BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Can't unhide files and folders
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > Can't unhide files and folders  
Forum Quick Jump
 
New Topic Post reply to : Can't unhide files and folders Printable version of : Can't unhide files and folders
[ << Previous Thread | Next Thread >> ]

Aqeel
New Member


Date Joined Feb 2007
Total Posts : 8
 
   Posted 2/24/2007 10:13 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
I got a virus and dont know what its name is... it has made that I cant unhide files and folders from Tools---> Folder Options... every time I select Show Hidden files and folders and click to OK.. next time when i open that window it shows it unselected and also the files and folders remain hidden.... Kindly tell me the solution.... I am using symantic antivirus and it is not even detecting thay virus..... Is there any cure...
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12972
 
   Posted 2/24/2007 10:36 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
Hi Ageel smile
 
 
Have You done it exactly as described here -

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.




Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

Aqeel
New Member


Date Joined Feb 2007
Total Posts : 8
 
   Posted 2/24/2007 10:52 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
I followed all the step except following three steps

Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.


and with that "hiding" problem i got another problem which is , the floppy drive is trying to read/write the disk after some time intervels and the system is getting slow....
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12972
 
   Posted 2/24/2007 11:03 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
Sounds odd. Let´s see what´s running on Your computer
 
1. Get this version of Hijackthis from http://danborg.org/spy/hjt/alternativ.exe
 
2
Save it in a permanent folder of your choice, such as C:\HJT\. To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT
3 Run hijackthis.  (alternativ exe).

Choose the "Do a system scan and save a log file" option to perform your scan.
HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.
Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
From within the browser window and with the message body text box selected, click Edit -> Paste.
Post  hijackthis log here


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

Aqeel
New Member


Date Joined Feb 2007
Total Posts : 8
 
   Posted 2/24/2007 12:02 PM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
here it is


Logfile of HijackThis v1.99.1
Scan saved at 2:00:51 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SVCHOST.EXE
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\alternativ.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <script LANGUAGE="JavaScript">
O1 - Hosts: <!--
O1 - Hosts: if (window != top)
O1 - Hosts: top.location.href = location.href;
O1 - Hosts: // -->
O1 - Hosts: </script>
O1 - Hosts: <title>Site Unavailable</title>
O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
O1 - Hosts: <style type="text/css">
O1 - Hosts: body{text-align:center;}
O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }
O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
O1 - Hosts: .bodywrap{display:block;height:470px;}
O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
O1 - Hosts: .adcnt td {text-align:left;}
O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}
O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}
O1 - Hosts: .ybadge img {margin-top:6px;}
O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}
O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}
O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}
O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div id="maincnt">
O1 - Hosts: <div class="geohead"><div id="geologo"><a href="http://geocities.yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>
O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="http://geocities.yahoo.com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com/help/us/geo/">Help</a></div>
O1 - Hosts: </div></div>
O1 - Hosts: <div class="bodywrap">
O1 - Hosts: <div class="bodycnt">
O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>
O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>
O1 - Hosts: <p>Are you the site owner?
O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!
O1 - Hosts: <a href="http://help.yahoo.com/help/us/geo/transfer/transfer-05.html" target="_blank">Find out how.</a> </p>
O1 - Hosts: <p><a href="http://help.yahoo.com/help/us/geo/transfer/" target="_blank">Learn more about data transfer.</a></p>
O1 - Hosts: </div>
O1 - Hosts: <div class="adcnt">
O1 - Hosts: <a target="_top" href="http://geocities.yahoo.com"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>
O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>
O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">Yahoo! Web Hosting

O1 - Hosts: $25 Setup Waived</a></div>
O1 - Hosts: <div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">webhosting.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>
O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">domains.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email
Domain Included</a></div>
O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div>
O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="adtable">
O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">Ecommerce from Yahoo!
1 Month Free</a></div>
O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>
O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ybadge">
O1 - Hosts: Get your own web site at
<a target="_top" href="http://geocities.yahoo.com">Yahoo! GeoCities</a>
O1 - Hosts: <a href="http://smallbusiness.yahoo.com/webhosting/" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class=ftr>
O1 - Hosts: <hr size=1 width=100%>
O1 - Hosts: Copyright ©
O1 - Hosts: 2005 Yahoo! Inc. All rights reserved

O1 - Hosts: <a href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a>
O1 - Hosts: - <a href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a>
O1 - Hosts: - <a href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a>
O1 - Hosts: - <a href="http://docs.yahoo.com/info/terms/geoterms.html">Terms of Service</a>
O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1166024477&f=us-w63" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NILM License manager - Macrovision Corporation - E:\Program Files\National Instruments7\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12972
 
   Posted 2/24/2007 12:54 PM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
Wauw, Your hosts file are certainly corrupted shocked
 
 
 and save it to your desktop.

When you have done this, please boot into Safe Mode (Tap F8 during startup).

Rightclick on the SDFix.zip folder and choose Extract All. Open the extracted folder normally - C:\ SDFix  and doubleclick on RunThis.bat to start the script.

Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. When you hit any key, your computer will reboot. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When your desktop loads, the utility will complete the removal and display Finished. Press any key again to end the script and load your desktop icons.
 
Finally open the SDFix folder on your desktop and copy and paste the contents of Report.txt back in this thread along with fresh hijackthis log,  and tell how things are running


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

Aqeel
New Member


Date Joined Feb 2007
Total Posts : 8
 
   Posted 2/24/2007 1:50 PM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
ok I did as u said and here is the report


REPORT

==========================================


SDFix: Version 1.68

Run by Aqeel - Sat 02/24/2007 @ 15:33:43.37

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\svchost.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Vypress Chat\\vyc.exe"="C:\\Program Files\\Vypress Chat\\vyc.exe:*:Enabled:Vypress Chat Main Executable File"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\Commandos2\\COMANDO2\\mpserver.exe"="D:\\Program Files\\Commandos2\\COMANDO2\\mpserver.exe:*:Disabled:mpserver"
"D:\\Program Files\\Commandos II\\comm2.exe"="D:\\Program Files\\Commandos II\\comm2.exe:*:Enabled:comm2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"\\\\kami\\Fun Club\\srv.exe"="\\\\kami\\Fun Club\\srv.exe:*:Enabled:srv.exe"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"E:\\Program Files\\National Instruments7\\LabVIEW 7.0\\LabVIEW.exe"="E:\\Program Files\\National Instruments7\\LabVIEW 7.0\\LabVIEW.exe:*:Enabled:LabVIEW 7.0 Development System"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\WINDOWS\\System32\\mmc.exe"="C:\\WINDOWS\\System32\\mmc.exe:*:Enabled:Microsoft Management Console"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\RavMon.exe
C:\Program Files\Outlook Express\msimn.exe

Add/Remove Programs List:

ECHO is off.
Cleantouch Urdu Dictionary
DivX Pro Codec
DivX Player 2.1
Download Accelerator Plus Beta
Equation Grapher DEMO
HijackThis 1.99.1
HSP56 Modem Drivers
iolo technologies' System Mechanic
LabVIEW RunTimeEngine
LiveUpdate 2.6 (Symantec Corporation)
Mathematica 4.1
MATLAB 12-25-2005
Mozilla (1.7.3)
Mozilla Firefox (1.0.1)
National Instruments Software
Macromedia Flash Player 8
Urdu To English Dictionary
WinRAR archiver
Yahoo! Messenger
ZTE_USBDriver
NI Distribution Information - PDS English
NI LabVIEW Application Builder 7.0
NI LabVIEW 7.1 Core Essentials
Google Talk (remove only)
NI Example Finder 2.0
NI Instrument IO Assistant for LabVIEW 7.1
NI LabVIEW 7.0
NI LabVIEW 6.0
Symantec AntiVirus
NI LabVIEW Advanced Analysis 7.0
Virtual CD v4
NI LVBrokerAux71
upapp
NI LabVIEW Run-Time Engine 7.1
NI LVBroker
NI LabVIEW Advanced Analysis 7.1
Matrix Calculator
NI LVBrokerAux70
NI LabVIEW Run-Time Engine 7.0
NI LabVIEW CIN Tools 7.0
NI LabVIEW Professional Tools 7.1
NI LabVIEW Picture Control and CIN Tools 7.1
Microsoft Firewall Client
NI LabVIEW Professional Tools 7.0
Microsoft Office Professional Edition 2003
NI LabVIEW Run-Time Engine 6.0
Microsoft Visio Professional 2002 [English]
NI LabVIEW Application Builder 7.1
NI Uninstaller
Adobe Reader 6.0
NI LabVIEW Picture Control Toolkit 7.0
Commandos 3 - Destination Berlin
NI LabVIEW Full 7.0
MSN Messenger 7.5
NI LabVIEW 7.1
Maple 7
Shrek Activity Center
NI LabVIEW Service Locator 1.0
Syberia 2
Commandos 2: Men of Courage
NI LabVIEW Full 7.1
NI Instrument IO Assistant for LabVIEW 7.0

Finished

=============================================

here is hijkthis.txt....

