1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

problems accessing my programs

Discussion in 'Windows XP' started by amethyst_ros, Jan 4, 2003.

Thread Status:
Not open for further replies.
  1. amethyst_ros

    amethyst_ros Thread Starter

    Jan 4, 2003
    Hi: I'm using xp home ed and since yesterday I have been unable to access any of my applications - i.e. excel, word, acrobat reader - just about anything - either from the desktop or through the start menu. If I have a related file in the applic it will open up and then I can do more stuff within the prog. This also pertains to media player. there are also 3 other users who log in to the computer and they cant access the files either. I cannot even run the virus scan although the latest definitions were downloaded from symantec yesterday. Here's the error msg. the appears if i try to go in to a ny application.

    " Windows cannot access the specific device, path or file. You may not have the appropriate permissions to access them."

    Hope someone can help me soon.:(
  2. TonyKlein

    TonyKlein Malware Specialist

    Aug 26, 2001
    Hi, and welcome to the board.

    You should start by running an online scan at Trend Micro HouseCall or Panda Active Scan

    If you turn out to be afflicted with the W32.Yaha.K Worm, here's the Bitdefender removal tool.
    Download and run it, preferably in Safe Mode.

    Symantec has one as well

    Also please do this:

    Go to http://www.spywareinfo.com/downloads.php#startup , and download 'Startuplist'.

    Unzip, doubleclick it, and it will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

    Go to Edit > select all, copy it and post the contents here.
  3. amethyst_ros

    amethyst_ros Thread Starter

    Jan 4, 2003
    thanks Tony: will try what you suggest. However, cannot seem to disable the system restore.

  4. TonyKlein

    TonyKlein Malware Specialist

    Aug 26, 2001
    I take it you are running Windows XP?

    Right click My Computer, and choose "properties".
    Click the System Restore tab, and check "Turn off System Restore on all drives".
    Click Apply, and then click OK.
    Restart the computer.

    That ought to work.
  5. amethyst_ros

    amethyst_ros Thread Starter

    Jan 4, 2003
    Much Thanks!! downloaded and ran the fix from Symantec and it cleaned up the virus which had affected the winservices.exe file. Strange enough yesterday morn I had downloaded the av definition file through symantec and although this pm when I checked the report it showed that the virus was detected but could not be repaired. Anyway that is in the past and i once again have access to my applications:)
  6. amethyst_ros

    amethyst_ros Thread Starter

    Jan 4, 2003
    StartupList report, 1/4/2003, 6:06:58 PM
    StartupList version: 1.50
    Started from : C:\Documents and Settings\RHONDA\Local Settings\Temp\Temporary Directory 1 for startuplist.zip\StartupList.EXE
    Detected: Windows XP (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options

    Running processes:

    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Documents and Settings\RHONDA\Local Settings\Temp\Temporary Directory 1 for startuplist.zip\StartupList.exe


    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\RHONDA\Start Menu\Programs\Startup]
    VP-EYE.lnk = C:\VP-EYE\control\vpeyev1.exe
    Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,


    Autorun entries from Registry:

    IMJPMIG8.1 = C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    SiS KHooker = C:\WINDOWS\System32\khooker.exe
    NeroCheck = C:\WINDOWS\System32\NeroCheck.exe
    HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe


    Autorun entries from Registry:

    ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe


    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe


    Load/Run keys from C:\WINDOWS\WIN.INI:


    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
    HKLM\..\Windows\CurrentVersion\WinLogon: load=
    HKLM\..\Windows\CurrentVersion\WinLogon: run=
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
    HKCU\..\Windows\CurrentVersion\WinLogon: load=
    HKCU\..\Windows\CurrentVersion\WinLogon: run=
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: load=
    HKLM\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=


    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    *INI section not found*
    *INI section not found*
    *INI section not found*

    Shell & screensaver key from Registry:

    *Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: *Registry key not found*
    HKLM\..\Policies: *Registry value not found*


    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present


    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}


    Enumerating Task Scheduler jobs:

    Symantec NetDetect.job


    Enumerating Download Program Files:

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\System32\macromed\Shockwave 8\Download.dll
    CODEBASE = http://active.macromedia.com/director/cabs/sw.cab

    CODEBASE = http://webpdp.gator.com/v3/download/pdpplugin_4094_hd3ptdm.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://fdl.msn.com/public/chat/msnchat45.cab

    End of report, 7,196 bytes
    Report generated in 0.187 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
  7. TonyKlein

    TonyKlein Malware Specialist

    Aug 26, 2001
    Good to hear all is well again. And your startuplist log looks pretty good as well.

    Winservices.exe is actually the Yaha worm, so it didn't need to be repaired.

    Happy surfing! :)
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/111375

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice