« previous next »
Pages: [1]

Author Topic: "Norton Antivirus cannot access the infected file" js.yamann  (Read 326 times)

Offline luvieluv

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
"Norton Antivirus cannot access the infected file" js.yamann
« on: July 05, 2006, 12:37:49 AM »
Please help! My antivirus program alerted me that I have 22 files infected with the js.yamanner@m virus which could not be quarantined or repaired. It was unable to access the infected files. I rebooted in safe mode to scan again but could not open Norton Antivirus-kept getting an error message. I uninstalled then reinstalled Norton Internet Security. I did a full system scan, but no virus was detected.  My computer keeps crashing and my cd r/w drive stopped working. Here is the logfile from my Hijack This! scan:

Logfile of HijackThis v1.99.1
Scan saved at 8:06:23 PM, on 7/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Dr Laura Media Center\The Dr Laura Media Center.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\HijackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [The Dr Laura Program] C:\Program Files\The Dr Laura Media Center\The Dr Laura Media Center.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1151247388968
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151247492593
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D186634F-7EF0-4D57-B563-DAC7949B12B1} (OutlookImporter Class) - http://gc.reunion.com/install/Reunion/import/importTools.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
"Norton Antivirus cannot access the infected file" js.yamann
« Reply #1 on: July 05, 2006, 12:47:46 AM »
Can you do the following
Access your windows control panel
Double click to open the Java Icon
Under the Cache tab>>Clear cache

Access your add/remove programs
Remove all old versions of Java or java updates
This includes Java 2 Runtime Environment, SE v1.4.2_03

Reboot the computer afterwards

Back in Windows
Access the following link to download the latest version of Java
http://www.java.com/en/download/manual.jsp
Download the Windows OFFLINE installation and save to desktop
Double click to install and follow the prompts to install

Run another updated scan with Norton's
If Norton's finds any bad files, let me know the locations of them on your harddrive please

Post back a fresh hijackthis log afterwards too
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline luvieluv

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
"Norton Antivirus cannot access the infected file" js.yamann
« Reply #2 on: July 05, 2006, 03:22:15 AM »
Hi, thank you for taking time to reply. I did everything as instructed, and ran the scan which came up clean. If this helps at all, here is the previous scan logfile:

Category: Threat alerts
Date@Feature@Threat Name@Action Taken@Item Type@Target@Suspicious Action@Virus Definition Version@Product Version@User Name@Computer Name@Details
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown000007C6.data,Description: The compressed file Unknown000007C6.data within Unknown000007D2.data within Unknown00000DFA.data within Unknown000007BC.data within Unknown000007ED.data within Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown00000D87.data within Unknown00003331.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown000007D2.data,Description: The compressed file Unknown000007D2.data within Unknown00000DFA.data within Unknown000007BC.data within Unknown000007ED.data within Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown00000D87.data within Unknown00003331.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown00000DFA.data,Description: The compressed file Unknown00000DFA.data within Unknown000007BC.data within Unknown000007ED.data within Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown00000D87.data within Unknown00003331.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown000007BC.data,Description: The compressed file Unknown000007BC.data within Unknown000007ED.data within Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown00000D87.data within Unknown00003331.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown000007ED.data,Description: The compressed file Unknown000007ED.data within Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown00000D87.data within Unknown00003331.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown000007CF.data,Description: The compressed file Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown00000D87.data within Unknown00003331.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown00000C43.data,Description: The compressed file Unknown00000C43.data within Unknown000007E1.data within Unknown00000D87.data within Unknown00003331.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown000007E1.data,Description: The compressed file Unknown000007E1.data within Unknown00000D87.data within Unknown00003331.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown00000D87.data,Description: The compressed file Unknown00000D87.data within Unknown00003331.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown00003331.data,Description: The compressed file Unknown00003331.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Quarantined@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: C:\Documents and Settings\COMPAQ~1\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66,Description: The file C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown00000DC4.data,Description: The compressed file Unknown00000DC4.data within Unknown000007C6.data within Unknown000007D2.data within Unknown00000DFA.data within Unknown000007BC.data within Unknown000007ED.data within Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown0000334F.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown000007C6.data,Description: The compressed file Unknown000007C6.data within Unknown000007D2.data within Unknown00000DFA.data within Unknown000007BC.data within Unknown000007ED.data within Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown0000334F.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown000007D2.data,Description: The compressed file Unknown000007D2.data within Unknown00000DFA.data within Unknown000007BC.data within Unknown000007ED.data within Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown0000334F.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown00000DFA.data,Description: The compressed file Unknown00000DFA.data within Unknown000007BC.data within Unknown000007ED.data within Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown0000334F.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown000007BC.data,Description: The compressed file Unknown000007BC.data within Unknown000007ED.data within Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown0000334F.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown000007ED.data,Description: The compressed file Unknown000007ED.data within Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown0000334F.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown000007CF.data,Description: The compressed file Unknown000007CF.data within Unknown00000C43.data within Unknown000007E1.data within Unknown0000334F.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown00000C43.data,Description: The compressed file Unknown00000C43.data within Unknown000007E1.data within Unknown0000334F.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown000007E1.data,Description: The compressed file Unknown000007E1.data within Unknown0000334F.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Delete failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: Unknown0000334F.data,Description: The compressed file Unknown0000334F.data within C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65 is infected with the JS.Yamanner@m virus."
6/24/2006 8:28:53 PM@Virus scanner@"JS.Yamanner@m"@Quarantined@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@"Threat category: VirusSource: C:\Documents and Settings\COMPAQ~1\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65,Description: The file C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65 is infected with the JS.Yamanner@m virus."
6/24/2006 4:28:04 PM@Auto-Protect@"JS.Yamanner@m"@Access denied@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@Source: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65
6/24/2006 4:28:04 PM@Auto-Protect@"JS.Yamanner@m"@Repair failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@Source: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d65
6/24/2006 4:28:04 PM@Auto-Protect@"JS.Yamanner@m"@Access denied@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@Source: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66
6/24/2006 4:28:03 PM@Auto-Protect@"JS.Yamanner@m"@Repair failed@File@N/A@N/A@[email protected]@Compaq_Owner@LISA-COMPUTER@Source: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\MSN\db\luvieluv13-msn-com.d66
6/23/2006 5:41:46 PM@Script Blocking@Suspicious script@Blocked@Script@N/A@FileSystem Object : DeleteFolder@Unknown@Unknown@Compaq_Owner@LISA-COMPUTER@Source: c:\hp\bin\Adobe_PhotoShop_Album\poof.js

