need Security Suite help!!

Kimberly13 · August 30, 2010

Got it to work in safe mode.

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Sunday, August 29, 2010

Operating system: Microsoft (build 7600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Sunday, August 29, 2010 18:44:42

Records in database: 4167612

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

Scan statistics:

Objects scanned: 110939

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 01:27:12

No threats found. Scanned area is clean.

Selected area has been scanned.

Kimberly13 · August 31, 2010

What do I do now??

Maurice Naggar · August 31, 2010

Kimberly,

The last Kaspersky scan did not find anything.

We are nearly done (except for cleanups [later on] ).

For now, given you did not buy McAfee (if I remember properly), I suggest you remove it and get a different antivirus.

If this is a personal non-commercial-use system, and cost of antivirus program is a serious issue, I would recommend one of the following free AVs

Avira AntiVir http://www.free-av.com

Avast http://www.avast.com

See the article Uninstall Tools for Major Antivirus Products before switching antivirus apps.

Here's the first step(s) in switching from one antivirus program to another one. (keeping in mind you're on Windows 7)

1. Download and SAVE the new AV program. Do NOT install just yet.

2. De-install the old program. In your case, see this guide

http://windows.microsoft.com/en-US/windows...hange-a-program

3. Reboot system.

4. See this guide and then run the Uninstall tool for the old set.

Uninstall Tools for Major Antivirus Products

Reason being, McAfee can leave behind some traces when removed.

5. Run the install for the new antivirus.

6. Make sure you register with a legitimate email of yours. So you get notified on activation (if needed).

7. Logoff and restart.

8. Bring up your new AV and do an UPDATE run to insure the new program is all up-to-date.

Let me know what you decide and what you've done.

Kimberly13 · August 31, 2010

I am installing Avira on my computer right now, and it says "Windows Defender is currently enabled on your system. This can lead to compatibility problems. We therefore recommend that you turn off Windows Defender."

Should I do that?

Maurice Naggar · August 31, 2010

Yes, go ahead.

Kimberly13 · August 31, 2010

I downloaded Avira, updated it, and ran a scan. I attached the log from the scan below:

Avira AntiVir Personal

Report file date: Tuesday, August 31, 2010 15:23

Scanning for 2768657 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7 x64

Windows version : (plain) [6.1.7600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : KIMBERLY-PC

