Jump to content

beavhope

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

 Content Type 

Everything posted by beavhope

  1. beavhope
    The alerts turned out to be the Live folder and the Live .lnk that showed on the start menu. I cleaned them and everything seems OK at this point. Thanks Maniac and Malwarebytes.
  2. beavhope
    Ran scan this morning and it found Live Platinum again. I have not removed it yet. What is the next step?
  3. beavhope
    I rebooted and ran another scan which came back clean and everything appears to be OK. One thing that concerns me is that on rebooting I saw a small DOS command line window for an instant on top of the Windows screen. I don't think that is part of the usual boot routine for this machine. When I rebooted to show my wife (who is the user of this machine) it didn't appear. Could that be an issue?
  4. beavhope
    <p>I'm not sure which logs you need but herer are the first scan log and the log made after reboot along with the DDS and Attach files.</p> <p> </p> <p>First can Log:</p> <p> </p> <pre> Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.17.12 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Sara :: ASUS [administrator] 7/17/2012 1:12:09 PM mbam-log-2012-07-17 (13-12-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 232781 Time elapsed: 8 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qpoldxhl (Trojan.Phex.THAGen4) -> Data: "C:\Users\Sara\AppData\Local\ocgfaird.exe" -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\Sara\AppData\Local\ocgfaird.exe (Trojan.Phex.THAGen4) -> Quarantined and deleted successfully. C:\Users\Sara\Local Settings\ocgfaird.exe (Trojan.Phex.THAGen4) -> Quarantined and deleted successfully. C:\Users\Sara\Local Settings\Application Data\ocgfaird.exe (Trojan.Phex.THAGen4) -> Quarantined and deleted successfully. (end)</pre> <p>After reboot log:</p> <p> </p> <pre> Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.17.12 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Sara :: ASUS [administrator] 7/17/2012 1:29:08 PM mbam-log-2012-07-17 (13-29-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 232150 Time elapsed: 12 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)</pre> <p> </p> <p>DDS File:</p> <p> </p> <pre> . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33 Run by Sara at 13:42:15 on 2012-07-17 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3810 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG10\avgchsva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgemca.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\WUDFHost.exe C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\wuauclt.exe C:\PROGRA~2\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://att.my.yahoo.com/ uInternet Settings,ProxyOverride = <local> uURLSearchHooks: H - No File uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll mURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Google Update] "C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [Reminder] C:\Program Files (x86)\Microsoft Money\System\reminder.exe mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml StartupFolder: C:\Users\Sara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 205.152.150.23 TCP: Interfaces\{78D9DFA9-5386-4DB3-870B-618C3135BF2A} : DhcpNameServer = 192.168.0.1 205.152.150.23 TCP: Interfaces\{C143592C-058E-4235-80CD-E44433F6309B} : DhcpNameServer = 192.168.0.1 205.152.150.23 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun-x64: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\fqjoyoq8.default\ FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3b184843-5d42-46a0-8b97-b21bab08da36%7D&mid=19ff6163de629b4225c61949b692bf72-9198bf7217863c0dde19be5c2ffe30aefa6055b0&ds=AVG&v=10.2.0.3&lang=us&pr=fr&d=2011-12-12%2008%3A31%3A13&sap=ku&q= FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npoji610.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Sara\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984] R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520] R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-6-10 232960] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176] S3 AVerFx2hbtv64;AVerMedia C038 USB Capture Card;C:\Windows\system32\drivers\AVerFx2hbtv64.sys --> C:\Windows\system32\drivers\AVerFx2hbtv64.sys [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-7 167264] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-17 12:55:31 -------- d-----w- C:\Users\Sara\AppData\Local\{4CE40726-3B96-48CE-A593-2F7F0F178436} 2012-07-17 12:55:20 -------- d-----w- C:\Users\Sara\AppData\Local\{8DA62B74-19D7-44B9-B780-935003FF3715} 2012-07-16 14:30:43 -------- d-----w- C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7 2012-07-16 12:21:14 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-07-16 12:21:11 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-07-16 12:13:01 -------- d-----w- C:\AMD 2012-07-16 03:41:24 -------- d-----w- C:\Users\Sara\AppData\Local\{CCADBCF8-3D91-4330-91EC-0B0D19D6F120} 