=============================================

Logfile of HijackThis v1.99.1
Scan saved at 3:42:23 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\WINDOWS\SVCHOST.EXE
C:\HJT\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NILM License manager - Macrovision Corporation - E:\Program Files\National Instruments7\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Back to Top
 

Aqeel
New Member


Date Joined Feb 2007
Total Posts : 8
 
   Posted 2/24/2007 1:54 PM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
My computer's performance has improved as before... and i m very thankful for that... but i am still unable to unhide my hidden files and folders.... is there any solution for that....???? and floppy drive is still trying to read disk in the drive(currently no disk in the drive)....
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12972
 
   Posted 2/24/2007 2:10 PM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
Sounds good, however You still have infections, there can be the cause to Your problems -
 
 
 Please download free  Trial of Superantispyware
http://www.superantispyware.com/superantispywarefreevspro.html
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
 

 
 
Download and install:  http://www.filehippo.com/download_ccleaner/
For a basic version of CCleaner with no Yahoo Toolbar, select the second or third install option as follows:
Even if you selected Option 2 or 3, if you do not want the Yahoo Toolbar installed:
Uncheck "Add CCleaner Yahoo! Toolbar", as it is checked by default during CCleaner Setup
 
 
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
 
 
 
 
 
You may want to print this or save it to notepad as we will go to safe mode.

 
 
Re-start your PC in Safe mode, by holding down the F8 button during the initial start up procedure. Use the up and down arrow keys to select Start PC in safe mode and hit the enter key.
This will start your PC with only essential Windows programmes running.
 
 
Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.


Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
 
Delete-
 
Files:
C:\RavMon.exe
C:\WINDOWS\MDM.EXE
 
 
 
Open Ccleaner.
 
1.      Before first use, check under Options, Advanced, and UNCHECK "Only delete files in Windows Temp folder older than 48 hours".
2.      A pop up box will appear advising this process will permanently delete files from your system.
3.      Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the "Internet Explorer". If you prefer to keep your cookies, uncheck the Cookies entry. Deleting cookies will require re-entry of user names and passwords on next visit to sites that require users log in.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
 
In the Applications Tab:
Clean all (optionally, except cookies) in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
4.      Then click the "Run Cleaner" button and it will scan and clean your system. Click exit.
 
 


 
 
Start Superantispyware/rightclick on the black/yellow bug in tray.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, allow it to Reboot
 
 
Open Superantispyware
 
Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad) 
 
Post this log along with fresh hijackthis log and tell how things are running
 


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

Aqeel
New Member


Date Joined Feb 2007
Total Posts : 8
 
   Posted 2/24/2007 5:34 PM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
Here is the SUPERANTISPYWARE log.....


==========================

SUPERAntiSpyware Scan Log
Generated 02/24/2007 at 07:11 PM

Application Version : 3.5.1016

Core Rules Database Version : 3165
Trace Rules Database Version: 1176

Scan type : Complete Scan
Total Scan Time : 01:11:08

Memory items scanned : 190
Memory threats detected : 0
Registry items scanned : 4725
Registry threats detected : 0
File items scanned : 61918
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Shakeel\Cookies\shakeel@msnportal.112.2o7.txt

Adware.ChannelUp
J:\SYSTEM VOLUME INFORMATION\_RESTORE{0254E75A-5743-4BD5-BE4B-3AF11ED00C96}\RP14\A0003820.EXE


=============================

the problem still exists......
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12972
 
   Posted 2/25/2007 11:33 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
Post  fresh hijackthis log


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

Aqeel
New Member


Date Joined Feb 2007
Total Posts : 8
 
   Posted 2/26/2007 4:15 PM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
Here is the fresh Hijackthis log and I have also atteched an image, this image describe another problem or symptom caused by that virus... If i right click on any hard disk drive patition in my computer the upper two options in pop up manue are different cherecters.... thay are encricled... plz tell me some solution about it... thanks........


==================================================================

Logfile of HijackThis v1.99.1
Scan saved at 6:07:44 PM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SVCHOST.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SERVER:8080
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE42B0B2-4695-4D64-997F-D92AAF7EE545}: NameServer = 211.94.65.97 202.125.148.204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NILM License manager - Macrovision Corporation - E:\Program Files\National Instruments7\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Image Attachment :
Image Preview
image.JPG
  75KB (image/jpeg)
This image has been viewed 561 time(s).
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12972
 
   Posted 2/27/2007 8:29 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
Reboot to safe mode and delete:
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\MDM.EXE
 
Reboot normally, post new log and tell, do You still have those odd characters ?


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

Aqeel
New Member


Date Joined Feb 2007
Total Posts : 8
 
   Posted 2/28/2007 7:43 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
I rebooted my system in safe mode and found out that "C:\WINDOWS\SVCHOST.EXE" do not exist,
however i tried to delete, "C:\WINDOWS\System32\SVCHOST.EXE" but this is used by system and
cant be delete, i tried to endtask that file but it run itself again...

I also tried to delete,"C:\WINDOWS\MDM.EXE", first time a successfully deleted it but came back again
immidiatly and now delete doesnt work on it...

I still have those odd cherecters....

I found out from some where that it is Trojan Horse but dont know how to remove it... even my antivirus is not detecting it...

i m sending new HiJakeThis log file.....


=====================================================================


Logfile of HijackThis v1.99.1
Scan saved at 9:42:38 AM, on 2/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SERVER:8080
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SVCHOST] C:\WINDOWS\MDM.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE42B0B2-4695-4D64-997F-D92AAF7EE545}: NameServer = 211.94.65.97 202.125.148.204
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: NILM License manager - Macrovision Corporation - E:\Program Files\National Instruments7\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



========================================================

Please try help me out.... cry
Back to Top
 

astedradj
New Member


Date Joined Mar 2007
Total Posts : 1
 
   Posted 3/2/2007 3:07 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
I hope this works out. I have the same problem on my computer. I downloaded a program from a file share site, and now I have a trojan. Most of my files are hiden. I'm thinking I'm going to have to format my computer. Is there a program I can pay for that would remove the viruses? Could you tell me which program is the best one for removing trojans? Also what are the chances that the trojan will be removed? Am I better of just formating and getting a virus protector, firewall? Thanks for the reply.  freaked

Post Edited (astedradj) : 3/2/2007 12:09:16 AM GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12972
 
   Posted 3/2/2007 9:07 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
Please download:
 
by Swandog46 to your Desktop.
You must extract avenger. zip to your desktop, before you run it.

Start up Avenger exe.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, copy,then paste all the text in the quote box below.
Quote:
 
Files to delete:
C:\WINDOWS\MDM.EXE
C:\WINDOWS\SVCHOST.EXE
Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

 After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
 
Download this tool to your desktop:
http://www.uploads.ejvindh.net/rootchk.exe

Run the program. After a short time a logfile will turn up. Copy the contents of the log into the thread along with avnger log, and a fresh hijackthis log.


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

Sayami
New Member


Date Joined Mar 2007
Total Posts : 1
 
   Posted 3/6/2007 10:39 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
Ageel,
 
i have the same problem. i have managed to remove the RavMon.exe virus with Protector Plus 2007, which is free to download, but problem with unhide hidden files and folders is still there.
please let me know if you have solved that problem.
 
would appreciate ur and anyothers help. i m desperate.
 
 
Back to Top
 

SM Nauman
New Member


Date Joined Mar 2007
Total Posts : 1
 
   Posted 3/22/2007 1:07 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
hy..
I have exactly the same problem.
 
i went to safe mode and run Xoftspy and symentec in safe mode and found
Torjan horse
W32.Rajump
 
in mdm.exe files and svhost
 
after that i restarted pc. I am not able to unhide files and 
when i right click any of my partition i still see the ascii language in place of open and explore. More over when i double click on any partition a window pop up which says open with. so i am not able to enter into any of my drive partition. So i have to use folder tree option to work in my partitions.. I am soo upset..
 
Please i desperately need help on this issue. Plz helpp.
Back to Top
 

netgeek
New Member


Date Joined Mar 2007
Total Posts : 1
 
   Posted 3/28/2007 11:00 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
Touch,
thank you for your help and great advice...
I had the same issue / virus on my machine...
I downloaded and utilized all the tools you menitoned as well as MS-MSRT (tells me that these are unrecognized files but does not give you an option to remove them)..and MS-Defender...
 
I had issues with BOOTSAFE (superantispyware)..it would not give me an option to go into NORMAL mode.. i was stuck in SAFE MODE..
 
 using all the tools you mentioned i was able to track down the 3 files on my system.
svchost.exe / Svchost.ini
MDM.exe
and RovMon.exe (spelling?)
 
and those are the files that were causing the problem.. I am pretty sure that I have eliminated them form my system.
 