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 20:13:42

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 20:14:39

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 20:17:36

VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 20:17:37

VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 20:17:38

VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 20:17:38

VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 20:17:38

VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 20:17:38

VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 20:17:47

VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 20:18:36

VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 20:18:44

VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 20:18:50

VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 20:18:54

VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 20:19:00

VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 20:19:11

VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 20:19:16

VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 20:19:22

VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 20:19:26

VBASE023.VDF : 7.10.10.246 130048 Bytes 8/23/2010 20:19:30

VBASE024.VDF : 7.10.11.11 144896 Bytes 8/25/2010 20:19:38

VBASE025.VDF : 7.10.11.33 135168 Bytes 8/27/2010 20:19:42

VBASE026.VDF : 7.10.11.52 148992 Bytes 8/31/2010 20:19:54

VBASE027.VDF : 7.10.11.53 2048 Bytes 8/31/2010 20:19:54

VBASE028.VDF : 7.10.11.54 2048 Bytes 8/31/2010 20:19:54

VBASE029.VDF : 7.10.11.55 2048 Bytes 8/31/2010 20:19:54

VBASE030.VDF : 7.10.11.56 2048 Bytes 8/31/2010 20:19:55

VBASE031.VDF : 7.10.11.62 49664 Bytes 8/31/2010 20:19:58

Engineversion : 8.2.4.46

AEVDF.DLL : 8.1.2.1 106868 Bytes 8/31/2010 20:22:22

AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 8/31/2010 20:22:19

AESCN.DLL : 8.1.6.1 127347 Bytes 8/31/2010 20:22:02

AESBX.DLL : 8.1.3.1 254324 Bytes 8/31/2010 20:22:25

AERDL.DLL : 8.1.8.2 614772 Bytes 8/31/2010 20:21:59

AEPACK.DLL : 8.2.3.5 471412 Bytes 8/31/2010 20:21:39

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/31/2010 20:21:33

AEHEUR.DLL : 8.1.2.19 2867574 Bytes 8/31/2010 20:21:31

AEHELP.DLL : 8.1.13.3 242038 Bytes 8/31/2010 20:20:38

AEGEN.DLL : 8.1.3.20 397684 Bytes 8/31/2010 20:20:33

AEEMU.DLL : 8.1.2.0 393588 Bytes 8/31/2010 20:20:19

AECORE.DLL : 8.1.16.2 192887 Bytes 8/31/2010 20:20:14

AEBB.DLL : 8.1.1.0 53618 Bytes 8/31/2010 20:20:11

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Tuesday, August 31, 2010 15:23

Starting search for hidden objects.

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020D75-0000-0000-C000-000000000046}\ShellFolder\attributes

[NOTE] The registry entry is invisible.

The scan of running processes will be started

Scan process 'avscan.exe' - '87' Module(s) have been scanned

Scan process 'avscan.exe' - '30' Module(s) have been scanned

Scan process 'avcenter.exe' - '77' Module(s) have been scanned

Scan process 'hpqgpc01.exe' - '56' Module(s) have been scanned

Scan process 'avgnt.exe' - '57' Module(s) have been scanned

Scan process 'jusched.exe' - '27' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '75' Module(s) have been scanned

Scan process 'hpqbam08.exe' - '30' Module(s) have been scanned

Scan process 'hpqSTE08.exe' - '58' Module(s) have been scanned

Scan process 'hpwuschd2.exe' - '20' Module(s) have been scanned

Scan process 'EasySpeedUpManager.exe' - '34' Module(s) have been scanned

Scan process 'PDVD8Serv.exe' - '27' Module(s) have been scanned

Scan process 'CLMLSvc.exe' - '36' Module(s) have been scanned

Scan process 'ONENOTEM.EXE' - '22' Module(s) have been scanned

Scan process 'hpqtra08.exe' - '70' Module(s) have been scanned

Scan process 'SSCKbdHk.exe' - '29' Module(s) have been scanned

Scan process 'WCScheduler.exe' - '50' Module(s) have been scanned

Scan process 'dmhkcore.exe' - '55' Module(s) have been scanned

Scan process 'RichVideo.exe' - '24' Module(s) have been scanned

Scan process 'svchost.exe' - '46' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '41' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '35' Module(s) have been scanned

Scan process 'avguard.exe' - '67' Module(s) have been scanned

Scan process 'sched.exe' - '50' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '730' files ).

Starting the file scan:

Begin scan in 'C:\'

Begin scan in 'D:\'

End of the scan: Tuesday, August 31, 2010 16:00

Used time: 36:33 Minute(s)

The scan has been done completely.

21029 Scanned directories

425811 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

425811 Files not concerned

1529 Archives were scanned

0 Warnings

0 Notes

687393 Objects were scanned with rootkit scan

1 Hidden objects were found

Maurice Naggar · August 31, 2010

Kimberly,

Your system is in good shape now. The Avira AntiVir did not find anything.

(BTW, we've been fortunate to locate and remove the remainders of the "gremlins" some days ago.)

You've not had a recurrence of the "rogue" alarms.

I would suggest, given you have a 64-bit Windows system, and that given that there are few tools to remove infections on those (more limited than are 32-bit systems), that you consider purchasing an MBAM license for this system.

That would provide you an additional layer of real-time protection.

The fee is a one-time fee, with no yearly renewals. Good for lifetime, and should you outgrow this hardware, the license can be migrated to your next system.

It is one license per system.

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

One more, using this as a guide

Uninstall or change a program - Windows 7

De-install your Adobe Reader: You need to get the latest version.

Look for and De-install also ESET Online, if present.

Look for and De-install also Kaspersky Online, if present.

Older versions of Adobe Reader pose a potential security risk.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan

The following few steps will remove tools we used; followed by advice on staying safer.

Please Right-click OTL.exe and select Run as Administrator to start OTL.
Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
This step removes the files, folders, and shortcuts created by the tools I had you download and run.

ERUNT you may keep and use from time to time to take snapshots of the Windows registry.