2012-07-16 03:41:13 -------- d-----w- C:\Users\Sara\AppData\Local\{32E133F1-23B7-499E-AE37-E202CFBCC82F} 2012-07-15 23:02:43 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE 2012-07-15 19:20:45 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-07-15 16:47:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2012-07-15 16:47:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-15 16:47:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-15 14:22:44 -------- d-----w- C:\Users\Sara\AppData\Local\{52E43F87-CA20-4E7F-812C-4BEB75343430} 2012-07-15 14:22:33 -------- d-----w- C:\Users\Sara\AppData\Local\{D75AF7B4-29A4-412E-8D67-3C6BD88E9E96} 2012-07-15 13:17:30 -------- d-----w- C:\Users\Sara\AppData\Local\{E47B790A-F14F-4130-874A-1D770C065414} 2012-07-14 20:01:00 -------- d-----w- C:\Users\Sara\AppData\Local\{E2BFCECF-6C7E-4E2F-9F14-7AB84A0619D2} 2012-07-14 20:00:50 -------- d-----w- C:\Users\Sara\AppData\Local\{82942619-D514-4494-BD08-9799185E3F43} 2012-07-14 16:58:58 -------- d-----w- C:\Users\Sara\AppData\Local\{B754518E-63D3-4313-85A3-C44AF6C3BEA5} 2012-07-14 04:45:34 -------- d-----w- C:\Users\Sara\AppData\Local\{FBDB1AFA-6326-45CD-8DFB-45E4D9358DF3} 2012-07-14 04:45:24 -------- d-----w- C:\Users\Sara\AppData\Local\{B617FC7D-976C-4FD1-A4B7-E17C8DCAEE6D} 2012-07-13 15:58:08 -------- d-----w- C:\Users\Sara\AppData\Local\{1C120FDC-075E-46AF-9DA1-A2D00E9A3A6E} 2012-07-13 15:57:57 -------- d-----w- C:\Users\Sara\AppData\Local\{C2958700-502A-4C18-9FA3-A5FA1DB12B19} 2012-07-12 12:23:05 -------- d-----w- C:\Users\Sara\AppData\Local\{72997D22-D5BB-48CB-8F52-2D0F45B9551B} 2012-07-12 12:22:55 -------- d-----w- C:\Users\Sara\AppData\Local\{A12A17AE-3972-4480-B74F-4944E58AA86F} 2012-07-12 08:08:51 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 18:04:21 -------- d-----w- C:\Users\Sara\AppData\Local\{77917A02-458E-4014-B301-5F60BF966079} 2012-07-11 18:04:10 -------- d-----w- C:\Users\Sara\AppData\Local\{FD0E399B-CAE2-4759-BC25-EA0CCB051E71} 2012-07-11 04:05:08 -------- d-----w- C:\Users\Sara\AppData\Local\{538424CD-A4BC-41A3-8BAC-4930CBD9DE8A} 2012-07-11 04:04:58 -------- d-----w- C:\Users\Sara\AppData\Local\{9813F948-775E-4ABF-B584-B2366D4694F8} 2012-07-11 04:04:48 -------- d-----w- C:\Users\Sara\AppData\Local\{193F5D9A-EC4F-4585-836F-29BDDAE2963B} 2012-07-11 04:04:39 -------- d-----w- C:\Users\Sara\AppData\Local\{65DE554B-377F-4E2A-932E-D896F83AB2DE} 2012-07-10 16:04:13 -------- d-----w- C:\Users\Sara\AppData\Local\{1E12A7E4-7F43-41A2-A780-2A6B0C7DD6A9} 2012-07-10 16:04:02 -------- d-----w- C:\Users\Sara\AppData\Local\{843A6550-F2E0-42EE-A0A0-A3E38AE07CEE} 2012-07-10 03:03:25 -------- d-----w- C:\Users\Sara\AppData\Local\{DC68B9A5-0D51-4B53-997C-AEE8E19EBC8D} 2012-07-10 03:03:14 -------- d-----w- C:\Users\Sara\AppData\Local\{1975ED80-5014-44B8-AB34-B9ABCBDCD108} 2012-07-09 15:02:49 -------- d-----w- C:\Users\Sara\AppData\Local\{BA78413B-E566-44B7-974D-772C11EFC0D2} 2012-07-09 15:02:38 -------- d-----w- C:\Users\Sara\AppData\Local\{31789416-A555-49E5-97ED-F8F15D885D02} 2012-07-09 03:02:14 -------- d-----w- C:\Users\Sara\AppData\Local\{872BC85E-D14A-4187-AA1A-8A66C7E719F2} 2012-07-09 03:02:03 -------- d-----w- C:\Users\Sara\AppData\Local\{C821CA4F-540D-417C-B99C-08DD2AA44BC5} 2012-07-09 03:01:34 -------- d-----w- C:\Users\Sara\AppData\Local\{7C56B39E-BCAC-4EF1-A4A1-5918BC63D214} 2012-07-09 03:01:24 -------- d-----w- C:\Users\Sara\AppData\Local\{503D5374-74AA-4CFA-A1E3-013CF6F56130} 2012-07-08 13:28:08 -------- d-----w- C:\Users\Sara\AppData\Local\{3F71C7DD-AE6A-493A-8205-B0F3C78331A8} 2012-07-08 13:27:57 -------- d-----w- C:\Users\Sara\AppData\Local\{EC6ECB1C-F941-4085-98D3-37824DDDDD7C} 2012-07-07 14:46:48 -------- d-----w- C:\Users\Sara\AppData\Local\{5D27EE36-259D-4A58-9F7A-FFDF4F18FD44} 2012-07-07 14:46:37 -------- d-----w- C:\Users\Sara\AppData\Local\{8269E605-50F8-4D47-B9E5-B91AC9C03534} 2012-07-06 15:50:25 -------- d-----w- C:\Users\Sara\AppData\Local\{BFCF14CD-06EF-4939-AFB7-BFD52C531165} 2012-07-06 15:50:15 -------- d-----w- C:\Users\Sara\AppData\Local\{A2877668-0B93-4E09-B06E-CEC64CEED829} 2012-07-06 01:49:54 -------- d-----w- C:\Users\Sara\AppData\Local\{4481BD06-B1EF-47F6-B744-0A60E3F254B3} 2012-07-06 01:49:42 -------- d-----w- C:\Users\Sara\AppData\Local\{AB0EF8B3-9F2C-43EB-8DE9-CD0493A53D35} 2012-07-05 13:11:06 -------- d-----w- C:\Users\Sara\AppData\Local\{1C737D3C-D2BB-4D30-90DF-45F1FD9E242F} 2012-07-05 13:10:56 -------- d-----w- C:\Users\Sara\AppData\Local\{B4D312C6-4837-43C3-82C8-EA572A9D710E} 2012-07-05 00:47:00 -------- d-----w- C:\Users\Sara\AppData\Local\{F8476180-53FC-4AAC-8FDD-E2F372F6B674} 2012-07-05 00:46:50 -------- d-----w- C:\Users\Sara\AppData\Local\{8AEC27F4-92B2-4B5B-8B2B-7BF890817C43} 2012-07-04 12:33:56 -------- d-----w- C:\Users\Sara\AppData\Local\{36094192-FA40-405B-A573-1CEC2952FAC9} 2012-07-04 12:33:45 -------- d-----w- C:\Users\Sara\AppData\Local\{95A0C8B3-6E45-42CC-B7F4-244C059C33E8} 2012-07-04 07:32:22 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-07-04 07:32:06 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-07-04 07:32:02 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-07-04 07:31:54 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-07-04 07:31:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-07-04 07:31:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll 2012-07-04 07:30:58 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-07-04 07:30:12 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2012-07-04 07:30:08 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll 2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe 2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll 2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll 2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll 2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-07-04 00:33:21 -------- d-----w- C:\Users\Sara\AppData\Local\{872769DF-1880-4A8B-A39C-5F50D5F0FF83} 2012-07-04 00:33:11 -------- d-----w- C:\Users\Sara\AppData\Local\{C11962BB-E315-4763-90A1-598AAE0B7165} 2012-07-03 12:32:46 -------- d-----w- C:\Users\Sara\AppData\Local\{601D5921-0CDA-4F8E-B1BA-987ECB56A733} 2012-07-03 12:32:35 -------- d-----w- C:\Users\Sara\AppData\Local\{D85F4635-EB06-4E1E-A637-C4D4A96889E4} 2012-07-02 20:07:05 -------- d-----w- C:\Users\Sara\AppData\Local\{584059B9-F1CF-46A1-AA78-A3CC9F97F0C0} 2012-07-02 20:06:54 -------- d-----w- C:\Users\Sara\AppData\Local\{77768300-7C70-4380-B292-B6D412171A45} 2012-07-02 05:42:40 -------- d-----w- C:\Users\Sara\AppData\Local\{54284725-398D-4509-B558-A8E3B198C12B} 2012-07-02 05:42:29 -------- d-----w- C:\Users\Sara\AppData\Local\{7826F1D1-8F28-4F4D-A319-63B0AC76A89C} 2012-07-01 17:14:26 -------- d-----w- C:\Users\Sara\AppData\Local\{0DCCA92B-AA9D-4B53-9A8D-BD223BD92981} 2012-07-01 17:14:15 -------- d-----w- C:\Users\Sara\AppData\Local\{764DE9D2-6D19-471C-A5CD-3E3C7ACC0BAD} 2012-07-01 02:54:39 -------- d-----w- C:\Users\Sara\AppData\Local\{5C146E8B-14AA-4D8F-B91F-3512175AF6B4} 2012-07-01 02:54:26 -------- d-----w- C:\Users\Sara\AppData\Local\{53143321-B642-40C2-BB50-9229E24019EE} 2012-06-30 14:54:01 -------- d-----w- C:\Users\Sara\AppData\Local\{15B529D2-BC9C-4076-BE2C-818F70098197} 2012-06-30 14:53:50 -------- d-----w- C:\Users\Sara\AppData\Local\{C84134B3-4DF3-4162-B08B-74679927F69A} 2012-06-30 02:53:24 -------- d-----w- C:\Users\Sara\AppData\Local\{9CCD17F3-C89D-4A00-BB48-F896C6059421} 2012-06-30 02:53:14 -------- d-----w- C:\Users\Sara\AppData\Local\{56E4FA0C-FDE4-4700-BAE2-2C9645108465} 2012-06-29 14:52:50 -------- d-----w- C:\Users\Sara\AppData\Local\{5257C3CF-A9A2-41CD-BA3A-912F1E8F24AC} 2012-06-29 14:52:39 -------- d-----w- C:\Users\Sara\AppData\Local\{0E267D62-B673-4112-94E0-BDBCB69FE3F2} 2012-06-29 01:29:13 -------- d-----w- C:\Users\Sara\AppData\Local\{082A2866-8461-4217-9CEB-B6FC1458591C} 2012-06-29 01:29:01 -------- d-----w- C:\Users\Sara\AppData\Local\{FB9739FA-1CB2-4563-A86D-78E4AB340CBE} 2012-06-28 13:28:36 -------- d-----w- C:\Users\Sara\AppData\Local\{E51B2C16-256A-408E-B4F5-47F1B2DA823B} 2012-06-28 13:28:25 -------- d-----w- C:\Users\Sara\AppData\Local\{C64ACD6D-4558-4871-848B-B3A3FE52B066} 2012-06-27 20:48:47 -------- d-----w- C:\Users\Sara\AppData\Local\{01224445-471D-4A8E-8D11-274082EA7594} 2012-06-27 20:48:37 -------- d-----w- C:\Users\Sara\AppData\Local\{C5B8999E-9A1C-4E8D-91C3-3F46B88D05B6} 2012-06-25 17:58:38 -------- d-----w- C:\Users\Sara\AppData\Local\{65FCB27D-6C0D-4243-A2FA-8A9BF1A761DA} 2012-06-24 18:00:11 -------- d-----w- C:\Users\Sara\AppData\Local\{45E284B4-8F6E-48C0-81F7-2CC11F7AC652} 2012-06-24 18:00:01 -------- d-----w- C:\Users\Sara\AppData\Local\{A26C9DAA-D517-44AF-BB1F-3D8240A83C59} 2012-06-24 03:51:43 -------- d-----w- C:\Users\Sara\AppData\Local\{2F7A95C3-15FA-49F5-9580-81735BC300E7} 2012-06-24 03:51:33 -------- d-----w- C:\Users\Sara\AppData\Local\{9799164E-5284-43F0-A471-25217397470B} 2012-06-22 03:36:05 -------- d-----w- C:\Users\Sara\AppData\Local\{92FDDA3A-1079-4278-8C48-3349E0089E70} 2012-06-22 03:35:55 -------- d-----w- C:\Users\Sara\AppData\Local\{3CDC4770-690C-481E-910A-224954F533F8} 2012-06-21 04:56:16 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2012-06-21 00:44:31 -------- d-----w- C:\Users\Sara\AppData\Local\{29DEE4F9-F4F8-4523-A85D-B4874C967A67} 2012-06-21 00:44:20 -------- d-----w- C:\Users\Sara\AppData\Local\{847E928B-B898-4585-ADA2-1313CFB0020D} 2012-06-21 00:20:13 -------- d-----w- C:\Users\Sara\AppData\Local\{98738CF4-3F11-4CDF-A53E-F1D98105F920} 2012-06-21 00:19:53 -------- d-----w- C:\Windows\en 2012-06-21 00:16:50 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2012-06-21 00:12:49 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll 2012-06-21 00:12:49 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll 2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll 2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll 2012-06-21 00:09:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DSETUP.dll 2012-06-21 00:09:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DXSETUP.exe 2012-06-21 