 |  |  |  |  |  |  |  |
Can not access/Open My Computer, Recycle Bin, My Document from desktop. Please help?
 |
Can not access/Open My Computer, Recycle Bin, My Document from desktop. Please help?
0
#1 Aug 19th, 2007
Here is the log file of HijackThis of my computer. I do not understand what wrong with my computer and how to solve it. Please help.
Logfile of HijackThis v1.99.1
Scan saved at 5:54:48 AM, on 8/20/2007
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
D:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\pctspk.exe
C:\WINNT\System32\PV92Tray.exe
C:\WINNT\System32\VTTimer.exe
C:\WINNT\System32\VTtrayp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AGLOCO Viewbar\Viewbar.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
e:\Program Files\SlimBrowser\sbrowser.exe
e:\Program Files\SlimBrowser\sbrowser.exe
C:\Program Files\IrfanView\i_view32.exe
C:\Documents and Settings\Milan Hazra\My Documents\HJT\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O1 - Hosts: 82.146.60.44 personal.barclays.co.uk
O1 - Hosts: 82.146.60.44 barclays.co.uk
O1 - Hosts: 82.146.60.44 www.barclays.co.uk
O1 - Hosts: 82.146.60.44 hsbc.co.uk
O1 - Hosts: 82.146.60.44 www.hsbc.co.uk
O1 - Hosts: 82.146.60.44 lloydstsb.co.uk
O1 - Hosts: 82.146.60.44 www.lloydstsb.co.uk
O1 - Hosts: 82.146.60.44 www.lloydstsb.com
O1 - Hosts: 82.146.60.44 www.co-operativebank.co.uk
O1 - Hosts: 82.146.60.44 co-operativebank.co.uk
O1 - Hosts: 82.146.60.44 www.co-operativebank.com
O1 - Hosts: 82.146.60.44 co-operativebank.com
O1 - Hosts: 82.146.60.44 www.woolwich.co.uk
O1 - Hosts: 82.146.60.44 woolwich.co.uk
O1 - Hosts: 82.146.60.44 cahoot.com
O1 - Hosts: 82.146.60.44 www.cahoot.com
O1 - Hosts: 82.146.60.44 www.cahoot.co.uk
O1 - Hosts: 82.146.60.44 cahoot.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68B716B5-A06F-4738-B07C-DE1244B3E0ED} - (no file)
O2 - BHO: (no name) - {8F95F705-D377-4A3B-9784-72739F3417Cf} - C:\WINNT\System32\muwdsvqg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EAB14E04-B709-4C3B-AFE0-501B55E43AE6} - (no file)
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - (no file)
O2 - BHO: (no name) - {F762FB4D-4539-4FEC-B3D6-8D5F332DC67A} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINNT\System32\mmsvc32.exe
O4 - HKLM\..\Run: [Spools Service Controller] C:\WINNT\System32\spools.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: ljjkhhe - ljjkhhe.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINNT\system32\dllcache\ivchost.exe (file missing)
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 5:54:48 AM, on 8/20/2007
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
D:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\pctspk.exe
C:\WINNT\System32\PV92Tray.exe
C:\WINNT\System32\VTTimer.exe
C:\WINNT\System32\VTtrayp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AGLOCO Viewbar\Viewbar.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
e:\Program Files\SlimBrowser\sbrowser.exe
e:\Program Files\SlimBrowser\sbrowser.exe
C:\Program Files\IrfanView\i_view32.exe
C:\Documents and Settings\Milan Hazra\My Documents\HJT\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O1 - Hosts: 82.146.60.44 personal.barclays.co.uk
O1 - Hosts: 82.146.60.44 barclays.co.uk
O1 - Hosts: 82.146.60.44 www.barclays.co.uk
O1 - Hosts: 82.146.60.44 hsbc.co.uk
O1 - Hosts: 82.146.60.44 www.hsbc.co.uk
O1 - Hosts: 82.146.60.44 lloydstsb.co.uk
O1 - Hosts: 82.146.60.44 www.lloydstsb.co.uk
O1 - Hosts: 82.146.60.44 www.lloydstsb.com
O1 - Hosts: 82.146.60.44 www.co-operativebank.co.uk
O1 - Hosts: 82.146.60.44 co-operativebank.co.uk
O1 - Hosts: 82.146.60.44 www.co-operativebank.com
O1 - Hosts: 82.146.60.44 co-operativebank.com
O1 - Hosts: 82.146.60.44 www.woolwich.co.uk
O1 - Hosts: 82.146.60.44 woolwich.co.uk
O1 - Hosts: 82.146.60.44 cahoot.com
O1 - Hosts: 82.146.60.44 www.cahoot.com
O1 - Hosts: 82.146.60.44 www.cahoot.co.uk
O1 - Hosts: 82.146.60.44 cahoot.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68B716B5-A06F-4738-B07C-DE1244B3E0ED} - (no file)
O2 - BHO: (no name) - {8F95F705-D377-4A3B-9784-72739F3417Cf} - C:\WINNT\System32\muwdsvqg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EAB14E04-B709-4C3B-AFE0-501B55E43AE6} - (no file)
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - (no file)
O2 - BHO: (no name) - {F762FB4D-4539-4FEC-B3D6-8D5F332DC67A} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINNT\System32\mmsvc32.exe
O4 - HKLM\..\Run: [Spools Service Controller] C:\WINNT\System32\spools.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: ljjkhhe - ljjkhhe.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINNT\system32\dllcache\ivchost.exe (file missing)
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
Re: Can not access/Open My Computer, Recycle Bin, My Document from desktop. Please he
0
#2 Aug 20th, 2007
A naked XP!! You were a sitting duck for this!! It is just FOOLHARDY to not have SP2. So now you've got worms.
=Rename the Hijackthis.exe to imabunny.exe.
=Please download HostsXpert v4 from: http://www.funkytoad.com/content/view/13/31/ and extract it to your Desktop.
=Click the Restore MS Hosts Button and then click OK and exit HostsXpert.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Okay, please run HT again and repost with the fixwareout and combofix logs.
=Rename the Hijackthis.exe to imabunny.exe.
=Please download HostsXpert v4 from: http://www.funkytoad.com/content/view/13/31/ and extract it to your Desktop.
=Click the Restore MS Hosts Button and then click OK and exit HostsXpert.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Okay, please run HT again and repost with the fixwareout and combofix logs.
Last edited by gerbil; Aug 20th, 2007 at 4:29 am.
Deep, deep in the woods, but walking about.
Re: Can not access/Open My Computer, Recycle Bin, My Document from desktop. Please he
0
#3 Aug 21st, 2007
•
•
•
•
Originally Posted by gerbil 
A naked XP!! You were a sitting duck for this!! It is just FOOLHARDY to not have SP2. So now you've got worms.
=Rename the Hijackthis.exe to imabunny.exe.
=Please download HostsXpert v4 from: http://www.funkytoad.com/content/view/13/31/ and extract it to your Desktop.
=Click the Restore MS Hosts Button and then click OK and exit HostsXpert.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Okay, please run HT again and repost with the fixwareout and combofix logs.
Hi,
As per your instructions I had downloded both i.e. HostsXpert & ComboFix.exe. But the problem is whenever I click the restore MS
Hosts Button and click OK - A Error messsage comes out "(Cannot create file C:\WINNT\system32\DRIVERS\ETC\host)".
I tried for several time but the same error msg.
Milan Hazra
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Re: Can not access/Open My Computer, Recycle Bin, My Document from desktop. Please help?
0
#4 Aug 22nd, 2007
Something has locked your Hosts file, possibly an application, possibly the pest. Unlock hosts exists in Zonealarm, firewall, advanced, or Spybot.
In Spybot, click Tools,Hosts File, uncheck "Lock Hosts file read-only as protection against hijackers"
Or just...[ but a Spybot setting may over-ride this command....] do this:
Go Start, run, type cmd -press Enter. Paste this line into the window at the prompt, press Enter, close the window.
attrib -r -h -s %SystemRoot%\system32\drivers\etc\HOSTS
Now try HostsXpert.
In Spybot, click Tools,Hosts File, uncheck "Lock Hosts file read-only as protection against hijackers"
Or just...[ but a Spybot setting may over-ride this command....] do this:
Go Start, run, type cmd -press Enter. Paste this line into the window at the prompt, press Enter, close the window.
attrib -r -h -s %SystemRoot%\system32\drivers\etc\HOSTS
Now try HostsXpert.
Deep, deep in the woods, but walking about.
Re: Can not access/Open My Computer, Recycle Bin, My Document from desktop. Please help?
0
#5 Aug 23rd, 2007
Here are the log files of HijakThis & ComboFix.exe
==================================ComboFix 07-08-17.2 - "Milan Hazra" 08/23/2007 19:48:16.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.0.1252.1.1033.18.72 [GMT 5.5:30]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\system32\ddccb.dll
C:\WINNT\system32\jkkll.dll
C:\WINNT\system32\mllmn.dll
C:\WINNT\system32\muwdsvqg.dll
C:\WINNT\system32\ybadd.bak2
C:\WINNT\system32\ybadd.ini2
C:\WINNT\system32\ybadd.tmp
((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))
2007-08-23 19:46 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-22 18:34 7,008 --a------ C:\WINNT\system\SETUPKIT.DLL
2007-08-22 18:34 398,416 --a------ C:\WINNT\system\VBRUN300.DLL
2007-08-22 18:07 5,221,441 --------- C:\AVG7QT.DAT
2007-08-22 18:06 217,110 -r-hs---- C:\AVG7DB_F.DAT
2007-08-22 18:04 18,720 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2007-08-21 23:05 236,032 --a------ C:\WINNT\system32\bbot.exe
2007-08-21 17:52 <DIR> dr------- C:\WINNT\Offline Web Pages
2007-08-21 17:49 94,480 --a------ C:\WINNT\system32\msencode.dll
2007-08-21 17:49 72,464 --a------ C:\WINNT\system32\actxprxy.dll
2007-08-21 17:49 62,976 --a------ C:\WINNT\system32\inetcplc.dll
2007-08-21 17:49 58,368 --a------ C:\WINNT\system32\mshtmler.dll
2007-08-21 17:49 58,128 --a------ C:\WINNT\system32\iesetup.dll
2007-08-21 17:49 553,232 --a------ C:\WINNT\system32\comctl32.dll
2007-08-21 17:49 523,024 --a------ C:\WINNT\system32\mlang.dll
2007-08-21 17:49 46,352 --a------ C:\WINNT\system32\digest.dll
2007-08-21 17:49 38,672 --a------ C:\WINNT\system32\msident.dll
2007-08-21 17:49 35,328 --a------ C:\WINNT\system32\browselc.dll
2007-08-21 17:49 332,288 --a------ C:\WINNT\system32\shdoclc.dll
2007-08-21 17:49 31,504 --a------ C:\WINNT\system32\imgutil.dll
2007-08-21 17:49 29,968 --a------ C:\WINNT\system32\mshta.exe
2007-08-21 17:49 245,520 --a------ C:\WINNT\system32\msieftp.dll
2007-08-21 17:49 21,776 --a------ C:\WINNT\system32\shfolder.dll
2007-08-21 17:49 18,704 --a------ C:\WINNT\system32\sendmail.dll
2007-08-21 17:49 14,848 --a------ C:\WINNT\system32\msidntld.dll
2007-08-20 21:37 236,032 --a------ C:\WINNT\system32\spbb.exe
2007-08-20 21:36 8,192 --a------ C:\WINNT\system32\psvc.exe
2007-08-20 21:36 42,496 --a------ C:\WINNT\system32\gate.exe
2007-08-17 08:36 <DIR> d-------- C:\Program Files\CCleaner
2007-08-16 23:23 236,032 --a------ C:\WINNT\system32\spools.exe
2007-08-16 23:21 56,832 --a------ C:\WINNT\system32\mmsvc32.exe
2007-08-15 07:20 56,832 --a------ C:\WINNT\system32\mmf32.exe
2007-08-14 22:55 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
2007-08-12 04:04 83,208 --a------ C:\WINNT\system32\S32EVNT1.DLL
2007-08-12 04:04 82,136 --a------ C:\WINNT\system32\drivers\SYMEVENT.SYS
2007-08-12 04:04 2,397 --a------ C:\WINNT\system32\drivers\symlcbrd.sys