TFC you may keep and use periodically to delete temporary files.

Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
Check in at Windows Update and install any Critical Updates offered.
Make certain that Automatic Updates is enabled.
Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.
Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
Kaspersky Webscan Online Virus Scanner
ESET Online Scanner
Panda ActiveScan
Trend Micro Housecall
F-Secure Online Scanner
Read Tony Klein's article How Did I Get Infected In The First Place
MS Online Safety & Privacy Education
Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !

We are finished here. Best regards.

Kimberly13 · September 1, 2010

Thank you soo much for all your help! I have one more question for the time being, I might have more as I move through these steps... I show that I have 3 Adobe programs- Adobe Air, Adobe Flash Player 10 Active X and Plugin... Do I uninstall all of these?

Maurice Naggar · September 1, 2010

Just the one for Adobe Reader .

Then later, as you work your way down my suggestions, and you run the Secunia check, you may well find that the Flash Player likely needs updating.

Kimberly13 · September 1, 2010

Also, there are a number of programs installed on my desktop that I'm not sure what to do with- SecurityCheck, NTREGOPT, MCPR, avira_antivir_personal_em (There is also an Avira Control Center so I'm not sure if I need to keep both?) There is also an mbam-setup in addition to the Malwarebyte's Anti-Malware program. And do I need to keep both Jave (64-bit and 32-bit) on the desktop? If not, how do I take it off without deleting/uninstalling it?

Do I install the programs you recommended on my desktop or somewhere else? If so, where do I save them?

I use LimeWire, is it safe to use?

How do I make backups of my system?

That's all for now, thanks!

Kimberly13 · September 1, 2010

I am also still getting pop ups randomly- this is the one I just got - http://wordslife.com/ads.php There are different ones that show up. I made sure my popup blocker is on. What should I do?

Maurice Naggar · September 1, 2010

That's a whole lot of questions, Kimberly.

Some I'll have to defer and have you open a topic in PC Help sub-forum, or give you a link to a good beginners help forum.

SecurityCheck you may delete.

You may also delete mbam-setup (since it is already installed).

NTREGOPT you may delete. (it is a bit advanced, completly safe; just not something 'you' gotta have).

MCPR I do not know what that is, honestly, since I cannot be there to see it first hand. We did not have you get that.

Don't know exactly what are "both Jave (64-bit and 32-bit) on the desktop" they ought not to be on the Desktop.

Are those what you downloaded ? when I asked you to update Java.

Do a right-click on each one and just only "see" what the Properties show for the "names".

Limewire is a peer-to-peer app that you ought not to have or use, since it "can" leave your system open to getting malicious "packages".

I do not recommend their use since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

P2P file sharing: Know the risks

On backups:

See this article at Computer Haven (btw, this is a great forum, started by a good friend of mine, geared towards beginners and a very friendly spot)

http://computerhaven.info/Backups.aspx

Back up your files

http://windows.microsoft.com/en-GB/windows...k-up-your-files

Also see How to backup and restore your data using Cobian Backup

http://www.bleepingcomputer.com/tutorials/tutorial127.html

Bear in mind, you want to backup to "offline" media like an external USB drive on some regular basis.

Now.... unless there's an issue related to removing the tools "I" had you use, or, the suggestions I gave in the Closing earlier,

I would say Best wishes and stay safe.

Maurice Naggar · September 1, 2010

I am also still getting pop ups randomly- this is the one I just got - http://wordslife.com/ads.php There are different ones that show up. I made sure my popup blocker is on. What should I do?

Were you "surfing" with your browser ? if so, where? with Internet Explorer and did it popup in a separate window? .....sigh.....

Kimberly13 · September 1, 2010

I meant to type Java not Jave, and the names are jre-6u21-windows-i586-s and jre-6u21-windows-x64. No, I was not surfing the web, I've only been getting on this website and ones you direct me towards since you've been helping me. It did pop up in a seperate window, and I am using Internet Explorer.

Maurice Naggar · September 1, 2010

The files jre-6u21-windows-i586-s

and jre-6u21-windows-x64 you should delete. Those are the Java downloaded install files.

They're no longer needed.

Now, do the following.

Step 1

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
IF prompted to Reboot, reply "Yes".

