Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ntuser.dat file corrupt


  • Please log in to reply

#1
Fan

Fan

    Member

  • Member
  • PipPip
  • 36 posts
I get this message about every 2 minutes. What do I need to do? I have run chkdsk utility as suggested by the Windows -Corrupt File popup. The entire message reads: "The file or directory C:\Documents and Settings\Administrator\ntuser.dat. Any help would be greatly appreciated. I am including an HJT log if you need it. Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 10:10:05 PM, on 06/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\isrvs\desktop.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My Documents\My Received Files\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender8\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = SpywareGuard\sgmain.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {2BBA155B-4461-4B72-9C86-3CBCE634555B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2BBA155B-4461-4B72-9C86-3CBCE634555B} - (no file) (HKCU)
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1099758420472
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pdrssvloge - Symantec Corporation - C:\WINDOWS\System32\drivers\SymIDSCo.sys
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

Advertisements


#2
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Go here to deal with NTUSER, you can possibly create the new one then rename it or after removing the existing one, create another new with the user name you want

http://support.micro...kb;en-us;811151

It could be best to leave changes until you correct the malware so go here

http://www.geekstogo..._Log-t2852.html

Run the programmes as advised then post a current Hijack This log to the malware section

Edited by Keith, 08 June 2005 - 03:15 AM.

  • 0

#3
Fan

Fan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks Keith, but now I can't restart in either normal or safe mode. I tried to boot from my xp cd to repair and it won't reboot from it either. It recognizes the cd in the bios, but when it goes to boot, it goes right past my cd rom (scsi). As it tries to restart in Safe Mode, it stops at a WINDOWS\System32\DRIVERS\amdagp.sys file. It also was just going through the chkdsk system and then restarting which is what it does after it gets to the windows file listed above in Safe Mode.

When it goes through the chkdsk system, it says it found an error and then restarts. Continually.

Edited by Fan, 08 June 2005 - 07:44 PM.

  • 0

#4
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Boot the PC with the CD in and keep tapping the enter key

It is likely to be malware though
  • 0

#5
Fan

Fan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks again Keith,

It just says Boot Failure. I changed the bios to only boot from my cdrom. It seems that I am doomed here.
  • 0

#6
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
If you have another PC with XP on you can do this provided there is a floppy drive on it and on your PC

http://support.micro...b/314079/EN-US/
  • 0

#7
Fan

Fan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I have a laptop with XP and a P4, but my desktop has an AMD P7. Will this still work? I only ask because my laptop doesn't have a floppy and I will have to hook up my USB floppy to it. It is not a lot of work, but I have to find my USB floppy! LOL
  • 0

#8
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
I really hope XP is only interested in the files on the disc, not the proccessor used, it should only depend on the writing format of the floppy drive and if you are going to use the same one it should go OK
  • 0

#9
Fan

Fan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I cannot get the files I need to keep from being hidden. I have unchecked the protect system files and I have checked the show hidden files and folders. What am I doing wrong?
  • 0

#10
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Try search and include hidden and system files

Double click the hard drive then Windows and copy them from there
  • 0

#11
Fan

Fan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Keith, thanks again. Nope no luck. All of the correct boxes are checked/unchecked but I cannot get to the boot.ini file or any of the others. I don't know why.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP