How do i rectify this. [Image Included]

Status
Not open for further replies.

escape7

What? Where? How?
How do i rectify this. [Image Included], Hijackthis log added...

The open and explore options do not show, instead there is some random gibberish.
tmpol0.jpg

I've got no idea how this happened, is it a virus or something? HOw do i correct it. Re-installing XP is not an option as i do not have the CD at the moment.
 
Last edited:

dheeraj_kumar

Legen-wait for it-dary!
Try the usual stuff - Spybot, Ad-Aware, NOD32, HJT.

And this looks like some asian language - you dont have the converter so its displayed as gibberish. What file types is this problem present in? because if its only one or two, you can change it using folder options.
 

Cool Joe

The Black Waltz
as dheeraj mentioned try avast or avg, spybot and all with latest updates. also post hijack this log.
 
OP
escape7

escape7

What? Where? How?
I've used avg and spbot, there were a few infections but the problem persists. And i feel its not an asian language as they do not open on clicking, an error occurs... I'm typing the name of the drive in the explorer to open it.

How do i get the hijack this log?
 

zyberboy

dá ûnrêäl Kiñg
do a full system scan with kaspersky, then delete the hidden autorun.inf file in root of every drive to solve the problem.
 
OP
escape7

escape7

What? Where? How?
Here's the hijackthis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:31 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\OfficeScan NT\ntrtscan.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\OfficeScan NT\pccntmon.exe
E:\Tapan\DAEMON Tools Lite\daemon.exe
C:\OfficeScan NT\ofcdog.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\OfficeScan NT\pccntupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\fccbYrpN.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Tapan\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: fccbYrpN - fccbYrpN.dll (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Window Image Worker (windownetpker) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe (file missing)

--
End of file - 4397 bytes
 

Garbage

God of Mistakes...
You have to delete autorun.inf file in each drive. It might hidden. So, check for that.
 

Sathish

Debian Gnu/Linux User
Try BitDefender Free Edition.. It should remove all threats @ 100$%

but be careful.. it remove all files and registry entry without your intention. even the win system files and registry entres..

But i wil sure Bit Defender engine is the one to remove 100% threats..

Plz try it as final ........
 

Yavin

Yalam
Use WinRAR to view the drive and it will show all hidden files as well. Delete autorun.inf files from the root of every local and removable drive and restart PC. Else you can also use program like Free Commander and it will show all hidden files. Gud luck!
 

dheeraj_kumar

Legen-wait for it-dary!
Try BitDefender Free Edition.. It should remove all threats @ 100$%

but be careful.. it remove all files and registry entry without your intention. even the win system files and registry entres..

But i wil sure Bit Defender engine is the one to remove 100% threats..

Plz try it as final ........

Using different colors make you look like a noob. Not cool.

Bitdefender DOES NOT remove win system files and registry entries. If it does, it means THEY ARE AFFECTED. And if they are affected, you're better off cleaning them rather than working in an affected comp. And BitDefender notifies you and ASKS you what to do, rather than doing it all by itself.

Lol dude, you make it sound like a virus itself :p

Bitdefender is ranked the best overall antivirus software, and its because it is good, and I choose NOD32 over it only for personal preferences.
 

chandal_keta

Broken In
yah! this is due to virus known as CHINESE virus!!
i think ur problem should be solved if u scan it and remove the virus with kaspersky!!
i have seen this problem with people in NEPAL..and if still doesnt..then format it...coz that would be the last option...but however i think if u properly work with it...should solve ur problem!!
good luck

chandal
 

blueshift

Wise Old Crow
Registry problem i think. If am not wrong some malicious file has added these in Context menu handlers.

Open your Registry Editor and browse through theze keys. See if you can find something.
HKEY_CLASSES_ROOT\Folder\shell\
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\AllFileSystemObjects\Shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

or download this free Context Menu Editor.
 
Status
Not open for further replies.
Top Bottom