PDA

View Full Version : system32\Config\systemprofile\Desktop



Orchestra
2010-02-21, 16:41
Hi, I've been having trouble with my laptop recently. AVG Free notified me of 3 viral infections when I downloaded a pdf file from a blog, and I thought I had moved the files in question to the virus vault and deleted them. When I next turned on the laptop, the startup process was slow, with no options for safe mode. There was a second black screen before the windows user page comes up, as if a program had just initiated it upon start up. Log-in is the same, but my screensaver and icons are absent and most functions (internet, sound etc) are disabled. I ran SUPERAntiSpyware after rebooting in safe mode, and removed 3 viruses, then cleaned the registry with Smitfraud. I finally ran system restore to the latest date prior to the viral infection (I am now aware this is not recommended), but most functions are still disabled. After giving administrive permission, I can turn on sound, and there are icons on my wallpaper, but internet is still disabled, and I cannot access my Control Panel. Upon startup, I recieve the message "system32\Config\systemprofile\Desktop refers to a location that is unavailable". There is no Desktop file located in systemprofile, and on entering Desktop from the start menu, there are two icons for Control Panel, but neither work. Any help you could offer is greatly appriecated.


Here are is the log from the aforementioned scan, AVG is disabled, so I cannot provide that particular log. I have neither CDRs nor USB drives to copy and paste the logs, so I have written them out. If you require more information, I can find the originals and copy them out again:

SUPERAntiSpyware Scan Log

Memory threats detected : 0
Registry items scanned : 0
Registry threats detected : 3
File threats detected : 0

Trojan.Agent/Gen
HKU\S-1-5-21-1253532804-1684989301-4053837644-1000\Software\Microsof\Windows\CurrentVersion\Ext\Stats\{7545D8C8-F53C-4E2F-8FA0-D248EF4A6E61

Adware.HBHelper
HKCR\CLSID\..
\InprocServer32
\InprocServer32#ThreadingModel
\ProgID
\TypeLib
\VersionIndependantProgID

Browser Hijacker.Deskbar
HKCR\Interface\...
\ProxyStubCLsid
\ProxyStubCLsid32
\TypeLib
\TypeLib#Version

--------------------------------------------------------------------------
SmitfraudFix message
unable to open registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellFolders\Common Favorites" for reading