Step 2

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner sub-tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 3

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or

http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop.

Please include the following logs in your next reply:

DDS.txt

and the MBAM scan log

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Kimberly13 · September 1, 2010

DDS:

DDS (Ver_10-03-17.01) - NTFSX64

Run by Kimberly at 8:20:48.10 on Wed 09/01/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2738 [GMT -5:00]

============== Running Processes ===============

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\windows\system32\conhost.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\windows\system32\svchost.exe -k HPService

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\Users\Kimberly\Desktop\dds.scr

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://jaguar1.usouthal.edu/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

mLocal Page = c:\windows\syswow64\blank.htm

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files (x86)\ask.com\GenericAskToolbar.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~1\office14\URLREDIR.DLL

BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll

TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [updateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [CLMLServer] "c:\program files (x86)\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [RemoteControl8] "c:\program files (x86)\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files (x86)\cyberlink\powerdvd8\language\Language.exe"

mRun: [updatePPShortCut] "c:\program files (x86)\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"

mRun: [updatePSTShortCut] "c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [uCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\users\kimberly\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\micros~1\office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL

BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll

BHO-X64: Windows Live Family Safety Browser Helper - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

============= SERVICES / DRIVERS ===============

R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2010-5-17 13824]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-8-31 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-8-31 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-31 81072]

R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-11-2 13784]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-5-18 158976]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-5-18 84584]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-9-28 395264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-7-5 135664]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-5-18 61280]

S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]

S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-11-2 126352]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-7 1255736]

=============== Created Last 30 ================

2010-09-01 02:06:59 118784 ----a-w- c:\windows\syswow64\MSSTDFMT.DLL

2010-09-01 02:06:58 0 d-----w- c:\program files (x86)\SpywareBlaster

2010-08-31 20:33:42 270208 ------w- c:\windows\system32\MpSigStub.exe

2010-08-31 20:12:02 0 d-----w- c:\users\kimberly\appdata\roaming\Avira

2010-08-31 20:08:29 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-08-31 20:08:28 0 d-----w- c:\programdata\Avira

2010-08-31 20:08:28 0 d-----w- c:\program files (x86)\Avira

2010-08-29 22:11:01 731106 ----a-w- c:\windows\syswow64\PerfStringBackup.INI

2010-08-29 20:30:30 423656 ----a-w- c:\windows\syswow64\deployJava1.dll

2010-08-28 02:56:08 0 d-----w- c:\program files\Java

2010-08-28 02:10:02 468480 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-25 17:01:11 0 ----a-w- c:\users\kimberly\defogger_reenable

2010-08-25 13:41:37 861184 ----a-w- c:\windows\system32\oleaut32.dll

2010-08-25 13:41:37 571904 ----a-w- c:\windows\syswow64\oleaut32.dll

2010-08-18 18:26:12 618540 ----a-w- c:\users\kimberly\HOSTS

2010-08-12 05:49:55 0 d-----w- c:\users\kimberly\appdata\roaming\Malwarebytes

2010-08-12 05:49:26 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-12 05:49:26 0 d-----w- c:\programdata\Malwarebytes

2010-08-12 05:49:26 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-08-11 00:14:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-08-02 20:10:22 12867584 ----a-w- c:\windows\syswow64\shell32.dll

==================== Find3M ====================

2010-09-01 02:32:38 1615 ----a-w- c:\users\kimberly\mvps.bat

2010-08-29 20:30:19 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-08-29 20:30:19 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-08-29 20:30:19 145184 ----a-w- c:\windows\syswow64\java.exe

2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll

2010-07-18 21:54:10 205885 ----a-w- c:\windows\hpoins46.dat

2010-07-05 23:33:15 0 ----a-w- c:\windows\system32\drivers\144D_SAMSUNG_N_Q430_02KF.mrk

2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll

2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll

2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll

2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll

2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll

2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll

2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll

2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe

2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll

2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe

2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe

2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll

2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys

2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll

2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll

2010-06-08 06:02:06 1233920 ----a-w- c:\windows\syswow64\msxml3.dll

2010-06-08 05:36:31 1877504 ----a-w- c:\windows\system32\msxml3.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 8:21:19.94 ===============

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 7/5/2010 6:32:46 PM

System Uptime: 9/1/2010 8:07:24 AM (0 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | Q430/Q530

Processor: Intel® Core i5 CPU M 450 @ 2.40GHz | CPU 1 | 2400/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 100 GiB total, 69.682 GiB free.

