Please help this Bhutanese Dude

[bhutanesedude]

I have a Intex P4 computer, with Preoccessor of 3.06 GHz, 512 RAM and Hard Disk of 80 GB. I have Norton Antivirus 2007, updated till date, but still I face a problem where I am unable to install new files, programs, open my control Panel, most of all, the Administrative priviledge has been distrubed, and when I referred my friend, he told that my computer is infected by a SPY, but we could not recognize which one is it. For that reason, I formatted all my hard disks totally but when I again install windows in it, it has the same problem, So I want you guys to help me out to get rid of this problem. Please help me.

[spironox]

well tell me what operating sustem do u have atlest !!!

[Choto Cheeta]

Quote:

still I face a problem where I am unable to install new files, programs, open my control Panel, most of all, the Administrative priviledge has been distrubed

see if you are using Windows Vista, then its normal as Windows Checks every time when u run a programs which may need to write some registry info or any thing in Windows root drive, Computer will ask u for Admin rights,

Now if u are using Windows XP based os, then here are some quick information, Install the Lastest updates including SP2...

Install Spybot SnD, http://www.spybot.info, now update it and run a scan with it to see if u really have any spyware or not !!!

[bhutanesedude]

I use Windows XP SP2 and even I have Spybot Search & Destroy installed, updated and i scanned for spy, I got something like REGISTRY CHANGED, and my friends told me to use SYMANTEC ANTIVIRUS so I am using it and its also updated. So as all I am using SPYBOT S&D and Symantec Antivirus, but its not helping my system.

[Choto Cheeta]

OK... Do one more thing, Download this tool called, HijackThis

Extract that to a folder in desktop (or any where u want in ur drives) run the Tool to scan ur system and same one log file..

now try to attach that here or just copy paste it under code BB TAG

[bhutanesedude]

And yes, when I inserted my thumb drive and took it to some other computer where the computer is fully secured, I came across a File named as "MAYDAY", RECYLED, and another folder which was named something like, MSO....., and all these files where hidden.

In the initial stage when my system got infected, in the TOOLS menu, "FOLDER OPTION" was invisible, so I thought it would be something like Godzilla or Bronktok, but I latter came to know it wasn't those things but its something unknown only. So, guys keep me alive with your helps.

Thanks in advance to all.

thanks Choto Cheeta but I could not understand what you really meant. I would be grateful if you could kindly make me understand better as my brain is wrecked by this faulty system of mine.

[Garbage]

It seems that u r using a "Imaged setup CD" created by someone in which most of the Administrative settings are disabled.
Such type of CDs are used where u have to install system with same settings.

If u have genuine XP SP2 CD then install from it. This may solve ur problem !

[Choto Cheeta]

Quote:

So, guys keep me alive with your helps.

In one simple word, Get ur self, Kaspersky Internet Security

Download the Trial, Install it, update it, and run a full system scan, it will take care of every thing !!!

and if u find it good then u should buy it, in India (Kolkata) price is under Rs. 1200 incl TAX

I dont know for Bhutan Currency !!!

[Garbage]

@bhutanesedude
yeh.. Download HijackThis & run the EXE.
It will ask to save log file. Then save that file & post the contents here.

[bhutanesedude]

Its true that I have used the Imaged Setup CD to install but I have used the same CD to install XP in other more computer which are running very smoothly, so I am just worried what should I do. And Choto, I have downloaded the file that you said and scanned my system, and then I have save a log file file on desk top. Now let me know what am I supposed to do. Thanks once again.

Quote:

Originally Posted by shirish_nagar

It seems that u r using a "Imaged setup CD" created by someone in which most of the Administrative settings are disabled.
Such type of CDs are used where u have to install system with same settings.

If u have genuine XP SP2 CD then install from it. This may solve ur problem !

I thought of attached the saved log file but the forum is not permitting me so I will copy and paste it here are the result of my scanned:.
------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:34:26 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA1129] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7229] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2D8A13B-FC28-44BA-99C4-F0E5FBC5161F}: NameServer = 202.144.128.200 202.144.128.210
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00 ,72,00,6f,00,75,00,70,00,00,00 (file missing)
-----------------------------------------------------------------------------

Quote:

Originally Posted by shirish_nagar

@bhutanesedude
yeh.. Download HijackThis & run the EXE.
It will ask to save log file. Then save that file & post the contents here.

[Garbage]

Quote:

Originally Posted by bhutanesedude

I Now let me know what am I supposed to do. Thanks once again.

Just open that file.
Select All --> Copy

& paste Here!!! (reply field)

[bhutanesedude]

Pasted here:

Logfile of HijackThis v1.99.1
Scan saved at 10:34:26 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA1129] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7229] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2D8A13B-FC28-44BA-99C4-F0E5FBC5161F}: NameServer = 202.144.128.200 202.144.128.210
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,5 2,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73, 00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00 ,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,6 5,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66, 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00 ,72,00,6f,00,75,00,70,00,00,00 (file missing)

Quote:

Originally Posted by shirish_nagar

Just open that file.
Select All --> Copy

& paste Here!!! (reply field)

[Choto Cheeta]

File seems incomplete...

But as shirish pointed out, Do a fresh and clean Installation of Windows XP from a Windows XP SP2 CD, Rs. 6500 in Kolkata Market !!

[bhutanesedude]

I have a fresh and clean copy of Windows XP SP2 Version 7, shall I try it with that, or I am think to have a Fresh copy of Kaspersy Antivirus and internet Security. What do you say. and I have pasted the things that I was asked to save so i don't know whether the file is incomplete or not.

Quote:

Originally Posted by Choto Cheeta

File seems incomplete...