Hijack This! logfile #2:

Logfile of HijackThis v1.99.1
Scan saved at 2:17:18 AM, on 7/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Dr Laura Media Center\The Dr Laura Media Center.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [The Dr Laura Program] C:\Program Files\The Dr Laura Media Center\The Dr Laura Media Center.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1151247388968
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151247492593
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D186634F-7EF0-4D57-B563-DAC7949B12B1} (OutlookImporter Class) - http://gc.reunion.com/install/Reunion/import/importTools.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I hope this helps, thanks again  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
"Norton Antivirus cannot access the infected file" js.yamann
« Reply #3 on: July 05, 2006, 10:51:51 PM »
Is everything running OK?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline luvieluv

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
"Norton Antivirus cannot access the infected file" js.yamann
« Reply #4 on: July 06, 2006, 12:30:58 AM »
Well, it seems to be, but I'm wondering what happened to those infected files? Since Norton Antivirus could not delete the virus, isn't it still on my system?  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />
Logged

Offline luvieluv

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
"Norton Antivirus cannot access the infected file" js.yamann
« Reply #5 on: July 06, 2006, 05:11:50 PM »
Hello?? Everything is not ok, I still have no cd drive. The message says "windows could not load the drivers for this device. The drivers may be corrupted or missing".  Can this be caused by the virus? What should I do?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
"Norton Antivirus cannot access the infected file" js.yamann
« Reply #6 on: July 07, 2006, 09:07:12 AM »
Let's make sure things are clear on your end
==Download and install Windows CleanUp! 4.5.2
Don't run a scan yet

CleanUp! attempts to delete files from various temporary directories (including download directories/caches),
as well as emptying the Recycle Bins.
If you make a habit of saving files that you wish to keep in any of these places,  they will be deleted when CleanUp! is run.
Please move them too a different location before we run this tool if the above is true
Note: It is generally considered poor practice to use temporary folders or the Recycle Bin to store files you intend to keep.

==Please download, install, and update  Ewido anti-spyware[list=1]
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close Ewido.
Do not run it yet.

Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Once in safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer

Ewido Scan
  • Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan.  This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As".  This will create a text file.  Make sure you know where to find this file again (like on the Desktop).
Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE


After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis


Reboot back to Normal mode
Back in Windows

Post back all the following please

1. Post back a fresh Hijackthis log
2. Post the whole report from Ewido's

If you still are having problems with your cd drive, can we look at another log please
From the bottom of this reply box
Download>>SAVE>>then unzip to desktop Search.zip, so you now have search.bat extracted to desktop
Double click on search.bat>>A text file called search.txt will be placed on desktop
Copy>paste back here the whole contents please
« Last Edit: July 07, 2006, 09:10:34 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »