I had a problem with malware alarm that I couldn't get rid of. I found your site and am amazed at the helpfulness. I have performed the malware removal and posted the logs here. Could someone analyze these ad tell me if there is something else I need to do to protect and/or fix my computer?
Thank you in advance,
Lynn
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:41 PM, on 11/9/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Lexmark 5200 Series\lxbtbmgr.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Lexmark 5200 Series\lxbtbmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF19EFA5-E53B-4E7A-A34B-2C652A1A52BA}: NameServer = 166.102.165.11 166.102.165.13
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\Windows\system32\lxbtcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11400 bytes
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/08/2007 at 10:18 PM
Application Version : 3.9.1008
Core Rules Database Version : 3341
Trace Rules Database Version: 1342
Scan type : Complete Scan
Total Scan Time : 00:48:25
Memory items scanned : 653
Memory threats detected : 0
Registry items scanned : 7736
Registry threats detected : 1
File items scanned : 59938
File threats detected : 50
Adware.Tracking Cookie
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\lalexander98@fastclick[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\lalexander98@ad.yieldmanager[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\lalexander98@atdmt[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\lalexander98@doubleclick[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@20foxracer.tripod[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@a.websponsors[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@ad.yieldmanager[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@adinterax[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@adlegend[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@adopt.euroclick[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@adrevolver[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@ads.pointroll[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@ads.pubmatic[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@ads.revsci[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@ads.us.e-planning[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@adserver.easyad[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@advertising[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@atdmt[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@atwola[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@azjmp[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@casalemedia[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@clickshapers[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@coolsavings[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@doubleclick[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@fastclick[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@ht.track.prefabmarkets[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@imrworldwide[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@media.adrevolver[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@media.adrevolver[3].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@media6degrees[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@mediaplex[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@overture[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@partner2profit[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@precisionclick[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@questionmarket[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@realmedia[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@server.iad.liveperson[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@server.iad.liveperson[3].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@server2.bkvtrack[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@statcounter[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@trafficmp[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@tremor.adbureau[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@tribalfusion[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@tripod[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@www.googleadservices[1].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@www.googleadservices[2].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@www.googleadservices[3].txt
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Cookies\Low\lalexander98@www1.addfreestats[1].txt
Malware.MalwareAlarm
HKU\S-1-5-21-449685604-1063060915-132014303-1000\Software\MalwareAlarm
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MalwareAlarm\Uninstall.lnk
C:\Users\lalexander98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MalwareAlarm
AntiVir PersonalEdition Classic
Report file date: Friday, November 09, 2007 22:28
Scanning for 921287 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: LALEXANDER98-PC
Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 20:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 19:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 22:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 19:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 21:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 21:26:55
ANTIVIR2.VDF : 7.0.0.172 1092608 Bytes 11/5/2007 05:19:55
ANTIVIR3.VDF : 7.0.0.185 70656 Bytes 11/7/2007 05:19:55
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 11/8/2007 05:19:55
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 17:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 14:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 20:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 15:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 14:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 19:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 14:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 18:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 19:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 19:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 16:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Friday, November 09, 2007 22:28
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ieuser.exe' - '1' Module(s) have been scanned
Scan process 'WkCalRem.exe' - '1' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
Scan process 'HP Connections.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'lxbtbmon.exe' - '1' Module(s) have been scanned
Scan process 'MySpaceIM.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'avgcc.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'wpcumi.exe' - '1' Module(s) have been scanned
Scan process 'lxbtbmgr.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'ALUNOTIFY.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
AntiVir PersonalEdition Classic
Report file date: Friday, November 09, 2007 22:28
Scanning for 921287 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: LALEXANDER98-PC
Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 20:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 19:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 22:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 19:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 21:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 21:26:55
ANTIVIR2.VDF : 7.0.0.172 1092608 Bytes 11/5/2007 05:19:55
ANTIVIR3.VDF : 7.0.0.185 70656 Bytes 11/7/2007 05:19:55
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 11/8/2007 05:19:55
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 17:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 14:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 20:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 15:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 14:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 19:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 14:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 18:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 19:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 19:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 16:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Friday, November 09, 2007 22:28
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ieuser.exe' - '1' Module(s) have been scanned
Scan process 'WkCalRem.exe' - '1' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
Scan process 'HP Connections.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'lxbtbmon.exe' - '1' Module(s) have been scanned
Scan process 'MySpaceIM.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'avgcc.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'wpcumi.exe' - '1' Module(s) have been scanned
Scan process 'lxbtbmgr.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'ALUNOTIFY.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgemc.exe' - '1' Module(s) have been scanned
Scan process 'avgrssvc.exe' - '1' Module(s) have been scanned
Scan process 'avgrssvc.exe' - '1' Module(s) have been scanned
Scan process 'avgupsvc.exe' - '1' Module(s) have been scanned
Scan process 'avgamsvr.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
71 processes with 71 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '22' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
End of the scan: Friday, November 09, 2007 23:13
Used time: 44:44 min
The scan has been done completely.
12957 Scanning directories
215439 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
215439 Files not concerned
1851 Archives were scanned
2 Warnings
12 Notes
<history>
<!-- 01c8225a9eb78f10 -->
<rec time="2007/11/08 22:56:38" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:1196-1171;banner:486-100;iavi:1129-1089;</attr>
</rec>
<rec time="2007/11/08 22:57:51" user="lalexander98" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2007/11/08 23:18:28" user="lalexander98" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2007/11/09 00:13:21" user="lalexander98" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2007/11/09 11:14:22" user="lalexander98" source="General">
<value>@HL_TestStarted</value>
1
do i need help?
Started by Lynn, Nov 10 2007 05:56 AM
4 replies to this topic
#1 OFFLINE
-
- Members
-
- 12 posts
Member
- Gender:Female
- Location:Texas
Posted 10 November 2007 - 05:56 AM
I feel sorry for the people that don't drink. They wake up in the morning and that's as good as their gonna feel all day. -Dean Martin
#2 OFFLINE
-
- Members
-
- 108 posts
Advanced Member
- Gender:Male
- Location:New Hampshire, US
Posted 12 November 2007 - 01:12 PM
Lynn,
I don't have a Vista box running at the moment, so I can't give you click by click instructions, but I can tell you a couple things that you need to do.
You have three Antivirus programs which have some active files running at the same time. This is a NO-NO that can make the system unstable and actually reduce your protection..
If you want to use Avira Antivir, then fine, but you should UNINSTALL both AVG7 and Symantec (Norton).
There is a set of Norton removal Tools here:
http://service1.symantec.com/SUPPORT/tsgen...&view=docid
You also need to UNINSTALL any item with Java Runtime Environment, JRE, J2SE, or Java Webstart in the name. Older versionns have vulnerabilities that may allow an avenue for malware.
Then Reboot your computer
Download the latest version of Java Runtime Environment(JRE), and install it to your computer. It is the 5th one down on the page, called Java Runtime Environment (JRE) 6 Update 3
Download it, choose save, and save it to your desktop.Then doubleclick it, and it will install the newest version of Java for you to use.
I don't see any active signs of infections in your log.
askey127
I don't have a Vista box running at the moment, so I can't give you click by click instructions, but I can tell you a couple things that you need to do.
You have three Antivirus programs which have some active files running at the same time. This is a NO-NO that can make the system unstable and actually reduce your protection..
If you want to use Avira Antivir, then fine, but you should UNINSTALL both AVG7 and Symantec (Norton).
There is a set of Norton removal Tools here:
http://service1.symantec.com/SUPPORT/tsgen...&view=docid
You also need to UNINSTALL any item with Java Runtime Environment, JRE, J2SE, or Java Webstart in the name. Older versionns have vulnerabilities that may allow an avenue for malware.
Then Reboot your computer
Download the latest version of Java Runtime Environment(JRE), and install it to your computer. It is the 5th one down on the page, called Java Runtime Environment (JRE) 6 Update 3
Download it, choose save, and save it to your desktop.Then doubleclick it, and it will install the newest version of Java for you to use.
I don't see any active signs of infections in your log.
askey127
#3 OFFLINE
-
- Members
-
- 12 posts
Member
- Gender:Female
- Location:Texas
Posted 23 November 2007 - 08:12 PM
I have followed your instructions and can't thank you enough. The computer seems to be working great. The only problem I can find is about the desktop background. When the malware alarm was on my computer my background pic disappeared and now i can't change it to anything but a solid color. Any ideas?
Thanks again,
Lynn
Thanks again,
Lynn
I feel sorry for the people that don't drink. They wake up in the morning and that's as good as their gonna feel all day. -Dean Martin
#4 OFFLINE
-
- Members
-
- 108 posts
Advanced Member
- Gender:Male
- Location:New Hampshire, US
Posted 23 November 2007 - 10:05 PM
As I mentioned, I don't have a Vista box running, but have a look at this site, and see if the instructions and sample pics might help you establish a new background:
http://www.microsoft...ss/default.mspx
http://www.microsoft...ss/default.mspx
#5 OFFLINE
-
- Members
-
- 12 posts
Member
- Gender:Female
- Location:Texas
Posted 23 November 2007 - 10:18 PM
You're wonderful! Worked beautifully.
Thank,
Lynn
Thank,
Lynn
I feel sorry for the people that don't drink. They wake up in the morning and that's as good as their gonna feel all day. -Dean Martin