D: is FIXED (NTFS) - 351 GiB total, 350.563 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart D110 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart D110 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HL-2140 series

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: Brother

Name: HL-2140 series

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: HP Color LaserJet CP2025dn

Device ID: ROOT\MULTIFUNCTION\0002

Manufacturer: Hewlett-Packard

Name: HP Color LaserJet CP2025dn

PNP Device ID: ROOT\MULTIFUNCTION\0002

Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: hp LaserJet 4350

Device ID: ROOT\MULTIFUNCTION\0003

Manufacturer: Hewlett-Packard

Name: hp LaserJet 4350

PNP Device ID: ROOT\MULTIFUNCTION\0003

Service:

Class GUID:

Description: HP LaserJet 1200

Device ID: ROOT\MULTIFUNCTION\0004

Manufacturer:

Name: HP LaserJet 1200

PNP Device ID: ROOT\MULTIFUNCTION\0004

Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8000 A809

Device ID: ROOT\MULTIFUNCTION\0005

Manufacturer: HP

Name: Officejet Pro 8000 A809

PNP Device ID: ROOT\MULTIFUNCTION\0005

Service:

==== System Restore Points ===================

RP37: 8/25/2010 11:55:57 AM - Removed Adobe Flash Player 10 Plugin.

RP39: 8/26/2010 3:59:27 PM - Windows Modules Installer

RP40: 8/26/2010 4:00:39 PM - Windows Modules Installer

RP41: 8/27/2010 10:41:24 AM - OTL Restore Point

RP42: 8/27/2010 8:56:05 PM - Removed Java 6 Update 18

RP43: 8/27/2010 9:09:28 PM - Installed Java 6 Update 21 (64-bit)

RP44: 8/27/2010 9:55:33 PM - Removed Java 6 Update 21 (64-bit)

RP45: 8/27/2010 9:55:59 PM - Installed Java 6 Update 21 (64-bit)

RP46: 8/27/2010 10:14:55 PM - Removed Adobe Reader 9.1.

RP47: 8/29/2010 3:30:00 PM - Installed Java 6 Update 21

RP48: 8/31/2010 3:33:19 PM - Windows Update

RP49: 8/31/2010 8:46:03 PM - Windows Update

==== Installed Programs ======================

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Apple Application Support

Apple Software Update

Ask Toolbar

AT&T Yahoo! Browser Configuration

Atheros Client Installation Program

Avira AntiVir Personal - Free Antivirus

BatteryLifeExtender

Best Buy Software Installer

BufferChm

ChargeableUSB

Coupon Printer for Windows

CyberLink DVD Suite

CyberLink LabelPrint

CyberLink Power2Go

CyberLink PowerDirector

CyberLink PowerDVD 8

CyberLink PowerProducer

CyberLink YouCam

D110

Definition update for Microsoft Office 2010 (KB982726)

Destinations

DeviceDiscovery

Easy Content Share

Easy Display Manager

Easy Network Manager

Easy SpeedUp Manager

EasyBatteryManager

EasyFileShare

ERUNT 1.1j

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

HP Photo Creations

HP Update

HPAppStudio

HPPhotoGadget

HPProductAssistant

HPSSupply

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Driver

Java Auto Updater

Java 6 Update 21

Junk Mail filter update

LimeWire 5.5.10

Malwarebytes' Anti-Malware

MarketResearch

Marvell Miniport Driver

Microsoft Choice Guard

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MultimediaPOP

PS_AIO_07_D110_SW_Min

QuickTime

QuickTransfer

Realtek High Definition Audio Driver

Samsung Recovery Solution 4

Samsung Support Center

Samsung Update Plus

Scan

SmartWebPrinting

SolutionCenter

SpywareBlaster 4.4

Status

Toolbox

TrayApp

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Outlook Social Connector (KB983403)