I had to go serach for all 3 files in the WHOLE REGISTERY (there were over 30 occurances for each in idfferent places).
and delete them.. then using the software you menioned above i deleted those files from the system
 
I still cound not UNHIDE my folders so I went and REPAIRED MY XP.. and now i can see my hidden files..
 
My C:\ still shows up with the corruption and i have not been able to get rid of that...
 
Please advice..
 
Regards,
 
Netgeek
Back to Top
 

nobel007
New Member


Date Joined Dec 2007
Total Posts : 1
 
   Posted 12/26/2007 12:17 AM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders

Not at all what you made it very easy
downlod avg free edition will make it delete virus
Then ......
\ 1 / wordpad then open ..
\ 2 / made save as ...
\ 3 / give him the name autorun.inf
\ 4 / then copy and paste made in the disc wanted ...
\ 5 / reboot the pc and it's playing
 
Nabil alger idea
 
 
 
non pas du tout se que vous faite c'est tres simple
telecharcher avg free edition fera la faire il suprimera le virus
puis ......
\1/ ouvrez wordpad  puis ..
\2/ faite enregistrer sous...
\3/ donner lui le non autorun.inf
\4/ puis copier le ,et faite le coller dans le disque voulu  ...
\5/ redemare le pc et le tour est joue  
 
nabil alger
 


Image Attachment :
Image Preview
Sans titre.JPG
  67KB (image/pjpeg)
This image has been viewed 167 time(s).

Image Attachment :
Image Preview
Sans titre1.JPG
  75KB (image/pjpeg)
This image has been viewed 155 time(s).

Image Attachment :
36_2_2.gif
36_2_2.gif   5KB (image/gif)
Back to Top
 

kaytkayt
New Member


Date Joined Jan 2008
Total Posts : 7
 
   Posted 1/3/2008 9:51 PM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
I have the same "can't unhiding" problem.
 
I had files autorun.inf and semo??.exe (?spelling) in all my disc
partitions. When I deleted them I had them reappear in some seconds.
 
I had the virus in \windows\system32\amvo.exe.
 
I removed amvo.exe and amvo1.dll from \windows\system32
 
Then I deleted autorun.inf and semo??.exe.
 
Now, they don't reappear.
 
But, I still have the problem "can't unhiding" continuing.
 
I also had Win32/NSAnti virus detected (but cant be cleaned).
(That was the point where I understood that my computer was infected).l
 
And also some other kind of virus notifications.
 
But, after I removed amvo.exe I might have gotten rid of
some of them (which ones I don't know).
 
But "can't unhiding problem continues".
 
Could anybody with the same problems solved them?
 
thanks
 
kaytkayt
 
Back to Top
 

kaytkayt
New Member


Date Joined Jan 2008
Total Posts : 7
 
   Posted 1/4/2008 2:34 PM (GMT +3)    Quote: Can't unhide files and foldersAlert an admin about: Can't unhide files and folders
Good news.
 
First,
if exists delete that file.
Note that it is also hidden/read only/system file.
C:\WINDOWS\system32\amvo.exe <<< delete that file
 
C:\WINDOWS\system32\amvo1.dll <<< delete that file as well if exists.

Then I deleted autorun.inf and semo??.exe. from all disk partitions (+usb drive)

Now, they don't reappear.

To get rid of "can't unhide files and folders" problem try the following:
A nice little script that restores the options here:
http://www.kellys-korner-xp.com/xp_tweaks.htm

368. Folder Options/View Empty - Restore Now
http://www.kellys-korner-xp.com/regs_edits/viewfolderrestore.reg
Now, you don't have "can't unhide files and folders" problem anymore.
Windows My Computer-->Tools-->Folder Options-->show hidden files (works :-))
Kaytkayt
 




Back to Top
 
New Topic Post reply to : Can't unhide files and folders Printable version of : Can't unhide files and folders
 
Forum Information
Currently it is Tuesday, July 22, 2014 11:22 AM (GMT +3)
There are a total of 60,517 posts in 13,304 threads.
In the last 3 days there were 4 new threads and 2 reply posts. View Active Threads
Who's Online
This forum has 36135 registered members. Please welcome our newest member, ludwinas.
2 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Cant delete annoying music downloader help? (1)7/22/2014 7:44:23 AM (Touch)
Firewall causing high CPU usage (3)7/22/2014 7:11:23 AM (ludwinas)
Kitchen Burnley (0)7/22/2014 7:01:23 AM (selasa15)
Coventry Kitchen (0)7/22/2014 1:37:36 AM (vasbungas)
Python.exe is malware?? (0)7/21/2014 4:13:18 AM (Leto)