2007-08-12 04:04 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-08-12 04:03 <DIR> d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\Symantec
2007-08-12 04:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-10 11:00 34,578 --a------ C:\WINNT\system32\drivers\NPDRIVER.SYS
2007-08-10 10:58 <DIR> d-------- C:\Program Files\Symantec
2007-08-10 10:58 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-10 06:33 <DIR> d-------- C:\Program Files\WindowsUpdate
2007-08-10 06:32 <DIR> d-------- C:\WINNT\SoftwareDistribution
2007-08-10 05:16 1,635 --a------ C:\nordm.exe
2007-08-09 06:12 46,482 --a------ C:\my2.exe
2007-08-09 05:19 <DIR> d-------- C:\Program Files\RegCleaner
2007-08-07 05:00 <DIR> d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\SlimBrowser
2007-08-06 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-06 11:37 476,320 --a------ C:\WINNT\system32\ImagXpr7.dll
2007-08-06 11:37 471,040 --a------ C:\WINNT\system32\ImagXRA7.dll
2007-08-06 11:37 38,912 --a------ C:\WINNT\system32\picn20.dll
2007-08-06 11:37 364,544 --a------ C:\WINNT\system32\TwnLib4.dll
2007-08-06 11:37 262,144 --a------ C:\WINNT\system32\ImagXR7.dll
2007-08-06 11:37 106,496 --a------ C:\WINNT\system32\TwnLib20.dll
2007-08-06 11:37 1,568,768 --a------ C:\WINNT\system32\ImagX7.dll
2007-08-06 11:36 155,648 --a------ C:\WINNT\system32\NeroCheck.exe
2007-08-06 11:36 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-06 11:36 <DIR> d-------- C:\Program Files\Ahead
2007-08-06 07:37 74,752 --a------ C:\WINNT\ST6UNST.EXE
2007-08-06 07:37 26,897 --a------ C:\WINNT\SETUP1.EXE
2007-07-31 19:16 <DIR> d-------- C:\WINNT\Adobe Illustrator CS
2007-07-30 01:11 19,808 --a------ C:\WINNT\system\DDRAW16.DLL
2007-07-30 01:11 16,896 --a------ C:\WINNT\system32\DDHELP.EXE
2007-07-30 01:06 2,560 --a------ C:\WINNT\_MSRSTRT.EXE
2007-07-30 00:52 610,304 --a------ C:\WINNT\system32\AVViewer.dll
2007-07-30 00:52 40,960 --a------ C:\WINNT\system32\StaticIm.dll
2007-07-30 00:52 28,672 --a------ C:\WINNT\system32\VService.dll
2007-07-30 00:20 5,600 --a------ C:\WINNT\system\winaspi.dll
2007-07-30 00:20 48,128 --a------ C:\WINNT\system32\wnaspi32.dll
2007-07-30 00:20 4,672 --a------ C:\WINNT\system\wowpost.exe
2007-07-30 00:20 23,936 --a------ C:\WINNT\system32\drivers\aspi32.sys
2007-07-29 23:39 66,048 --a------ C:\WINNT\system32\unam4ie.exe
2007-07-29 23:39 53,248 --a------ C:\WINNT\system32\mspmspsv.exe
2007-07-29 23:39 52,720 --a------ C:\WINNT\system32\drivers\cdr4_2k.sys
2007-07-29 23:39 5,120 --a------ C:\WINNT\system32\msdxmlc.dll
2007-07-29 23:39 466,944 --a------ C:\WINNT\system32\wmv8dmoe.dll
2007-07-29 23:39 45,056 --a------ C:\WINNT\system32\wmplenc.dll
2007-07-29 23:39 45,056 --a------ C:\WINNT\system32\cdrtc.dll
2007-07-29 23:39 45,056 --a------ C:\WINNT\system32\cdral.dll
2007-07-29 23:39 446,464 --a------ C:\WINNT\system32\wmvdmoe.dll
2007-07-29 23:39 368,710 --a------ C:\WINNT\system32\msisam11.dll
2007-07-29 23:39 352,256 --a------ C:\WINNT\system32\lyrasp.dll
2007-07-29 23:39 335,360 --a------ C:\WINNT\system32\wmstream.dll
2007-07-29 23:39 32,768 --a------ C:\WINNT\system32\asferror.dll
2007-07-29 23:39 309,584 --a------ C:\WINNT\system32\wmv8dmod.dll
2007-07-29 23:39 278,016 --a------ C:\WINNT\system32\vct3216.dll
2007-07-29 23:39 241,725 --a------ C:\WINNT\system32\msuni11.dll
2007-07-29 23:39 24,064 --a------ C:\WINNT\system32\wmdmlog.dll
2007-07-29 23:39 221,184 --a------ C:\WINNT\system32\msscp.dll
2007-07-29 23:39 22,585 --a------ C:\WINNT\system32\drivers\cdralw2k.sys
2007-07-29 23:39 188,416 --a------ C:\WINNT\system32\mspmsp.dll
2007-07-29 23:39 163,840 --a------ C:\WINNT\system32\mindex.dll
2007-07-29 23:39 16,384 --a------ C:\WINNT\system32\wmdmps.dll
2007-07-29 23:39 159,744 --a------ C:\WINNT\system32\mswmdm.dll
2007-07-29 23:39 147,456 --a------ C:\WINNT\system32\CEWMDM.dll
2007-07-29 23:39 118,784 --a------ C:\WINNT\system32\wmsdmoe.dll
2007-07-29 23:39 <DIR> d-------- C:\Program Files\Adaptec
2007-07-29 23:37 722,192 --a------ C:\WINNT\system32\VB40032.DLL
2007-07-29 23:37 <DIR> d-------- C:\WINNT\NPCommon
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
99-12-07 17:30 32528 --a------ C:\WINNT\inf\wbfirdma.sys
07-08-23 08:00 --------- d-------- C:\Program Files\IrfanView
07-08-16 11:33 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\TextPad
07-08-10 09:52 --------- d--h----- C:\Program Files\InstallShield Installation Information
07-08-05 08:17 --------- d-------- C:\Program Files\AGLOCO Viewbar
07-08-02 19:37 439 --ah----- C:\os755515.bin
07-07-23 08:03 18980 --a------ C:\WINNT\system32\ne1.exe
07-07-19 07:36 --------- d--h----- C:\Program Files\Zenographics
07-07-19 07:36 --------- d-------- C:\Program Files\Hewlett-Packard
07-07-17 15:59 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\MyPictures3D
07-07-16 09:04 --------- d-------- C:\Program Files\Common Files\River Past
07-07-16 09:04 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\River Past G5
07-07-16 05:41 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\Microsoft Web Folders
07-07-15 21:55 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\IrfanView
07-07-15 20:54 50688 --a------ C:\WINNT\system32\wbhelp2.dll
07-07-15 20:53 --------- d-------- C:\Program Files\Common Files\InstallShield
07-07-15 18:35 --------- d-------- C:\Program Files\Windows NT
07-07-15 18:35 --------- d-------- C:\Program Files\Accessories
07-07-15 18:27 --------- d-a------ C:\Program Files\Common Files\ODBC
07-07-15 17:12 --------- d-------- C:\Program Files\Common Files\SynEdit
07-07-15 15:55 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\Help
07-07-15 14:11 --------- d-------- C:\Program Files\Common Files\Nero
07-07-15 14:02 --------- d-------- C:\Program Files\VIAudioi
07-07-15 14:00 --------- d-------- C:\Program Files\S3
07-07-15 13:59 --------- d-------- C:\Program Files\VIA
07-07-15 13:08 --------- d-------- C:\Program Files\microsoft frontpage
07-07-15 13:07 271 ---h----- C:\Program Files\desktop.ini
07-07-15 13:07 1152 --ahs---- C:\zjvjavz3.sys
07-07-15 13:07 0 -rahs---- C:\MSDOS.SYS
07-07-15 13:07 0 -rahs---- C:\IO.SYS
07-07-15 13:07 0 ---h----- C:\CONFIG.SYS
07-07-15 13:07 0 ---h----- C:\AUTOEXEC.BAT
07-05-31 17:42 21656 --a------ C:\WINNT\system32\dopdfmn5.dll
07-05-31 17:42 17048 --a------ C:\WINNT\system32\dopdfmi5.dll
1999-12-07 12:00:00 1,344,512 --sha-r C:\WINNT\system32\svbhost.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68B716B5-A06F-4738-B07C-DE1244B3E0ED}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAB14E04-B709-4C3B-AFE0-501B55E43AE6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F762FB4D-4539-4FEC-B3D6-8D5F332DC67A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [99-12-07 17:30 C:\WINNT\system32\mobsync.exe]
"PCTVOICE"="pctspk.exe" [03-04-24 16:45 C:\WINNT\system32\pctspk.exe]
"PV92TRAY"="PV92Tray.exe" [03-04-24 17:05 C:\WINNT\system32\PV92Tray.exe]
"VTTimer"="VTTimer.exe" [05-03-08 01:03 C:\WINNT\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [06-03-23 13:32 C:\WINNT\system32\VTTrayp.exe]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [06-07-26 11:49 ]
"Viewbar"="C:\Program Files\AGLOCO Viewbar\Viewbar.exe" [07-07-20 23:05 ]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [06-01-30 21:30 ]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 10:50 ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-08-15 06:29 ]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [03-08-17 23:33 ]
"Microsoft Network Services Controller"="C:\WINNT\System32\mmsvc32.exe" [07-08-22 22:12 ]
"Spools Service Controller"="C:\WINNT\System32\spools.exe" [07-08-22 22:14 ]
"AVG7_CC"="e:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-08-22 18:03 ]
"AVG7_EMC"="e:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [07-08-22 18:03 ]
"AVG7_RegCleaner"="e:\PROGRA~1\Grisoft\AVG7\avgregcl.exe" [07-08-22 18:03 ]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-13 10:11:12]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 11:35:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkhhe]
ljjkhhe.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared Anti-Dialer]
"E:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_RegCleaner]
C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
R0 videX32;videX32;C:\WINNT\System32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINNT\System32\DRIVERS\xfilt.sys
R1 Avg7RsNT;AVG7 Rezident Driver;C:\WINNT\System32\Drivers\avg7rsnt.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINNT\System32\Drivers\NPDRIVER.SYS
S2 mshexdefx;ms hexidecimal defx;"C:\WINNT\system32\dllcache\ivchost.exe"
S3 GMSIPCI;GMSIPCI;\??\G:\INSTALL\GMSIPCI.SYS
*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
Contents of the 'Scheduled Tasks' folder
2007-08-11 22:51:26 C:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job - C:\PROGRA~1\NORTON~1\Navw32.exe
2007-08-23 14:23:04 C:\WINNT\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 19:52:01
Windows 5.0.2195 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="D:/mysql/bin/mysqld-nt.exe"
Completion time: 2007-08-23 19:55:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-23 19:55
--- E O F ---
=====================================
Logfile of HijackThis v1.99.1
Scan saved at 8:05:25 PM, on 8/23/2007
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
D:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\pctspk.exe
C:\WINNT\System32\PV92Tray.exe
C:\WINNT\System32\VTTimer.exe
C:\WINNT\System32\VTtrayp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AGLOCO Viewbar\Viewbar.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
e:\Program Files\SlimBrowser\sbrowser.exe
e:\Program Files\SlimBrowser\sbrowser.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Documents and Settings\Milan Hazra\My Documents\HJT\hijackthis\imabunny.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68B716B5-A06F-4738-B07C-DE1244B3E0ED} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EAB14E04-B709-4C3B-AFE0-501B55E43AE6} - (no file)
O2 - BHO: (no name) - {F762FB4D-4539-4FEC-B3D6-8D5F332DC67A} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINNT\System32\mmsvc32.exe
O4 - HKLM\..\Run: [Spools Service Controller] C:\WINNT\System32\spools.exe
O4 - HKLM\..\Run: [AVG7_CC] e:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] e:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] e:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: ljjkhhe - ljjkhhe.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINNT\system32\dllcache\ivchost.exe (file missing)
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
==================================ComboFix 07-08-17.2 - "Milan Hazra" 08/23/2007 19:48:16.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.0.1252.1.1033.18.72 [GMT 5.5:30]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\system32\ddccb.dll
C:\WINNT\system32\jkkll.dll
C:\WINNT\system32\mllmn.dll