00:09:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\dsetup32.dll 2012-06-21 00:09:12 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16740a301cd4f4204\MeshBetaRemover.exe 2012-06-21 00:08:51 -------- d-----w- C:\Users\Sara\AppData\Local\{6C4FDCCF-5F53-4AC4-B242-030A3A526D73} 2012-06-21 00:08:16 -------- d-----w- C:\Users\Sara\AppData\Local\{E26CAF40-A44D-4DE6-9713-FBE4915FCA51} 2012-06-21 00:08:05 -------- d-----w- C:\Users\Sara\AppData\Local\{6913831E-538D-4B53-8317-B17263EF45AE} 2012-06-20 23:31:40 -------- d-----w- C:\Users\Sara\AppData\Local\{EE887356-AB7A-41AD-B433-4878471C94D8} 2012-06-20 23:31:30 -------- d-----w- C:\Users\Sara\AppData\Local\{B1D969BF-4B07-4018-B4B8-622B363A6B04} 2012-06-20 19:09:37 -------- d-----w- C:\Users\Sara\AppData\Local\{91B7A935-CCDE-4C47-95D5-224836167B9D} 2012-06-20 19:09:26 -------- d-----w- C:\Users\Sara\AppData\Local\{9E2E8FBB-F652-4AA2-BB49-015B8E25D10A} 2012-06-20 13:49:46 -------- d-----w- C:\Users\Sara\AppData\Local\{4C83DF69-7A98-4E84-B892-E737748FE888} 2012-06-20 13:49:36 -------- d-----w- C:\Users\Sara\AppData\Local\{D0626347-24CD-4355-A317-E38A0808A32A} 2012-06-20 13:36:34 -------- d-----w- C:\Users\Sara\AppData\Local\{E0B7BBF2-CB10-4539-9432-7F5860FD4D88} 2012-06-20 13:36:24 -------- d-----w- C:\Users\Sara\AppData\Local\{20BA683C-20DF-4853-B161-C61D0855BC63} 2012-06-20 13:34:59 -------- d-----w- C:\Users\Sara\AppData\Local\{16804482-B561-4797-AF7C-E957620D602A} 2012-06-20 13:34:48 -------- d-----w- C:\Users\Sara\AppData\Local\{392F744E-D781-4438-8009-2E492AACA5E5} 2012-06-20 01:38:46 -------- d-----w- C:\Users\Sara\AppData\Local\{5B86E182-510D-4189-A4A8-B452FF9F7BA9} 2012-06-20 01:38:36 -------- d-----w- C:\Users\Sara\AppData\Local\{0C294998-962A-462C-8559-A363DBE8D1A8} 2012-06-20 00:31:12 -------- d-----w- C:\Users\Sara\AppData\Local\{50ECFA10-0D03-4BFD-BB42-2385D559EE95} 2012-06-20 00:30:51 -------- d-----w- C:\Users\Sara\AppData\Local\{8237D066-7B50-4272-AAF1-1705F134767B} 2012-06-19 12:27:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-19 12:26:51 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-19 12:26:31 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-19 12:26:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 00:42:02 -------- d-----w- C:\Users\Sara\AppData\Local\{309FAB49-3475-44B7-BCAA-019748069507} . ==================== Find3M ==================== . 2012-07-15 19:20:35 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll 2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll 2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-16 17:13:55 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-05-16 17:13:55 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-19 00:39:10 43008 ----a-w- C:\Windows\System32\kdbsdk64.dll 2012-04-19 00:39:10 28672 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll . ============= FINISH: 13:43:44.74 ===============</pre> <p> </p> <p>Attach File:</p> <p> </p> <pre> . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/8/2011 7:08:39 PM System Uptime: 7/17/2012 1:25:06 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | CM1630 Processor: AMD Phenom II X4 830 Processor | AM3 | 2800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 279 GiB total, 36.089 GiB free. D: is FIXED (NTFS) - 409 GiB total, 365.829 GiB free. E: is CDROM () F: is FIXED (NTFS) - 917 GiB total, 266.391 GiB free. G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Deskjet F4500 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Deskjet F4500 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Deskjet F4500 series Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Deskjet F4500 series PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . ==== System Restore Points =================== . RP125: 5/27/2012 10:00:41 AM - Windows Backup RP126: 6/3/2012 10:00:44 AM - Windows Backup RP127: 6/5/2012 12:48:22 AM - Windows Update RP128: 6/11/2012 12:07:04 AM - Windows Backup RP129: 6/13/2012 3:00:39 AM - Windows Update RP130: 6/17/2012 6:58:25 PM - Windows Backup RP131: 6/19/2012 7:25:54 AM - Windows Update RP132: 6/20/2012 7:09:30 PM - Windows Live Essentials RP133: 6/20/2012 7:10:40 PM - Windows Update RP134: 6/20/2012 7:11:58 PM - Windows Update RP135: 6/20/2012 7:13:10 PM - Installed DirectX RP136: 6/20/2012 7:14:14 PM - Installed DirectX RP137: 6/20/2012 7:15:48 PM - WLSetup RP138: 6/20/2012 11:52:29 PM - Windows Update RP139: 6/22/2012 12:19:48 AM - Windows Update RP140: 6/24/2012 10:00:40 AM - Windows Backup RP141: 7/1/2012 10:00:41 AM - Windows Backup RP142: 7/8/2012 10:00:41 AM - Windows Backup RP143: 7/12/2012 3:01:00 AM - Windows Update RP144: 7/15/2012 10:00:38 AM - Windows Backup RP145: 7/15/2012 2:19:28 PM - Installed Java 6 Update 33 RP146: 7/16/2012 7:16:06 AM - Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Community Help Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Photoshop Elements 9 Adobe Photoshop.com Inspiration Browser Adobe Premiere Elements 9 Adobe Premiere Elements 9 Content Adobe Premiere Elements 9 Content 1 Adobe Premiere Elements 9 