Tech Support Forum banner
Not open for further replies.
1 - 6 of 6 Posts

29 Posts
Discussion Starter · #1 ·
Dell Latitude D820 laptop Windows XP Professional w/SP3
Originally I thought I had bad sectors on the HDD. After posting on the HDD thread I found the hard dive is fine. I cannot run the DDS as it stalls in the middle then freezes the computer when I try to close it. So I think Ultra Defragger got into the HDD but I can't run the "First Steps" to send a log. Even if I could run the log I don't know how I would save it as all programs are gone like notepad, wordpad, paint etc.

The following is the info I posted to the HDD forum they sugessted I post here.
I have a friends laptop he wanted me to look at it. Seems his son was using it playing online
games one night the next night he powered it up and all his files were gone. Everything,
documents, downloads, even the control panel add/remove programs is empty. The only icons on
the desktop are IE, google chrome and real player. The internet does work.

He kept getting popups saying he needed to run chkdsk which he did and didn't help. (Think this
was a virus or malware). He ran System Restore now the only thing on the C; drive is the System restore icon. If you open it there is one restore date of april 11, which is after the crash. I downloaded the dds scanner and ran it but it just stops about 75% of the way and stalls for more than 10 mins. if I try to close it the computer freezes

Using windows restore diagnostics I found 5 problems:
Real Time of hard drive clusters less than 500ms. Critical Error
36% of hdd space is unreadable Critical Error
Bad sectors on hd or damaged file allocation table
Boot sector of the hard drive disk is damaged Critcal error
Hard drive doesn't respond to system commands Critical Error
Failed to fix errors.
I'm still not sure if this is real windows or the virus as it asks for $69 to purchase a fix. Any ideas?

I insalled spyware dr. and it found 9 threats (UltraDefragger)and said they were repaired, today I started the computer and Norton anti virus displayed there was a risk that must be removed which I did and then viewed the history and it had just today quarantined the Defragger. I was wondering if that Defrag virus could've made the HDD look as though it had bad sectors.
I will check the HDD as you suggested and re-post when completed.

I tested the HD and it is working properly. No errors or failures found. I ran chkdsk/f and chkdsk/r and windows did find a couple of files that it restored. Now I can see all the programs/downloads in the control panel/add/remove programs but C: drive only contains Windows Retore icon and folder. All documents/folders are still mia. I tried the "1st Steps" to virus removal but when I ran the DDS progam it stops about 75% of the way and then freezes the computer when I try to close it. The cursor still moves but I can't log off, use cntrl,alt,dlte or anything. I did disable windows defender, norton anti-virus and spyware dr. before running the dds. Since the 1st Steps didn't work is this something you can help with? I'm at a total loss now

29 Posts
Discussion Starter · #3 ·
Re: DDS file ATTACH file

I was able to use Malwarebytes to stop the xp security 2011 long enough to get these scans done.
I scanned the computer using the GMER file for over 4hrs. When I tried to save it the hour glass came up for over 15mins. then the top of the file window read "Not Responding" Don't want to go through that again. If you have any idea why it would not save please let me know and I'll try again. For now here is the DDS and ATTACH files. Thank you! :wave:

DDS (Ver_10-03-17.01) - NTFSx86
Run by user at 13:15:20.70 on Sat 04/16/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1428 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\user\Application Data\U3\0875730A4E135C42\LaunchPad.exe
F:\diagnostic for spyware\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://
uSearch Bar = hxxp://
mDefault_Search_URL = hxxp://
uSearchAssistant = hxxp://
uSearchURL,(Default) = hxxp://
mSearchAssistant = hxxp://
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\program files\navnt\vptray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone:\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\pnhc3vbr.default\
FF - prefs.js: - hxxp://{searchTerms}
FF - prefs.js: - SearchElf 1.1 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\pnhc3vbr.default\extensions\{00f2c0c6-2194-484e-9064-44e57787867b}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\pnhc3vbr.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-12 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-12 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-12 656320]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-4-12 233976]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 NAVAPEL;NAVAPEL;c:\program files\navnt\Navapel.sys [2003-1-29 17968]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-5 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110410.002\naveng.sys [2011-4-10 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110410.002\navex15.sys [2011-4-10 1393144]
S1 phtjpfca;phtjpfca;\??\c:\windows\system32\drivers\phtjpfca.sys --> c:\windows\system32\drivers\phtjpfca.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\browser defender\BDTUpdateService.exe [2011-4-12 337872]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-12 136176]
S2 Norton AntiVirus Server;Norton AntiVirus Client;c:\program files\navnt\rtvscan.exe [2003-1-29 487424]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-6-6 1821376]
S3 EraserUtilDrv10710;EraserUtilDrv10710;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10710.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10710.sys [?]
S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi9.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI9.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-6-6 116928]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-4-12 371472]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-4-12 1117144]

=============== Created Last 30 ================

2011-04-16 18:19:56 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2011-04-16 18:19:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 18:19:41 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 18:19:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-16 18:19:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-16 16:59:44 0 d-----w- c:\windows\system32\CBA
2011-04-16 16:59:37 0 d-----w- c:\program files\NavNT
2011-04-16 16:57:45 0 d-----w- c:\documents and settings\user\WINDOWS
2011-04-16 07:42:11 1152 ----a-w- c:\windows\system32\windrv.sys
2011-04-16 07:17:48 0 d-----w- c:\windows\system32\MpEngineStore
2011-04-16 04:37:32 0 d-----w- c:\docume~1\user\applic~1\GetRightToGo
2011-04-16 04:27:39 52352 ---ha-w- c:\windows\system32\drivers\OLD51.tmpABA33867
2011-04-15 01:23:56 0 d-----w- c:\windows\system32\appmgmt
2011-04-13 03:20:40 0 d-----w- c:\program files\CCleaner
2011-04-13 03:11:13 674108 ----a-w- c:\windows\system32\drivers\Cat.DB
2011-04-13 03:11:10 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-13 03:11:10 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-13 03:11:09 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-13 03:11:05 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-13 03:11:05 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-13 03:11:04 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-04-13 03:10:59 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-13 03:10:43 0 d-----w- c:\program files\PC Tools Security
2011-04-13 03:10:43 0 d-----w- c:\program files\common files\PC Tools
2011-04-13 01:53:37 882 ----a-w- c:\windows\RegSDImport.xml
2011-04-13 01:53:37 879 ----a-w- c:\windows\RegISSImport.xml
2011-04-13 01:53:37 767952 ----a-w- c:\windows\BDTSupport.dll
2011-04-13 01:53:37 2125 ----a-w- c:\windows\
2011-04-13 01:53:37 2074576 ----a-w- c:\windows\PCTBDCore.dll
2011-04-13 01:53:37 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-04-13 01:53:37 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-04-13 01:53:37 131 ----a-w- c:\windows\
2011-04-13 01:53:37 0 d-----w- c:\program files\Browser Defender
2011-04-13 01:50:19 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-04-13 01:33:14 514230 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-12 02:17:02 0 d-----w- c:\windows\Hewlett-Packard
2011-04-12 02:14:51 0 d-----w- c:\windows\system32\NtmsData
2011-04-11 05:28:44 0 d-----w- c:\program files\common files\xing shared
2011-04-11 04:40:10 719 ------w- C:\Windows Restore.lnk
2011-04-11 04:40:10 0 d-----w- C:\Windows Restore
2011-04-10 23:10:59 1228854 ---h--w- C:\fsqwr.bmp
2011-04-10 22:33:47 0 d--h--w- c:\docume~1\alluse~1\applic~1\lNd31002bAiOa31002
2011-04-10 00:43:12 0 d--h--w- C:\Adobe
2011-04-09 18:13:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2011-04-09 17:25:09 73728 ---h--w- c:\windows\system32\javacpl.cpl
2011-04-09 17:25:09 472808 ---h--w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2011-04-16 16:59:54 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2011-04-16 16:59:54 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2011-04-16 16:59:54 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-04-16 16:59:54 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-16 07:17:47 52352 ----a-w- c:\windows\system32\drivers\OLD51.tmp
2011-02-09 13:53:52 270848 ---ha-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ---ha-w- c:\windows\system32\encdec.dll
2011-02-03 01:11:20 222080 ---h--w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35 2067456 ---ha-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ---ha-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ---ha-w- c:\windows\system32\shimgvw.dll

============= FINISH: 13:16:24.92 ===============


29 Posts
Discussion Starter · #4 ·
Tried to remove XP security 2011 can't download now.

Dell Latitude D820 laptop running XP professional. I have the XP security 2011 virus and had lost desktop icons, start menu items, control panel add/remove programs, documents, basically all files were gone. After following posts I was able to use rKill, Malwarebytes and unhide to get the virus halted and restore all the files that were lost. I somehow lost Norton AntiVirus during the process. Now I cannot install Norton and cannot update windows. Windows update error: 0x800072eff. Other than that I think it's working well. Any help will be greatly appreciated. :pray: Thank You! :D
1 - 6 of 6 Posts
Not open for further replies.