But as shirish pointed out, Do a fresh and clean Installation of Windows XP from a Windows XP SP2 CD, Rs. 6500 in Kolkata Market !!

[Garbage]

Nothing going wrong with this log file according to me!!
Choto can u ??

@bhutanesedude
And always be aware of these bloody intelligent VIRUSES !!!!
It is good practice to scan any external devices for viruses before accessing them!

[bhutanesedude]

I know that its good to scan any external devices before working with it. Before I used to have only Norton Antivirus 2007, updated but still my system got infected yaa...So I dun think that this is a work of a virus...What do you say?

Quote:

Originally Posted by shirish_nagar

Nothing going wrong with this log file according to me!!
Choto can u ??

@bhutanesedude
And always be aware of these bloody intelligent VIRUSES !!!!
It is good practice to scan any external devices for viruses before accessing them!

[Garbage]

Quote:

Originally Posted by bhutanesedude

I have a fresh and clean copy of Windows XP SP2 Version 7, shall I try it with that, or I am think to have a Fresh copy of Kaspersy Antivirus and internet Security. What do you say.

Always try to BE UPDATED !!
Install from that fresh and clean copy of Windows XP SP2 CD. Install all latest updated available from Microsoft. Or use Autopatcher XP to patch ur system.

As of me, if u follow some comman practices, u even DON'T NEED AN ANTIVIRUS !!

[bhutanesedude]

I would try this too but do you think this autoptcher would be working with my XP SP2 2006 V7 ?

Quote:

Originally Posted by shirish_nagar

Always try to BE UPDATED !!
Install from that fresh and clean copy of Windows XP SP2 CD. Install all latest updated available from Microsoft. Or use http://www.autopatcher.com/autopatcherxp/[/size]]Autopatcher XP to patch ur system.

As of me, if u follow some comman practices, u even DON'T NEED AN ANTIVIRUS !!

[Garbage]

Here are some lines from their FAQ

Quote:

Q: Which versions of Windows are supported?
A: The main AutoPatcher releases are aimed at English Windows with the latest service pack. However, it will load on any Windows version, showing only the included items (modules) which match the running environment.

So, if it matches ur running environment then only it will patch!
No worry please !

[zyberboy]

Before re-installation try this free version of Avira av, the top virus catcher http://www.free-av.com/
install only after uninstalling urs.

[bhutanesedude]

By the way, this is my window's Desktop so that you get few idea of which version I am using. Find it here http://www.ucdorji.siteburg.com/images/desktop.JPG

[spironox]

huh where is the desktop!

[bhutanesedude]

Dun you use Monitor with your CPU to see whats happening and to see the pictures? Click on the link and see the picture if you think u can help me

Quote:

Originally Posted by spironox

huh where is the desktop!

[spironox]

Quote:

Originally Posted by bhutanesedude

Dun you use Monitor with your CPU to see whats happening and to see the pictures?

Listen first u dont post the image then u remember and then do a edited re-post and suddenly such idiotic lines ...ahmm dont test our nerves dude !

[Liggy]

are you sure you are formating and then putting a clean install on? according to your Hijackthis log you have a few missing files. Also is your norton product corporate? and did you install it after or b4 spybot? how often do u run spy bot and how many threats does it usually pick up?

[bhutanesedude]

Yes, as far as I am known to, I have formatted my HARD DISKS using NTFS formatting system, and yes, Right now I am using Symantec Antivirus, and about spybot, I used before I installed in my previous version of windows and even now I am using it. When I clean it with SPYBOT, it shows about 7 threats and about 2-4 it is colored red.

Quote:

Originally Posted by Liggy

are you sure you are formating and then putting a clean install on? according to your Hijackthis log you have a few missing files. Also is your norton product corporate? and did you install it after or b4 spybot? how often do u run spy bot and how many threats does it usually pick up?

[Liggy]

spybot and norton don't play together nicely, you may be getting conflict with them. Norton could be causing the problem of not installing, otherwise it could be permissions which are a pain in the... if you do a clean boot (disable all startup items non microsoft servies) can you still install, try downloading MS's later windows nstaller 3.1 ( http://www.microsoft.com/downloads/d...displaylang=en )

[bhutanesedude]

Thanks Liggy, adn yap, maybe that might be the problem, Now I am using SPYBOT S&D with Symantec AV. Everything is perfect and no error at all. My PC is fully fresh and resolved but I am afraid that virus of SPYWARES would get into my System anytime without notice to me, so which SPYWARE would you recommend me to install which we can download for free?

Quote:

Originally Posted by Liggy

spybot and norton don't play together nicely, you may be getting conflict with them. Norton could be causing the problem of not installing, otherwise it could be permissions which are a pain in the... if you do a clean boot (disable all startup items non microsoft servies) can you still install, try downloading MS's later windows nstaller 3.1 ( http://www.microsoft.com/downloads/d...displaylang=en )

[anandk]

might sound drastic, but uninstall norton (using the nortons uninstall utility); instal kaspersky or even freeware avast. also i prefer avg antispyware or a-squared anti-malware, instal one of them. update both. scan ur pc in safemode/boottime with them. run ccleaner from www.ccleaner.com

now if this dznt help, get ur hijackthis logfile aut-analysed at www.hijackthis.de

[Liggy]

I don't think I should be the one you ask. Honestly I have had it with all those scanners(Iused to work for symantec), and would not recommend anything from symantec, it is just a resource hog.. A lot of people here seem to prefer kaspersky. I am connected to a router, so there is my firewall, I run the online scan from ewido.net every week. and if I am suspecting something hijackthis. most virus's are target the AV software now, then your system.
Mind you I get infected a lot, cuz the wife likes my computer better then the old one I gave her! there are many threads about which AV scanner to use, try using the forum search.