C:\WINNT\system32\muwdsvqg.dll
C:\WINNT\system32\ybadd.bak2
C:\WINNT\system32\ybadd.ini2
C:\WINNT\system32\ybadd.tmp
((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))
2007-08-23 19:46 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-22 18:34 7,008 --a------ C:\WINNT\system\SETUPKIT.DLL
2007-08-22 18:34 398,416 --a------ C:\WINNT\system\VBRUN300.DLL
2007-08-22 18:07 5,221,441 --------- C:\AVG7QT.DAT
2007-08-22 18:06 217,110 -r-hs---- C:\AVG7DB_F.DAT
2007-08-22 18:04 18,720 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2007-08-21 23:05 236,032 --a------ C:\WINNT\system32\bbot.exe
2007-08-21 17:52 <DIR> dr------- C:\WINNT\Offline Web Pages
2007-08-21 17:49 94,480 --a------ C:\WINNT\system32\msencode.dll
2007-08-21 17:49 72,464 --a------ C:\WINNT\system32\actxprxy.dll
2007-08-21 17:49 62,976 --a------ C:\WINNT\system32\inetcplc.dll
2007-08-21 17:49 58,368 --a------ C:\WINNT\system32\mshtmler.dll
2007-08-21 17:49 58,128 --a------ C:\WINNT\system32\iesetup.dll
2007-08-21 17:49 553,232 --a------ C:\WINNT\system32\comctl32.dll
2007-08-21 17:49 523,024 --a------ C:\WINNT\system32\mlang.dll
2007-08-21 17:49 46,352 --a------ C:\WINNT\system32\digest.dll
2007-08-21 17:49 38,672 --a------ C:\WINNT\system32\msident.dll
2007-08-21 17:49 35,328 --a------ C:\WINNT\system32\browselc.dll
2007-08-21 17:49 332,288 --a------ C:\WINNT\system32\shdoclc.dll
2007-08-21 17:49 31,504 --a------ C:\WINNT\system32\imgutil.dll
2007-08-21 17:49 29,968 --a------ C:\WINNT\system32\mshta.exe
2007-08-21 17:49 245,520 --a------ C:\WINNT\system32\msieftp.dll
2007-08-21 17:49 21,776 --a------ C:\WINNT\system32\shfolder.dll
2007-08-21 17:49 18,704 --a------ C:\WINNT\system32\sendmail.dll
2007-08-21 17:49 14,848 --a------ C:\WINNT\system32\msidntld.dll
2007-08-20 21:37 236,032 --a------ C:\WINNT\system32\spbb.exe
2007-08-20 21:36 8,192 --a------ C:\WINNT\system32\psvc.exe
2007-08-20 21:36 42,496 --a------ C:\WINNT\system32\gate.exe
2007-08-17 08:36 <DIR> d-------- C:\Program Files\CCleaner
2007-08-16 23:23 236,032 --a------ C:\WINNT\system32\spools.exe
2007-08-16 23:21 56,832 --a------ C:\WINNT\system32\mmsvc32.exe
2007-08-15 07:20 56,832 --a------ C:\WINNT\system32\mmf32.exe
2007-08-14 22:55 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
2007-08-12 04:04 83,208 --a------ C:\WINNT\system32\S32EVNT1.DLL
2007-08-12 04:04 82,136 --a------ C:\WINNT\system32\drivers\SYMEVENT.SYS
2007-08-12 04:04 2,397 --a------ C:\WINNT\system32\drivers\symlcbrd.sys
2007-08-12 04:04 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-08-12 04:03 <DIR> d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\Symantec
2007-08-12 04:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-10 11:00 34,578 --a------ C:\WINNT\system32\drivers\NPDRIVER.SYS
2007-08-10 10:58 <DIR> d-------- C:\Program Files\Symantec
2007-08-10 10:58 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-10 06:33 <DIR> d-------- C:\Program Files\WindowsUpdate
2007-08-10 06:32 <DIR> d-------- C:\WINNT\SoftwareDistribution
2007-08-10 05:16 1,635 --a------ C:\nordm.exe
2007-08-09 06:12 46,482 --a------ C:\my2.exe
2007-08-09 05:19 <DIR> d-------- C:\Program Files\RegCleaner
2007-08-07 05:00 <DIR> d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\SlimBrowser
2007-08-06 21:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-06 11:37 476,320 --a------ C:\WINNT\system32\ImagXpr7.dll
2007-08-06 11:37 471,040 --a------ C:\WINNT\system32\ImagXRA7.dll
2007-08-06 11:37 38,912 --a------ C:\WINNT\system32\picn20.dll
2007-08-06 11:37 364,544 --a------ C:\WINNT\system32\TwnLib4.dll
2007-08-06 11:37 262,144 --a------ C:\WINNT\system32\ImagXR7.dll
2007-08-06 11:37 106,496 --a------ C:\WINNT\system32\TwnLib20.dll
2007-08-06 11:37 1,568,768 --a------ C:\WINNT\system32\ImagX7.dll
2007-08-06 11:36 155,648 --a------ C:\WINNT\system32\NeroCheck.exe
2007-08-06 11:36 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-06 11:36 <DIR> d-------- C:\Program Files\Ahead
2007-08-06 07:37 74,752 --a------ C:\WINNT\ST6UNST.EXE
2007-08-06 07:37 26,897 --a------ C:\WINNT\SETUP1.EXE
2007-07-31 19:16 <DIR> d-------- C:\WINNT\Adobe Illustrator CS
2007-07-30 01:11 19,808 --a------ C:\WINNT\system\DDRAW16.DLL
2007-07-30 01:11 16,896 --a------ C:\WINNT\system32\DDHELP.EXE
2007-07-30 01:06 2,560 --a------ C:\WINNT\_MSRSTRT.EXE
2007-07-30 00:52 610,304 --a------ C:\WINNT\system32\AVViewer.dll
2007-07-30 00:52 40,960 --a------ C:\WINNT\system32\StaticIm.dll
2007-07-30 00:52 28,672 --a------ C:\WINNT\system32\VService.dll
2007-07-30 00:20 5,600 --a------ C:\WINNT\system\winaspi.dll
2007-07-30 00:20 48,128 --a------ C:\WINNT\system32\wnaspi32.dll
2007-07-30 00:20 4,672 --a------ C:\WINNT\system\wowpost.exe
2007-07-30 00:20 23,936 --a------ C:\WINNT\system32\drivers\aspi32.sys
2007-07-29 23:39 66,048 --a------ C:\WINNT\system32\unam4ie.exe
2007-07-29 23:39 53,248 --a------ C:\WINNT\system32\mspmspsv.exe
2007-07-29 23:39 52,720 --a------ C:\WINNT\system32\drivers\cdr4_2k.sys
2007-07-29 23:39 5,120 --a------ C:\WINNT\system32\msdxmlc.dll
2007-07-29 23:39 466,944 --a------ C:\WINNT\system32\wmv8dmoe.dll
2007-07-29 23:39 45,056 --a------ C:\WINNT\system32\wmplenc.dll
2007-07-29 23:39 45,056 --a------ C:\WINNT\system32\cdrtc.dll
2007-07-29 23:39 45,056 --a------ C:\WINNT\system32\cdral.dll
2007-07-29 23:39 446,464 --a------ C:\WINNT\system32\wmvdmoe.dll
2007-07-29 23:39 368,710 --a------ C:\WINNT\system32\msisam11.dll