Content 2 Adobe Premiere Elements 9 Content 3 Adobe Premiere Elements 9 HD Content 1 Adobe Premiere Elements 9 HD Content 2 Adobe Premiere Elements 9 HD Content 3 Adobe Reader X (10.1.3) AMD VISION Engine Control Center Apple Application Support Apple Software Update AVerMedia C038 USB Capture Card 2.0.64.124 Azurewave Wireless LAN Card Bing Bar BufferChm CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.8 Canon Utilities EOS Utility Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities WFT Utility Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system Copy Core FTP LE 2.1 Coupon Printer for Windows D3DX10 DesignPro 5 Destinations DeviceDiscovery DHTML Menu Builder LITE 4.20 DJ_AIO_06_F4500_SW_MIN Elements 9 Organizer Elements STI Installer F4500 Family Tree Maker Firebird SQL Server - MAGIX Edition GIMP 2.6.7 Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 HP Photo Creations HP Update HPPhotoGadget HPProductAssistant HPSSupply iCamSource iClone v4.2 EX J2SE Runtime Environment 5.0 Jalbum Java Auto Updater Java 6 Update 33 Junk Mail filter update Logitech Vid HD MAGIX Movie Edit Pro 17 Plus MAGIX Screenshare MAGIX Speed burnR (MSI) Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch Memorex exPressit Label Design Studio Mesh Runtime Microsoft Expression Web 2 Microsoft Expression Web 2 MUI (English) Microsoft Money 99 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Live Add-in 1.3 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Picture It! Photo 2001 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft UI Engine Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox (3.5.8) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Stereoscopic 3D Driver OpenOffice.org 3.1 PE-DESIGN Ver.6 PhotoScape Player PrimoPDF -- by Nitro PDF Software proDAD Heroglyph 2.5 QuickTime Ralink RT2860 Wireless LAN Card RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek 8136 8168 8169 Ethernet Driver Realtek High Definition Audio Driver RealUpgrade 1.1 Scan Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office system 2007 (KB974234) Segoe UI Shockwave Skype Toolbars Skype™ 5.5 SmartSound Quicktracks for Premiere Elements 9.0 SmartWebPrinting SolutionCenter Status The Logo Creator v5.2 Toolbox TrayApp Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Expression Web 2 (KB957827) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Script Editor Help (KB963671) Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Detect Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 7/17/2012 1:32:07 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 7/17/2012 1:26:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/16/2012 3:32:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 7/16/2012 3:07:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 7/16/2012 3:07:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 7/16/2012 3:06:27 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/16/2012 3:04:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/16/2012 3:04:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/16/2012 3:04:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/16/2012 3:04:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/16/2012 3:04:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/16/2012 3:04:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6 7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. . ==== End Of File ===========================</pre>
  5. beavhope
    Hi Maniac, I appreciate the quick response. I ran Chamellion and forgot I had disabled the network adapter so it didn't update. The database was a few days old. I dealt with the items found in the scan and rebooted. When the system came back up I got the Live Platinum popup and an AVG threat warning. I ran the follow up Malwarebytes scan and it returned 8 Lameshield entries. (Still have the Live Premium logo on the start menu.) This is the log from the Chamellion scan: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.15.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Sara :: ASUS [administrator] 7/17/2012 6:45:37 AM mbam-log-2012-07-17 (06-45-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231164 Time elapsed: 20 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.Lameshield) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|7531E8D900098AE70000D6AC4F147CE7 (Trojan.Lameshield) -> Data: C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7\7531E8D900098AE70000D6AC4F147CE7.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7\7531E8D900098AE70000D6AC4F147CE7.exe (Trojan.Lameshield) -> Quarantined and deleted successfully. C:\Users\Sara\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully. (end) This is the scan after reboot: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.15.