see the info.txt you can find it in the C:\rsit folder. Please attach that .txt

10-21-2009, 07:36 AM	#2 (permalink)
Guddaji Registered User Join Date: Oct 2009 Posts: 3 OS: Windows Vista Home Basic	Re: System have some problem DDS (Ver_09-07-30.01) - NTFSx86 Run by L S Deshpande at 11:12:05.14 on 18-10-2009 Internet Explorer: 7.0.6001.18000 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.91.1033.18.3002.1894 [GMT 5.5:30] SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\STacSV.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e7ea6efc\aestsrv.exe C:\Windows\system32\agrsmsvc.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\SMINST\BLService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\L S Deshpande\Downloads\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Presario&pf=cnnb uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Presario&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Presario&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Presario&pf=cnnb BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.0.0.125\IPSBHO.DLL BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0" mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe dRunOnce: [<NO NAME>] StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-in\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://inmumm12.tcs.com/dwa8W.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab TCP: {22FBBA82-0ECD-4120-B9CF-799F2CFE7F20} = 111.111.111.111,111.111.111.112 Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\lsdesh~1\appdata\roaming\mozilla\firefox\profiles\kwpife06.default\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1000000.07d\SymEFA.sys [2009-4-13 309296] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1000000.07d\BHDrvx86.sys [2009-4-13 254512] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1000000.07d\ccHPx86.sys [2009-4-13 362544] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20080826.006\IDSVix86.sys [2009-4-13 289840] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_e7ea6efc\AEstSrv.exe [2009-8-2 77824] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976] R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [2009-4-13 115560] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-13 365952] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-13 222512] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-13 99376] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-15 112128] R3 sit_bus;SIT_1x_usbmodem Device;c:\windows\system32\drivers\sit_bus.sys [2007-4-17 22144] R3 sit_flt;SUNGIL USB Filter Service;c:\windows\system32\drivers\sit_flt.sys [2007-4-18 4352] R3 sit_mdm;SIT_1x_usbmodem ;c:\windows\system32\drivers\sit_mdm.sys [2007-4-17 39680] R3 sit_prt;SIT_1x_usbmodem Port;c:\windows\system32\drivers\sit_prt.sys [2007-4-17 38656] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nis\1000000.07d\symndisv.sys [2009-4-13 40496] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 100184] ============== File Associations =============== inifile=%SystemRoot%\System32\NOTEPAD.EXE %1" piffile="%1" %" =============== Created Last 30 ================ 2009-10-17 23:44 3,599,960 a------- c:\windows\system32\ntkrnlpa.exe 2009-10-17 23:44 3,547,736 a------- c:\windows\system32\ntoskrnl.exe 2009-10-16 22:39 61,440 a------- c:\windows\system32\msasn1.dll 2009-10-16 22:39 144,896 a------- c:\windows\system32\drivers\srv2.sys 2009-10-16 22:39 604,672 a------- c:\windows\system32\WMSPDMOD.DLL 2009-10-16 22:29 <DIR> --d----- c:\users\lsdesh~1\appdata\roaming\WildTangent 2009-10-16 21:45 <DIR> --d-h--- c:\windows\PIF 2009-10-16 20:53 <DIR> --d----- c:\users\lsdesh~1\appdata\roaming\SUNGIL TELECOM 2009-10-16 20:51 <DIR> --d----- c:\program files\EpiValley 2009-10-11 23:24 <DIR> --d----- c:\users\l s deshpande\Bluetooth Software 2009-10-11 02:15 2,048 a------- c:\windows\system32\tzres.dll 2009-10-11 02:08 <DIR> --d----- c:\program files\MSXML 4.0 2009-10-11 01:46 <DIR> --d----- c:\users\lsdesh~1\appdata\roaming\FloodLightGames 2009-10-11 01:46 <DIR> --d----- c:\programdata\FloodLightGames 2009-10-11 01:46 <DIR> --d----- c:\progra~2\FloodLightGames 2009-10-11 01:39 28,672 a------- c:\windows\system32\Apphlpdm.dll 2009-10-11 01:39 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll 2009-10-11 01:33 897,608 a------- c:\windows\system32\drivers\tcpip.sys 2009-10-11 01:33 104,960 a------- c:\windows\system32\netiohlp.dll 2009-10-11 01:33 27,136 a------- c:\windows\system32\NETSTAT.EXE 2009-10-11 01:33 19,968 a------- c:\windows\system32\ARP.EXE 2009-10-11 01:33 17,920 a------- c:\windows\system32\ROUTE.EXE 2009-10-11 01:33 11,264 a------- c:\windows\system32\MRINFO.EXE 2009-10-11 01:33 10,240 a------- c:\windows\system32\finger.exe 2009-10-11 01:33 9,728 a------- c:\windows\system32\TCPSVCS.EXE 2009-10-11 01:33 8,704 a------- c:\windows\system32\HOSTNAME.EXE 2009-10-11 01:33 17,920 a------- c:\windows\system32\netevent.dll 2009-10-11 01:19 499,200 a------- c:\windows\system32\wbem\WmiPrvSD.dll 2009-10-11 01:19 615,424 a------- c:\windows\system32\wbem\fastprox.dll 2009-10-11 01:19 551,424 a------- c:\windows\system32\rpcss.dll 2009-10-11 01:19 247,296 a------- c:\windows\system32\wbem\WmiPrvSE.exe 2009-10-11 01:19 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe 2009-10-11 01:19 183,296 a------- c:\windows\system32\sdohlp.dll 2009-10-11 01:19 129,024 a------- c:\windows\system32\wbem\WmiDcPrv.dll 2009-10-11 01:19 98,304 a------- c:\windows\system32\iasrecst.dll 2009-10-11 01:19 54,784 a------- c:\windows\system32\iasads.dll 2009-10-11 01:19 44,032 a------- c:\windows\system32\iasdatastore.dll 2009-10-11 01:19 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll 2009-10-11 01:19 17,408 a------- c:\windows\system32\iashost.exe 2009-10-11 01:16 1,256,448 a------- c:\windows\system32\lsasrv.dll 2009-10-11 01:16 499,712 a------- c:\windows\system32\kerberos.dll 2009-10-11 01:16 439,896 a------- c:\windows\system32\drivers\ksecdd.sys 2009-10-11 01:16 270,848 a------- c:\windows\system32\schannel.dll 2009-10-11 01:16 213,504 a------- c:\windows\system32\msv1_0.dll 2009-10-11 01:16 175,104 a------- c:\windows\system32\wdigest.dll 2009-10-11 01:16 72,704 a------- c:\windows\system32\secur32.dll 2009-10-11 01:16 9,728 a------- c:\windows\system32\lsass.exe 2009-10-11 01:15 2,868,224 a------- c:\windows\system32\mf.dll 2009-10-11 01:14 24,064 a------- c:\windows\system32\amxread.dll 2009-10-11 01:14 13,824 a------- c:\windows\system32\apilogen.dll 2009-10-11 01:12 784,896 a------- c:\windows\system32\rpcrt4.dll 2009-10-11 01:10 <DIR> --d----- c:\program files\AskBarDis 2009-10-11 01:10 <DIR> --d----- c:\users\lsdesh~1\appdata\roaming\Foxit 2009-10-11 01:10 <DIR> --d----- c:\program files\Foxit Software 2009-10-11 01:09 <DIR> --d----- C:\Soft 2009-10-11 01:08 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-10-11 01:07 91,136 a------- c:\windows\system32\avifil32.dll 2009-10-11 01:06 <DIR> --d----- C:\Data 2009-10-11 01:06 636,928 a------- c:\windows\system32\localspl.dll 2009-10-11 01:04 2,033,152 a------- c:\windows\system32\win32k.sys 2009-10-11 01:03 562,176 a------- c:\windows\system32\msdtcprx.dll 2009-10-11 01:03 38,912 a------- c:\windows\system32\xolehlp.dll 2009-10-11 01:03 71,680 a------- c:\windows\system32\atl.dll 2009-10-11 01:02 289,792 a------- c:\windows\system32\atmfd.dll 2009-10-11 01:02 156,672 a------- c:\windows\system32\t2embed.dll 2009-10-11 01:02 72,704 a------- c:\windows\system32\fontsub.dll 2009-10-11 01:02 10,240 a------- c:\windows\system32\dciman32.dll 2009-10-11 01:02 241,152 a------- c:\windows\system32\PortableDeviceApi.dll 2009-10-11 01:02 376,832 a------- c:\windows\system32\winhttp.dll 2009-10-11 01:01 160,256 a------- c:\windows\system32\wkssvc.dll 2009-10-11 01:01 147,456 a------- c:\windows\system32\Faultrep.dll 2009-10-11 01:01 125,952 a------- c:\windows\system32\wersvc.dll 2009-10-11 00:44 25,136 a----r-- c:\windows\system32\drivers\SymIMV.sys 2009-10-11 00:44 