2007-07-29 23:39 352,256 --a------ C:\WINNT\system32\lyrasp.dll
2007-07-29 23:39 335,360 --a------ C:\WINNT\system32\wmstream.dll
2007-07-29 23:39 32,768 --a------ C:\WINNT\system32\asferror.dll
2007-07-29 23:39 309,584 --a------ C:\WINNT\system32\wmv8dmod.dll
2007-07-29 23:39 278,016 --a------ C:\WINNT\system32\vct3216.dll
2007-07-29 23:39 241,725 --a------ C:\WINNT\system32\msuni11.dll
2007-07-29 23:39 24,064 --a------ C:\WINNT\system32\wmdmlog.dll
2007-07-29 23:39 221,184 --a------ C:\WINNT\system32\msscp.dll
2007-07-29 23:39 22,585 --a------ C:\WINNT\system32\drivers\cdralw2k.sys
2007-07-29 23:39 188,416 --a------ C:\WINNT\system32\mspmsp.dll
2007-07-29 23:39 163,840 --a------ C:\WINNT\system32\mindex.dll
2007-07-29 23:39 16,384 --a------ C:\WINNT\system32\wmdmps.dll
2007-07-29 23:39 159,744 --a------ C:\WINNT\system32\mswmdm.dll
2007-07-29 23:39 147,456 --a------ C:\WINNT\system32\CEWMDM.dll
2007-07-29 23:39 118,784 --a------ C:\WINNT\system32\wmsdmoe.dll
2007-07-29 23:39 <DIR> d-------- C:\Program Files\Adaptec
2007-07-29 23:37 722,192 --a------ C:\WINNT\system32\VB40032.DLL
2007-07-29 23:37 <DIR> d-------- C:\WINNT\NPCommon
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
99-12-07 17:30 32528 --a------ C:\WINNT\inf\wbfirdma.sys
07-08-23 08:00 --------- d-------- C:\Program Files\IrfanView
07-08-16 11:33 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\TextPad
07-08-10 09:52 --------- d--h----- C:\Program Files\InstallShield Installation Information
07-08-05 08:17 --------- d-------- C:\Program Files\AGLOCO Viewbar
07-08-02 19:37 439 --ah----- C:\os755515.bin
07-07-23 08:03 18980 --a------ C:\WINNT\system32\ne1.exe
07-07-19 07:36 --------- d--h----- C:\Program Files\Zenographics
07-07-19 07:36 --------- d-------- C:\Program Files\Hewlett-Packard
07-07-17 15:59 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\MyPictures3D
07-07-16 09:04 --------- d-------- C:\Program Files\Common Files\River Past
07-07-16 09:04 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\River Past G5
07-07-16 05:41 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\Microsoft Web Folders
07-07-15 21:55 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\IrfanView
07-07-15 20:54 50688 --a------ C:\WINNT\system32\wbhelp2.dll
07-07-15 20:53 --------- d-------- C:\Program Files\Common Files\InstallShield
07-07-15 18:35 --------- d-------- C:\Program Files\Windows NT
07-07-15 18:35 --------- d-------- C:\Program Files\Accessories
07-07-15 18:27 --------- d-a------ C:\Program Files\Common Files\ODBC
07-07-15 17:12 --------- d-------- C:\Program Files\Common Files\SynEdit
07-07-15 15:55 --------- d-------- C:\DOCUME~1\MILANH~1\APPLIC~1\Help
07-07-15 14:11 --------- d-------- C:\Program Files\Common Files\Nero
07-07-15 14:02 --------- d-------- C:\Program Files\VIAudioi
07-07-15 14:00 --------- d-------- C:\Program Files\S3
07-07-15 13:59 --------- d-------- C:\Program Files\VIA
07-07-15 13:08 --------- d-------- C:\Program Files\microsoft frontpage
07-07-15 13:07 271 ---h----- C:\Program Files\desktop.ini
07-07-15 13:07 1152 --ahs---- C:\zjvjavz3.sys
07-07-15 13:07 0 -rahs---- C:\MSDOS.SYS
07-07-15 13:07 0 -rahs---- C:\IO.SYS
07-07-15 13:07 0 ---h----- C:\CONFIG.SYS
07-07-15 13:07 0 ---h----- C:\AUTOEXEC.BAT
07-05-31 17:42 21656 --a------ C:\WINNT\system32\dopdfmn5.dll
07-05-31 17:42 17048 --a------ C:\WINNT\system32\dopdfmi5.dll
1999-12-07 12:00:00 1,344,512 --sha-r C:\WINNT\system32\svbhost.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68B716B5-A06F-4738-B07C-DE1244B3E0ED}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAB14E04-B709-4C3B-AFE0-501B55E43AE6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F762FB4D-4539-4FEC-B3D6-8D5F332DC67A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [99-12-07 17:30 C:\WINNT\system32\mobsync.exe]
"PCTVOICE"="pctspk.exe" [03-04-24 16:45 C:\WINNT\system32\pctspk.exe]
"PV92TRAY"="PV92Tray.exe" [03-04-24 17:05 C:\WINNT\system32\PV92Tray.exe]
"VTTimer"="VTTimer.exe" [05-03-08 01:03 C:\WINNT\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [06-03-23 13:32 C:\WINNT\system32\VTTrayp.exe]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [06-07-26 11:49 ]
"Viewbar"="C:\Program Files\AGLOCO Viewbar\Viewbar.exe" [07-07-20 23:05 ]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [06-01-30 21:30 ]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 10:50 ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03-08-15 06:29 ]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [03-08-17 23:33 ]
"Microsoft Network Services Controller"="C:\WINNT\System32\mmsvc32.exe" [07-08-22 22:12 ]
"Spools Service Controller"="C:\WINNT\System32\spools.exe" [07-08-22 22:14 ]
"AVG7_CC"="e:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-08-22 18:03 ]
"AVG7_EMC"="e:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [07-08-22 18:03 ]
"AVG7_RegCleaner"="e:\PROGRA~1\Grisoft\AVG7\avgregcl.exe" [07-08-22 18:03 ]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-13 10:11:12]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 11:35:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkhhe]
ljjkhhe.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared Anti-Dialer]
"E:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_RegCleaner]
C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
R0 videX32;videX32;C:\WINNT\System32\DRIVERS\videX32.sys