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Sara :: ASUS [administrator] 7/17/2012 7:19:50 AM mbam-log-2012-07-17 (07-19-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231939 Time elapsed: 11 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 8 C:\Users\Sara\Local Settings\pmekmeju.exe (Trojan.Lameshield) -> Quarantined and deleted successfully. C:\Users\Sara\Local Settings\vduaonqq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully. C:\Users\Sara\Local Settings\Application Data\pmekmeju.exe (Trojan.Lameshield) -> Quarantined and deleted successfully. C:\Users\Sara\Local Settings\Application Data\vduaonqq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully. C:\Users\Sara\Local Settings\Temporary Internet Files\Content.IE5\1IRBW8UE\3[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully. C:\Users\Sara\Local Settings\Temporary Internet Files\Content.IE5\92BI1HPU\3[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully. C:\Users\Sara\Local Settings\Temporary Internet Files\Content.IE5\EX9GIU86\3[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully. C:\Users\Sara\Local Settings\Temporary Internet Files\Content.IE5\U5G7TBF2\3[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully. (end) And the DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33 Run by Sara at 8:01:20 on 2012-07-17 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3858 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG10\avgchsva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgemca.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE svchost.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\PROGRA~2\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe svchost.exe C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://att.my.yahoo.com/ uInternet Settings,ProxyOverride = <local> uURLSearchHooks: H - No File uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll mURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Google Update] "C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [Reminder] C:\Program Files (x86)\Microsoft Money\System\reminder.exe uRun: [qpoldxhl] "C:\Users\Sara\AppData\Local\ocgfaird.exe" mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml StartupFolder: C:\Users\Sara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 205.152.150.23 TCP: Interfaces\{78D9DFA9-5386-4DB3-870B-618C3135BF2A} : DhcpNameServer = 192.168.0.1 205.152.150.23 TCP: Interfaces\{C143592C-058E-4235-80CD-E44433F6309B} : DhcpNameServer = 192.168.0.1 205.152.150.23 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun-x64: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\fqjoyoq8.default\ FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3b184843-5d42-46a0-8b97-b21bab08da36%7D&mid=19ff6163de629b4225c61949b692bf72-9198bf7217863c0dde19be5c2ffe30aefa6055b0&ds=AVG&v=10.2.0.3〈=us&pr=fr&d=2011-12-12%2008%3A31%3A13&sap=ku&q= FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npoji610.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Sara\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984] R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520] R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-6-10 232960] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176] S3 AVerFx2hbtv64;AVerMedia C038 USB Capture Card;C:\Windows\system32\drivers\AVerFx2hbtv64.sys --> C:\Windows\system32\drivers\AVerFx2hbtv64.sys [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-7 167264] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-17 12:55:31 -------- d-----w- C:\Users\Sara\AppData\Local\{4CE40726-3B96-48CE-A593-2F7F0F178436} 2012-07-17 12:55:20 -------- d-----w- C:\Users\Sara\AppData\Local\{8DA62B74-19D7-44B9-B780-935003FF3715} 2012-07-17 12:28:41 413696 ----a-w- C:\Users\Sara\AppData\Local\uebgxbsa.exe 2012-07-17 12:26:36 409600 ----a-w- C:\Users\Sara\AppData\Local\xvtphaqj.exe 2012-07-16 14:30:43 -------- d-----w- C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7 2012-07-16 12:21:14 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-07-16 12:21:11 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-07-16 12:13:01 -------- d-----w- C:\AMD 2012-07-16 03:41:24 -------- d-----w- C:\Users\Sara\AppData\Local\{CCADBCF8-3D91-4330-91EC-0B0D19D6F120} 2012-07-16 03:41:13 -------- d-----w- C:\Users\Sara\AppData\Local\{32E133F1-23B7-499E-AE37-E202CFBCC82F} 2012-07-15 23:02:43 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE 2012-07-15 19:20:45 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-07-15 16:47:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2012-07-15 16:47:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-15 16:47:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-15 14:22:44 -------- d-----w- C:\Users\Sara\AppData\Local\{52E43F87-CA20-4E7F-812C-4BEB75343430} 2012-07-15 14:22:33 -------- d-----w- C:\Users\Sara\AppData\Local\{D75AF7B4-29A4-412E-8D67-3C6BD88E9E96} 2012-07-15 13:17:30 -------- d-----w- C:\Users\Sara\AppData\Local\{E47B790A-F14F-4130-874A-1D770C065414} 2012-07-14 20:05:21 61952 ----a-w- C:\Users\Sara\AppData\Local\ocgfaird.exe 2012-07-14 20:01:00 -------- d-----w- C:\Users\Sara\AppData\Local\{E2BFCECF-6C7E-4E2F-9F14-7AB84A0619D2} 2012-07-14 20:00:50 -------- d-----w- C:\Users\Sara\AppData\Local\{82942619-D514-4494-BD08-9799185E3F43} 2012-07-14 16:58:58 -------- d-----w- C:\Users\Sara\AppData\Local\{B754518E-63D3-4313-85A3-C44AF6C3BEA5} 2012-07-14 04:45:34 -------- d-----w- C:\Users\Sara\AppData\Local\{FBDB1AFA-6326-45CD-8DFB-45E4D9358DF3} 2012-07-14 04:45:24 -------- d-----w- C:\Users\Sara\AppData\Local\{B617FC7D-976C-4FD1-A4B7-E17C8DCAEE6D} 2012-07-13 15:58:08 -------- d-----w- C:\Users\Sara\AppData\Local\{1C120FDC-075E-46AF-9DA1-A2D00E9A3A6E} 2012-07-13 15:57:57 -------- d-----w- C:\Users\Sara\AppData\Local\{C2958700-502A-4C18-9FA3-A5FA1DB12B19} 2012-07-12 12:23:05 -------- d-----w- C:\Users\Sara\AppData\Local\{72997D22-D5BB-48CB-8F52-2D0F45B9551B} 2012-07-12 12:22:55 -------- d-----w- C:\Users\Sara\AppData\Local\{A12A17AE-3972-4480-B74F-4944E58AA86F} 2012-07-12 08:08:51 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 18:04:21 -------- d-----w- C:\Users\Sara\AppData\Local\{77917A02-458E-4014-B301-5F60BF966079} 2012-07-11 18:04:10 -------- d-----w- C:\Users\Sara\AppData\Local\{FD0E399B-CAE2-4759-BC25-EA0CCB051E71} 2012-07-11 04:05:08 -------- d-----w- C:\Users\Sara\AppData\Local\{538424CD-A4BC-41A3-8BAC-4930CBD9DE8A} 2012-07-11 04:04:58 -------- d-----w- C:\Users\Sara\AppData\Local\{9813F948-775E-4ABF-B584-B2366D4694F8} 2012-07-11 04:04:48 -------- d-----w- C:\Users\Sara\AppData\Local\{193F5D9A-EC4F-4585-836F-29BDDAE2963B} 2012-07-11 04:04:39 -------- d-----w- C:\Users\Sara\AppData\Local\{65DE554B-377F-4E2A-932E-D896F83AB2DE} 2012-07-10 16:04:13 -------- d-----w- C:\Users\Sara\AppData\Local\{1E12A7E4-7F43-41A2-A780-2A6B0C7DD6A9} 2012-07-10 16:04:02 -------- d-----w- C:\Users\Sara\AppData\Local\{843A6550-F2E0-42EE-A0A0-A3E38AE07CEE} 2012-07-10 03:03:25 -------- d-----w- C:\Users\Sara\AppData\Local\{DC68B9A5-0D51-4B53-997C-AEE8E19EBC8D} 2012-07-10 03:03:14 -------- d-----w- C:\Users\Sara\AppData\Local\{1975ED80-5014-44B8-AB34-B9ABCBDCD108} 2012-07-09 15:02:49 -------- d-----w- C:\Users\Sara\AppData\Local\{BA78413B-E566-44B7-974D-772C11EFC0D2} 2012-07-09 15:02:38 -------- d-----w- C:\Users\Sara\AppData\Local\{31789416-A555-49E5-97ED-F8F15D885D02} 2012-07-09 03:02:14 -------- d-----w- C:\Users\Sara\AppData\Local\{872BC85E-D14A-4187-AA1A-8A66C7E719F2} 2012-07-09 03:02:03 -------- d-----w- C:\Users\Sara\AppData\Local\{C821CA4F-540D-417C-B99C-08DD2AA44BC5} 2012-07-09 03:01:34 -------- d-----w- C:\Users\Sara\AppData\Local\{7C56B39E-BCAC-4EF1-A4A1-5918BC63D214} 2012-07-09 03:01:24 -------- d-----w- C:\Users\Sara\AppData\Local\{503D5374-74AA-4CFA-A1E3-013CF6F56130} 2012-07-08 13:28:08 -------- d-----w- C:\Users\Sara\AppData\Local\{3F71C7DD-AE6A-493A-8205-B0F3C78331A8} 2012-07-08 13:27:57 -------- d-----w- C:\Users\Sara\AppData\Local\{EC6ECB1C-F941-4085-98D3-37824DDDDD7C} 2012-07-07 14:46:48 -------- d-----w- C:\Users\Sara\AppData\Local\{5D27EE36-259D-4A58-9F7A-FFDF4F18FD44} 2012-07-07 14:46:37 -------- d-----w- C:\Users\Sara\AppData\Local\{8269E605-50F8-4D47-B9E5-B91AC9C03534} 2012-07-06 15:50:25 -------- d-----w- C:\Users\Sara\AppData\Local\{BFCF14CD-06EF-4939-AFB7-BFD52C531165} 2012-07-06 15:50:15 -------- d-----w- C:\Users\Sara\AppData\Local\{A2877668-0B93-4E09-B06E-CEC64CEED829} 2012-07-06 01:49:54 -------- d-----w- C:\Users\Sara\AppData\Local\{4481BD06-B1EF-47F6-B744-0A60E3F254B3} 2012-07-06 01:49:42 -------- d-----w- C:\Users\Sara\AppData\Local\{AB0EF8B3-9F2C-43EB-8DE9-CD0493A53D35} 2012-07-05 13:11:06 -------- d-----w- C:\Users\Sara\AppData\Local\{1C737D3C-D2BB-4D30-90DF-45F1FD9E242F} 2012-07-05 13:10:56 -------- d-----w- C:\Users\Sara\AppData\Local\{B4D312C6-4837-43C3-82C8-EA572A9D710E} 2012-07-05 00:47:00 -------- d-----w- C:\Users\Sara\AppData\Local\{F8476180-53FC-4AAC-8FDD-E2F372F6B674} 2012-07-05 00:46:50 -------- d-----w- C:\Users\Sara\AppData\Local\{8AEC27F4-92B2-4B5B-8B2B-7BF890817C43} 2012-07-04 12:33:56 -------- d-----w- C:\Users\Sara\AppData\Local\{36094192-FA40-405B-A573-1CEC2952FAC9} 2012-07-04 12:33:45 -------- d-----w- C:\Users\Sara\AppData\Local\{95A0C8B3-6E45-42CC-B7F4-244C059C33E8} 2012-07-04 07:32:22 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-07-04 07:32:06 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-07-04 07:32:02 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-07-04 07:31:54 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-07-04 07:31:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-07-04 07:31:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll 2012-07-04 07:30:58 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-07-04 07:30:12 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2012-07-04 07:30:08 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll 2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe 2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll 2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll 2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll 2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-07-04 00:33:21 -------- d-----w- C:\Users\Sara\AppData\Local\{872769DF-1880-4A8B-A39C-5F50D5F0FF83} 2012-07-04 