User Guide

WebReg

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

==== Event Viewer Messages From Past Week ========

9/1/2010 8:06:09 AM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

9/1/2010 8:06:08 AM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The remote procedure call failed. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

8/31/2010 3:08:46 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

8/31/2010 2:57:16 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/31/2010 2:55:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/31/2010 2:55:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/31/2010 2:55:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/31/2010 2:55:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/31/2010 2:54:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SABI spldr Wanarpv6

8/29/2010 6:13:21 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

8/29/2010 3:10:33 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/28/2010 8:29:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

8/27/2010 1:28:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

8/26/2010 5:27:22 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

8/25/2010 11:25:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

8/25/2010 11:25:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

8/25/2010 11:17:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

==== End Of File ===========================

MBAM log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4521

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/1/2010 8:14:28 AM

mbam-log-2010-09-01 (08-14-28).txt

Scan type: Quick scan

Objects scanned: 148558

Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Maurice Naggar · September 1, 2010

De-install LimeWire 5.5.10

and confirm that for me.

Kimberly13 · September 1, 2010

I will uninstall limewire right now, I was just about to post my latest avira scan.. It showed hidden objects.. Is that bad?

Avira AntiVir Personal

Report file date: Wednesday, September 01, 2010 10:26

Scanning for 2768657 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7 x64

Windows version : (plain) [6.1.7600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : KIMBERLY-PC

Version information:

BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00

AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04

LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 20:13:42

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 20:14:39

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 20:17:36

VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 20:17:37

VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 20:17:38

VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 20:17:38

VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 20:17:38

VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 20:17:38

VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 20:17:47

VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 20:18:36

VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 20:18:44

VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 20:18:50

VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 20:18:54

VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 20:19:00

VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 20:19:11

VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 20:19:16

VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 20:19:22

VBASE022.VDF : 7.10.10.217 118272 Bytes 8/19/2010 20:19:26

VBASE023.VDF : 7.10.10.246 130048 Bytes 8/23/2010 20:19:30

VBASE024.VDF : 7.10.11.11 144896 Bytes 8/25/2010 20:19:38

VBASE025.VDF : 7.10.11.33 135168 Bytes 8/27/2010 20:19:42

VBASE026.VDF : 7.10.11.52 148992 Bytes 8/31/2010 20:19:54

VBASE027.VDF : 7.10.11.53 2048 Bytes 8/31/2010 20:19:54

VBASE028.VDF : 7.10.11.54 2048 Bytes 8/31/2010 20:19:54

VBASE029.VDF : 7.10.11.55 2048 Bytes 8/31/2010 20:19:54

VBASE030.VDF : 7.10.11.56 2048 Bytes 8/31/2010 20:19:55

VBASE031.VDF : 7.10.11.62 49664 Bytes 8/31/2010 20:19:58

Engineversion : 8.2.4.46

AEVDF.DLL : 8.1.2.1 106868 Bytes 8/31/2010 20:22:22

AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 8/31/2010 20:22:19

AESCN.DLL : 8.1.6.1 127347 Bytes 8/31/2010 20:22:02

AESBX.DLL : 8.1.3.1 254324 Bytes 8/31/2010 20:22:25

AERDL.DLL : 8.1.8.2 614772 Bytes 8/31/2010 20:21:59

AEPACK.DLL : 8.2.3.5 471412 Bytes 8/31/2010 20:21:39

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/31/2010 20:21:33

AEHEUR.DLL : 8.1.2.19 2867574 Bytes 8/31/2010 20:21:31

AEHELP.DLL : 8.1.13.3 242038 Bytes 8/31/2010 20:20:38

AEGEN.DLL : 8.1.3.20 397684 Bytes 8/31/2010 20:20:33

AEEMU.DLL : 8.1.2.0 393588 Bytes 8/31/2010 20:20:19

AECORE.DLL : 8.1.16.2 192887 Bytes 8/31/2010 20:20:14

AEBB.DLL : 8.1.1.0 53618 Bytes 8/31/2010 20:20:11

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35

AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40

AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46

AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51

AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30

SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58

AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56

NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20

RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Wednesday, September 01, 2010 10:26

Starting search for hidden objects.

c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0

c:\Windows\System32