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINNT\System32\DRIVERS\xfilt.sys
R1 Avg7RsNT;AVG7 Rezident Driver;C:\WINNT\System32\Drivers\avg7rsnt.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINNT\System32\Drivers\NPDRIVER.SYS
S2 mshexdefx;ms hexidecimal defx;"C:\WINNT\system32\dllcache\ivchost.exe"
S3 GMSIPCI;GMSIPCI;\??\G:\INSTALL\GMSIPCI.SYS
*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
Contents of the 'Scheduled Tasks' folder
2007-08-11 22:51:26 C:\WINNT\Tasks\Norton AntiVirus - Scan my computer.job - C:\PROGRA~1\NORTON~1\Navw32.exe
2007-08-23 14:23:04 C:\WINNT\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 19:52:01
Windows 5.0.2195 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="D:/mysql/bin/mysqld-nt.exe"
Completion time: 2007-08-23 19:55:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-23 19:55
--- E O F ---
=====================================
Logfile of HijackThis v1.99.1
Scan saved at 8:05:25 PM, on 8/23/2007
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
D:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\pctspk.exe
C:\WINNT\System32\PV92Tray.exe
C:\WINNT\System32\VTTimer.exe
C:\WINNT\System32\VTtrayp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AGLOCO Viewbar\Viewbar.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
e:\Program Files\SlimBrowser\sbrowser.exe
e:\Program Files\SlimBrowser\sbrowser.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Documents and Settings\Milan Hazra\My Documents\HJT\hijackthis\imabunny.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68B716B5-A06F-4738-B07C-DE1244B3E0ED} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EAB14E04-B709-4C3B-AFE0-501B55E43AE6} - (no file)
O2 - BHO: (no name) - {F762FB4D-4539-4FEC-B3D6-8D5F332DC67A} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINNT\System32\mmsvc32.exe
O4 - HKLM\..\Run: [Spools Service Controller] C:\WINNT\System32\spools.exe
O4 - HKLM\..\Run: [AVG7_CC] e:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] e:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] e:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: ljjkhhe - ljjkhhe.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - e:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINNT\system32\dllcache\ivchost.exe (file missing)
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Re: Can not access/Open My Computer, Recycle Bin, My Document from desktop. Please help?
0
#6 Aug 23rd, 2007
Please Reply !!!
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Re: Can not access/Open My Computer, Recycle Bin, My Document from desktop. Please help?
0
#7 Aug 23rd, 2007
You MUST uninstall either AVG or Norton resident AV services. Now. They interfere with each other. [To remove Norton you should use the cleanup tool from their website.]
Done that? Good, now start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O2 - BHO: (no name) - {68B716B5-A06F-4738-B07C-DE1244B3E0ED} - (no file)
O2 - BHO: (no name) - {EAB14E04-B709-4C3B-AFE0-501B55E43AE6} - (no file)
O2 - BHO: (no name) - {F762FB4D-4539-4FEC-B3D6-8D5F332DC67A} - (no file)
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINNT\System32\mmsvc32.exe
O4 - HKLM\..\Run: [Spools Service Controller] C:\WINNT\System32\spools.exe
O20 - Winlogon Notify: ljjkhhe - ljjkhhe.dll (file missing)
O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINNT\system32\dllcache\ivchost.exe (file missing)
Go start, run, type cmd -press Enter; paste this line into the window after the prompt, press Enter and close the window:
sc delete mshexdefx
Delete these files:
C:\WINNT\System32\mmsvc32.exe
C:\WINNT\System32\spools.exe
-if they play tough either do it in Safe mode or use this tool:
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
==Download SDFix from here: http://downloads.andymanchesta.com/R...ools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\
==Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes.
- On the Windows Advanced Options Menu, select Safe Mode and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using the Administrator account and password. NOTE: The password is blank by default unless you set a password.
==Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode plus your comments.
Done that? Good, now start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O2 - BHO: (no name) - {68B716B5-A06F-4738-B07C-DE1244B3E0ED} - (no file)
O2 - BHO: (no name) - {EAB14E04-B709-4C3B-AFE0-501B55E43AE6} - (no file)
O2 - BHO: (no name) - {F762FB4D-4539-4FEC-B3D6-8D5F332DC67A} - (no file)
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINNT\System32\mmsvc32.exe
O4 - HKLM\..\Run: [Spools Service Controller] C:\WINNT\System32\spools.exe
O20 - Winlogon Notify: ljjkhhe - ljjkhhe.dll (file missing)
O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINNT\system32\dllcache\ivchost.exe (file missing)
Go start, run, type cmd -press Enter; paste this line into the window after the prompt, press Enter and close the window:
sc delete mshexdefx
Delete these files:
C:\WINNT\System32\mmsvc32.exe
C:\WINNT\System32\spools.exe
-if they play tough either do it in Safe mode or use this tool:
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
==Download SDFix from here: http://downloads.andymanchesta.com/R...ools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\
==Restart your computer in Safe Mode:- press F8 several times while POST is running and before IDE detection completes.
