After finding ten viruses on my computer and confining them to the Chest, I notice the log shows over 1,000 files that are password protected and cannot be scanned. Should I put these in the Chest? I tried to google the viruses Avast found but often the responses are in other languages or over my head. Can someone guide my way through this? My CD drives aren’t being recognized and I am getting sore fingers from searching for answers…
“the file is password protected”: avast can’t scan files that are password protected, it doesn’t know the password. There are many legitimate reasons why a file was password protected. For intance Lavasoft stores its data in a password-protected ZIP archives (to prevent other similar tools from messing up with them). It’s really nothing to worry about - it’s normal.
Are your drives being recognized in the bios?
Grateful for your reply. In answer to your ? if recognized by BIOS: Yes, it recognizes Secondary Master ATAPI CD Rom and Secondary Slave ATAPI CD Rom and the device manager states they are working properly. The CD drive now works but the CD R/W drive does not.
Any error(s) in device manager?
Checked the cables/connections to the drives?
My cables are tight and no yellow !!! in my Device Manager.
What OS and what filesystem?
Windows XP; NTFS
You may try this:
- Boot in safe mode
- remove the ide controllers from device manager
- reboot normally and let windows reinstall them
If the drive still won’t work, take it out and try it in another system to see if it is the drive or the system.
I will try that. Appreciate your guidance! My cordless mouse is acting erratically so it’s been difficult to communicate.
Removed the IDE Controllers while in Safe Mode and Windows found the hardware and reinstalled the controllers. I rebooted, but it won’t play. Avast scan states “the device is not ready.”
Avast scan states "the device is not ready."Normally Avast says this if there is no medium to scan or if the device has problems.
Is there a cd in the drive? (make sure it is not a blank one)
Can you explorer the content of a cd with it?
Tried several CDs, when attempting to Explore, it takes me to an empty screen.
Maybe you could try setting your cd-rw on master(if you don’t have it already) cause alot of rws don’t work on slave if there is another cd-rom on master.
But it had been working before I found the viruses. I have scanned my system several times since and it seems clean but for the pw protected files which prompted me my original post.
I’m going to keep troubleshooting the problem. I wonder how those viruses got by my Avast system protection…
Logfile of HijackThis v1.99.1
Scan saved at 4:41:49 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using Download &Express - file://C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by19fd.bay19.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip..{C8FD25B2-6365-4422-961D-5EB36472EC83}: NameServer = 64.136.173.5 64.136.164.46
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
The reason for your post is?
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
OR HiJackThis Log file - On-line Analysis 2
I was so excited about the Hijack This site I forgot to add my message…sorry. I was trying to find out if my system was back to normal after removing the items Avast found. Was hoping that someone could analyze it for me. Many thanks.
The two links above both provide an on-line analysis, they point out nasty, unknown, entries. checking those entries against those programs you have installed or using a google for the exe or dll file being flagged should confirm the need to fix it in HJT.
That way you don’t have to wait for someone to get back to you and you learn something about your system. Many of the people helping will have gone to a similar site to check your log fie contents.
I got the mistaken impression that it was possible to get help in this forum by posting the log. Pardon my boldness. Thank you, David, for suggesting the sites and I will endeavor to determine which entries need deletion. Thanks also to Eddie and all the helpful people at Avast.
HJT log is clean.
Could remove some things that are not needed to load at boottime though.