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS 2009-10-11 00:44 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT 2009-10-11 00:44 806 a------- c:\windows\system32\drivers\SYMEVENT.INF 2009-10-11 00:44 <DIR> --d----- c:\program files\Symantec 2009-10-11 00:44 <DIR> --d----- c:\program files\common files\Symantec Shared 2009-10-11 00:36 1,524,736 a------- c:\windows\system32\wucltux.dll 2009-10-11 00:36 83,456 a------- c:\windows\system32\wudriver.dll 2009-10-11 00:36 162,064 a------- c:\windows\system32\wuwebv.dll 2009-10-11 00:36 31,232 a------- c:\windows\system32\wuapp.exe 2009-10-11 00:28 <DIR> --d----- c:\windows\system32\%COREALLUSERPATH% 2009-10-10 18:04 <DIR> --d----- c:\program files\Reliance Netconnect - Broadband+ 2009-10-10 15:01 <DIR> --d----- c:\users\lsdesh~1\appdata\roaming\HP TCS 2009-10-10 15:00 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Presario CQ40 Notebook PC_Y5335KV_0U_QCND9313106_E516765-373_4A_I3607_SCompal_V99.AF_F.43_T090709_WV2-1_L409_M3003_J320_7Intel_867A_92.10_#090801_N10EC8136;14E44315_(VB639PA#ACJ)_XMOBILE_CN10_Z_2F.43.MRK 2009-10-10 14:59 <DIR> --d----- c:\users\L S Deshpande ==================== Find3M ==================== 2009-10-16 20:52 86,016 a------- c:\windows\inf\infstrng.dat 2009-10-16 20:52 86,016 a------- c:\windows\inf\infstor.dat 2009-10-16 20:52 51,200 a------- c:\windows\inf\infpub.dat 2009-08-28 18:09 173,056 a------- c:\windows\apppatch\AcXtrnal.dll 2009-08-28 18:08 2,153,984 a------- c:\windows\apppatch\AcGenral.dll 2009-08-28 18:08 541,696 a------- c:\windows\apppatch\AcLayers.dll 2009-08-28 18:08 459,776 a------- c:\windows\apppatch\AcSpecfc.dll 2009-08-02 11:34 1,053,232 a------- c:\windows\system32\MFC71u.dll 2009-08-02 11:34 505,392 a------- c:\windows\system32\msvcp71.dll 2009-08-02 11:34 353,840 a------- c:\windows\system32\msvcr71.dll 2009-08-02 11:34 1,066,544 a------- c:\windows\system32\MFC71.dll 2009-08-02 10:59 3,809,280 a------- c:\windows\system32\bcmihvsrv.dll 2009-08-02 10:59 3,502,080 a------- c:\windows\system32\bcmihvui.dll 2009-08-02 10:59 87,280 a------- c:\windows\system32\bcmwlcoi.dll 2009-08-02 10:59 6,656 a------- c:\windows\system32\bcmwlrc.dll 2009-04-13 18:26 665,600 a------- c:\windows\inf\drvindex.dat 2008-01-21 08:27 174 a--sh--- c:\program files\desktop.ini 2006-11-02 18:09 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 18:09 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 18:09 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 18:09 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 11:12:25.04 =============== should I send the DDS log like this.

10-22-2009, 09:42 PM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,995 OS: WinXP and Vista	Re: System have some problem Hello Guddaji, What folders are you trying to access? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

11-03-2009, 11:05 AM	#4 (permalink)
Guddaji Registered User Join Date: Oct 2009 Posts: 3 OS: Windows Vista Home Basic	Re: System have some problem I am not trying to access any specific folder but my laptop previously not showing these many hidden folder and i have not changed the setting. only after inserting a pendrive I come to know that one recycler named folder become visible which is looking like a hidden folder. I also seen some file which was not coming previously. Apart from this I am not able to access document and settings folder while previously I was able to do that. Please Help. Thanks

11-03-2009, 01:57 PM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,995 OS: WinXP and Vista	Re: System have some problem Thank you for explaining it a bit better. The more detail we have, the better we can assist you. :) I'll need to take a deeper look. Download rsit.exe and save it to your desktop. Double click on RSIT.exe to run it. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) If you do not see the info.txt you can find it in the C:\rsit folder. Please attach that .txt __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."