- On the Windows Advanced Options Menu, select Safe Mode and press Enter.
- When the Boot Menu appears again, select Microsoft Windows XP and press Enter.
- Log in by using the Administrator account and password. NOTE: The password is blank by default unless you set a password.
==Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode plus your comments.
Deep, deep in the woods, but walking about.
Re: Can not access/Open My Computer, Recycle Bin, My Document from desktop. Please help?
0
#8 Aug 26th, 2007
SDFix: Version 1.100
Run by Milan Hazra on Sun 08/26/2007 at 10:39a
Microsoft Windows 2000 [Version 5.00.2195]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
mshexdefx
ImagePath:
"C:\WINNT\system32\dllcache\ivchost.exe"
mshexdefx - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\NORDM.EXE - Deleted
C:\WINNT\system32\o - Deleted
Removing Temp Files...
ADS Check:
C:\WINNT
No streams found.
C:\WINNT\system32
No streams found.
C:\WINNT\system32\svchost.exe
No streams found.
C:\WINNT\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\WINNT\system32\svbhost.exe
C:\zjvjavz3.sys
Finished
======================
Logfile of HijackThis v1.99.1
Scan saved at 10:52:07 AM, on 8/26/2007
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
D:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\pctspk.exe
C:\WINNT\System32\PV92Tray.exe
C:\WINNT\System32\VTTimer.exe
C:\WINNT\System32\VTtrayp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AGLOCO Viewbar\Viewbar.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\a-squared Anti-Dialer\a2adguard.exe
C:\Documents and Settings\Milan Hazra\My Documents\HJT\hijackthis\hijackthis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Run by Milan Hazra on Sun 08/26/2007 at 10:39a
Microsoft Windows 2000 [Version 5.00.2195]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
mshexdefx
ImagePath:
"C:\WINNT\system32\dllcache\ivchost.exe"
mshexdefx - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\NORDM.EXE - Deleted
C:\WINNT\system32\o - Deleted
Removing Temp Files...
ADS Check:
C:\WINNT
No streams found.
C:\WINNT\system32
No streams found.
C:\WINNT\system32\svchost.exe
No streams found.
C:\WINNT\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\WINNT\system32\svbhost.exe
C:\zjvjavz3.sys
Finished
======================
Logfile of HijackThis v1.99.1
Scan saved at 10:52:07 AM, on 8/26/2007
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
D:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\pctspk.exe
C:\WINNT\System32\PV92Tray.exe
C:\WINNT\System32\VTTimer.exe
C:\WINNT\System32\VTtrayp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AGLOCO Viewbar\Viewbar.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\a-squared Anti-Dialer\a2adguard.exe
C:\Documents and Settings\Milan Hazra\My Documents\HJT\hijackthis\hijackthis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Viewbar] C:\Program Files\AGLOCO Viewbar\Viewbar.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MySql - Unknown owner - D:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Re: Can not access/Open My Computer, Recycle Bin, My Document from desktop. Please help?
0
#9 Aug 26th, 2007
Please Reply
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Re: Can not access/Open My Computer, Recycle Bin, My Document from desktop. Please help?
0
#10 Aug 27th, 2007
Please delete these files:
C:\WINNT\system32\svbhost.exe
C:\zjvjavz3.sys
-you may do it in safe mode if they won't delete, else use this:
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
If you have the icons for those items but cllicking them does not work then dl this file, unzip it and dclick linkfile_fix.reg to run.
Please delete these files:
C:\WINNT\system32\svbhost.exe
C:\zjvjavz3.sys
-you may do it in safe mode if they won't delete, else use this:
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
If you have the icons for those items but cllicking them does not work then dl this file, unzip it and dclick linkfile_fix.reg to run.
http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip
C:\WINNT\system32\svbhost.exe
C:\zjvjavz3.sys
-you may do it in safe mode if they won't delete, else use this:
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
If you have the icons for those items but cllicking them does not work then dl this file, unzip it and dclick linkfile_fix.reg to run.
Please delete these files:
C:\WINNT\system32\svbhost.exe
C:\zjvjavz3.sys
-you may do it in safe mode if they won't delete, else use this:
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
If you have the icons for those items but cllicking them does not work then dl this file, unzip it and dclick linkfile_fix.reg to run.
http://www.dougknox.com/xp/fileassoc/linkfile_fix.zip
Last edited by gerbil; Aug 27th, 2007 at 12:05 am.
Deep, deep in the woods, but walking about.
|
Similar Threads
- Delete Files when the Recycle Bin is Hidden (Windows tips 'n' tweaks)
- Help ... cannot open my computer , my folder , my IE any program installed in c: (Viruses, Spyware and other Nasties)
- Rename Your Recycle Bin (Windows tips 'n' tweaks)
- Cannot Open My Computer, Control Panel, Recycle Bin, Etc!! (Viruses, Spyware and other Nasties)
- Problem with explorer.exe, opening my computer, folders, internet explorer etc. (Troubleshooting Dead Machines)
- Internet Explorer & Windows Explorer (desktop shortcuts) Won't Load! (Viruses, Spyware and other Nasties)
- Recycle bin won't open (Windows NT / 2000 / XP)
- Anyone Know How To Find The Recycle Bin On Windows XP? (Windows NT / 2000 / XP)
- Recycle bin missing on desktop Win xp (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Newpolywin2 virus Hijack This posted
- Next Thread: Can someone find whats wrong?
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware antivirus apple attack audio avg backtoschoolspeech bar botnet botnets censorship china commercial commercials conficker control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email exam exploit facebook fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update virus viruses vista war warning windows worm yahoo zeroday
