problems accessing my programs

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

amethyst_ros

Thread Starter
Joined
Jan 4, 2003
Messages
33
Hi: I'm using xp home ed and since yesterday I have been unable to access any of my applications - i.e. excel, word, acrobat reader - just about anything - either from the desktop or through the start menu. If I have a related file in the applic it will open up and then I can do more stuff within the prog. This also pertains to media player. there are also 3 other users who log in to the computer and they cant access the files either. I cannot even run the virus scan although the latest definitions were downloaded from symantec yesterday. Here's the error msg. the appears if i try to go in to a ny application.

" Windows cannot access the specific device, path or file. You may not have the appropriate permissions to access them."

Hope someone can help me soon.:(
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Hi, and welcome to the board.

You should start by running an online scan at Trend Micro HouseCall or Panda Active Scan

If you turn out to be afflicted with the W32.Yaha.K Worm, here's the Bitdefender removal tool.
Download and run it, preferably in Safe Mode.

Symantec has one as well

Also please do this:

Go to http://www.spywareinfo.com/downloads.php#startup , and download 'Startuplist'.

Unzip, doubleclick it, and it will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

Go to Edit > select all, copy it and post the contents here.
 

amethyst_ros

Thread Starter
Joined
Jan 4, 2003
Messages
33
thanks Tony: will try what you suggest. However, cannot seem to disable the system restore.

Rhonda
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
I take it you are running Windows XP?

Right click My Computer, and choose "properties".
Click the System Restore tab, and check "Turn off System Restore on all drives".
Click Apply, and then click OK.
Restart the computer.

That ought to work.
 

amethyst_ros

Thread Starter
Joined
Jan 4, 2003
Messages
33
Much Thanks!! downloaded and ran the fix from Symantec and it cleaned up the virus which had affected the winservices.exe file. Strange enough yesterday morn I had downloaded the av definition file through symantec and although this pm when I checked the report it showed that the virus was detected but could not be repaired. Anyway that is in the past and i once again have access to my applications:)
 

amethyst_ros

Thread Starter
Joined
Jan 4, 2003
Messages
33
StartupList report, 1/4/2003, 6:06:58 PM
StartupList version: 1.50
Started from : C:\Documents and Settings\RHONDA\Local Settings\Temp\Temporary Directory 1 for startuplist.zip\StartupList.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Webshots\WebshotsTray.exe
C:\Documents and Settings\RHONDA\Local Settings\Temp\Temporary Directory 1 for startuplist.zip\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\RHONDA\Start Menu\Programs\Startup]
VP-EYE.lnk = C:\VP-EYE\control\vpeyev1.exe
Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SiS KHooker = C:\WINDOWS\System32\khooker.exe
NeroCheck = C:\WINDOWS\System32\NeroCheck.exe
DSS = C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
HKLM\..\Windows\CurrentVersion\WinLogon: load=
HKLM\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
HKCU\..\Windows\CurrentVersion\WinLogon: load=
HKCU\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=
HKLM\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

*INI section not found*
*INI section not found*
*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\Webshots.scr
*Registry value not found*

Policies Shell key:

HKCU\..\Policies: *Registry key not found*
HKLM\..\Policies: *Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\System32\macromed\Shockwave 8\Download.dll
CODEBASE = http://active.macromedia.com/director/cabs/sw.cab

[{731918D2-517A-47E2-886A-3BC1380C591D}]
CODEBASE = http://webpdp.gator.com/v3/download/pdpplugin_4094_hd3ptdm.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

--------------------------------------------------
End of report, 7,196 bytes
Report generated in 0.187 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Good to hear all is well again. And your startuplist log looks pretty good as well.

Winservices.exe is actually the Yaha worm, so it didn't need to be repaired.

Happy surfing! :)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top