How do i rectify this. [Image Included]

[escape7]

The open and explore options do not show, instead there is some random gibberish.

I've got no idea how this happened, is it a virus or something? HOw do i correct it. Re-installing XP is not an option as i do not have the CD at the moment.

[dheeraj_kumar]

Try the usual stuff - Spybot, Ad-Aware, NOD32, HJT.

And this looks like some asian language - you dont have the converter so its displayed as gibberish. What file types is this problem present in? because if its only one or two, you can change it using folder options.

[Cool Joe]

as dheeraj mentioned try avast or avg, spybot and all with latest updates. also post hijack this log.

[escape7]

I've used avg and spbot, there were a few infections but the problem persists. And i feel its not an asian language as they do not open on clicking, an error occurs... I'm typing the name of the drive in the explorer to open it.

How do i get the hijack this log?

[zyberboy]

do a full system scan with kaspersky, then delete the hidden autorun.inf file in root of every drive to solve the problem.

[hullap]

Quote:

Originally Posted by escape7

I've used avg and spbot, there were a few infections but the problem persists. And i feel its not an asian language as they do not open on clicking, an error occurs... I'm typing the name of the drive in the explorer to open it.

How do i get the hijack this log?

download hijackthis, http://www.download.com/Trend-Micro-...-10227353.html
and scan it,
then post it here

[dheeraj_kumar]

And what file types is this problem occuring? And what error do you get upon clicking those options?

[escape7]

Here's the hijackthis log file:

Quote:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:31 PM, on 6/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\OfficeScan NT\ntrtscan.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\OfficeScan NT\pccntmon.exe
E:\Tapan\DAEMON Tools Lite\daemon.exe
C:\OfficeScan NT\ofcdog.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\OfficeScan NT\pccntupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\fccbYrpN.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Tapan\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: fccbYrpN - fccbYrpN.dll (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Window Image Worker (windownetpker) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe (file missing)

--
End of file - 4397 bytes

[Garbage]

You have to delete autorun.inf file in each drive. It might hidden. So, check for that.

[dheeraj_kumar]

Yeah, try that. Delete autorun.inf from each drive and restart.

[escape7]

Quote:

Originally Posted by dheeraj_kumar

Yeah, try that. Delete autorun.inf from each drive and restart.

I checked the drives, there are no autorun.inf files in them...

[dheeraj_kumar]

They are usually hidden.

[Sathish]

move all the files from root directory.except system files .

[dheeraj_kumar]

^^ Malware can replicate. So no use.

[escape7]

Quote:

Originally Posted by dheeraj_kumar

They are usually hidden.

I know that... can anyone help?

[Sathish]

Try BitDefender Free Edition.. It should remove all threats @ 100$%

but be careful.. it remove all files and registry entry without your intention. even the win system files and registry entres..

But i wil sure Bit Defender engine is the one to remove 100% threats..

Plz try it as final ........

[Yavin]

Use WinRAR to view the drive and it will show all hidden files as well. Delete autorun.inf files from the root of every local and removable drive and restart PC. Else you can also use program like Free Commander and it will show all hidden files. Gud luck!

[dheeraj_kumar]

Quote:

Originally Posted by Betruger

Try BitDefender Free Edition.. It should remove all threats @ 100$%

but be careful.. it remove all files and registry entry without your intention. even the win system files and registry entres..

But i wil sure Bit Defender engine is the one to remove 100% threats..

Plz try it as final ........

Using different colors make you look like a noob. Not cool.

Bitdefender DOES NOT remove win system files and registry entries. If it does, it means THEY ARE AFFECTED. And if they are affected, you're better off cleaning them rather than working in an affected comp. And BitDefender notifies you and ASKS you what to do, rather than doing it all by itself.

Lol dude, you make it sound like a virus itself

Bitdefender is ranked the best overall antivirus software, and its because it is good, and I choose NOD32 over it only for personal preferences.

[chandal_keta]

yah! this is due to virus known as CHINESE virus!!
i think ur problem should be solved if u scan it and remove the virus with kaspersky!!
i have seen this problem with people in NEPAL..and if still doesnt..then format it...coz that would be the last option...but however i think if u properly work with it...should solve ur problem!!
good luck

chandal

[blueshift]

Registry problem i think. If am not wrong some malicious file has added these in Context menu handlers.

Open your Registry Editor and browse through theze keys. See if you can find something.

Quote:

HKEY_CLASSES_ROOT\Folder\shell\
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandle rs
HKEY_CLASSES_ROOT\AllFileSystemObjects\Shellex\Con textMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

or download this free Context Menu Editor.

[escape7]

I ran an entire syste scan using AVG, then SysClean, Spybot and a few others and removed all threats, the problem,whatever it was has gone. I just didn't want to format my drive...

Thanks fr all ur help guys, problem solved.