00:33:11 -------- d-----w- C:\Users\Sara\AppData\Local\{C11962BB-E315-4763-90A1-598AAE0B7165} 2012-07-03 12:32:46 -------- d-----w- C:\Users\Sara\AppData\Local\{601D5921-0CDA-4F8E-B1BA-987ECB56A733} 2012-07-03 12:32:35 -------- d-----w- C:\Users\Sara\AppData\Local\{D85F4635-EB06-4E1E-A637-C4D4A96889E4} 2012-07-02 20:07:05 -------- d-----w- C:\Users\Sara\AppData\Local\{584059B9-F1CF-46A1-AA78-A3CC9F97F0C0} 2012-07-02 20:06:54 -------- d-----w- C:\Users\Sara\AppData\Local\{77768300-7C70-4380-B292-B6D412171A45} 2012-07-02 05:42:40 -------- d-----w- C:\Users\Sara\AppData\Local\{54284725-398D-4509-B558-A8E3B198C12B} 2012-07-02 05:42:29 -------- d-----w- C:\Users\Sara\AppData\Local\{7826F1D1-8F28-4F4D-A319-63B0AC76A89C} 2012-07-01 17:14:26 -------- d-----w- C:\Users\Sara\AppData\Local\{0DCCA92B-AA9D-4B53-9A8D-BD223BD92981} 2012-07-01 17:14:15 -------- d-----w- C:\Users\Sara\AppData\Local\{764DE9D2-6D19-471C-A5CD-3E3C7ACC0BAD} 2012-07-01 02:54:39 -------- d-----w- C:\Users\Sara\AppData\Local\{5C146E8B-14AA-4D8F-B91F-3512175AF6B4} 2012-07-01 02:54:26 -------- d-----w- C:\Users\Sara\AppData\Local\{53143321-B642-40C2-BB50-9229E24019EE} 2012-06-30 14:54:01 -------- d-----w- C:\Users\Sara\AppData\Local\{15B529D2-BC9C-4076-BE2C-818F70098197} 2012-06-30 14:53:50 -------- d-----w- C:\Users\Sara\AppData\Local\{C84134B3-4DF3-4162-B08B-74679927F69A} 2012-06-30 02:53:24 -------- d-----w- C:\Users\Sara\AppData\Local\{9CCD17F3-C89D-4A00-BB48-F896C6059421} 2012-06-30 02:53:14 -------- d-----w- C:\Users\Sara\AppData\Local\{56E4FA0C-FDE4-4700-BAE2-2C9645108465} 2012-06-29 14:52:50 -------- d-----w- C:\Users\Sara\AppData\Local\{5257C3CF-A9A2-41CD-BA3A-912F1E8F24AC} 2012-06-29 14:52:39 -------- d-----w- C:\Users\Sara\AppData\Local\{0E267D62-B673-4112-94E0-BDBCB69FE3F2} 2012-06-29 01:29:13 -------- d-----w- C:\Users\Sara\AppData\Local\{082A2866-8461-4217-9CEB-B6FC1458591C} 2012-06-29 01:29:01 -------- d-----w- C:\Users\Sara\AppData\Local\{FB9739FA-1CB2-4563-A86D-78E4AB340CBE} 2012-06-28 13:28:36 -------- d-----w- C:\Users\Sara\AppData\Local\{E51B2C16-256A-408E-B4F5-47F1B2DA823B} 2012-06-28 13:28:25 -------- d-----w- C:\Users\Sara\AppData\Local\{C64ACD6D-4558-4871-848B-B3A3FE52B066} 2012-06-27 20:48:47 -------- d-----w- C:\Users\Sara\AppData\Local\{01224445-471D-4A8E-8D11-274082EA7594} 2012-06-27 20:48:37 -------- d-----w- C:\Users\Sara\AppData\Local\{C5B8999E-9A1C-4E8D-91C3-3F46B88D05B6} 2012-06-25 17:58:38 -------- d-----w- C:\Users\Sara\AppData\Local\{65FCB27D-6C0D-4243-A2FA-8A9BF1A761DA} 2012-06-24 18:00:11 -------- d-----w- C:\Users\Sara\AppData\Local\{45E284B4-8F6E-48C0-81F7-2CC11F7AC652} 2012-06-24 18:00:01 -------- d-----w- C:\Users\Sara\AppData\Local\{A26C9DAA-D517-44AF-BB1F-3D8240A83C59} 2012-06-24 03:51:43 -------- d-----w- C:\Users\Sara\AppData\Local\{2F7A95C3-15FA-49F5-9580-81735BC300E7} 2012-06-24 03:51:33 -------- d-----w- C:\Users\Sara\AppData\Local\{9799164E-5284-43F0-A471-25217397470B} 2012-06-22 03:36:05 -------- d-----w- C:\Users\Sara\AppData\Local\{92FDDA3A-1079-4278-8C48-3349E0089E70} 2012-06-22 03:35:55 -------- d-----w- C:\Users\Sara\AppData\Local\{3CDC4770-690C-481E-910A-224954F533F8} 2012-06-21 04:56:16 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2012-06-21 00:44:31 -------- d-----w- C:\Users\Sara\AppData\Local\{29DEE4F9-F4F8-4523-A85D-B4874C967A67} 2012-06-21 00:44:20 -------- d-----w- C:\Users\Sara\AppData\Local\{847E928B-B898-4585-ADA2-1313CFB0020D} 2012-06-21 00:20:13 -------- d-----w- C:\Users\Sara\AppData\Local\{98738CF4-3F11-4CDF-A53E-F1D98105F920} 2012-06-21 00:19:53 -------- d-----w- C:\Windows\en 2012-06-21 00:16:50 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2012-06-21 00:12:49 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll 2012-06-21 00:12:49 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll 2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll 2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll 2012-06-21 00:09:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DSETUP.dll 2012-06-21 00:09:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DXSETUP.exe 2012-06-21 00:09:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\dsetup32.dll 2012-06-21 00:09:12 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16740a301cd4f4204\MeshBetaRemover.exe 2012-06-21 00:08:51 -------- d-----w- C:\Users\Sara\AppData\Local\{6C4FDCCF-5F53-4AC4-B242-030A3A526D73} 2012-06-21 00:08:16 -------- d-----w- C:\Users\Sara\AppData\Local\{E26CAF40-A44D-4DE6-9713-FBE4915FCA51} 2012-06-21 00:08:05 -------- d-----w- C:\Users\Sara\AppData\Local\{6913831E-538D-4B53-8317-B17263EF45AE} 2012-06-20 23:31:40 -------- d-----w- C:\Users\Sara\AppData\Local\{EE887356-AB7A-41AD-B433-4878471C94D8} 2012-06-20 23:31:30 -------- d-----w- C:\Users\Sara\AppData\Local\{B1D969BF-4B07-4018-B4B8-622B363A6B04} 2012-06-20 19:09:37 -------- d-----w- C:\Users\Sara\AppData\Local\{91B7A935-CCDE-4C47-95D5-224836167B9D} 2012-06-20 19:09:26 -------- d-----w- C:\Users\Sara\AppData\Local\{9E2E8FBB-F652-4AA2-BB49-015B8E25D10A} 2012-06-20 13:49:46 -------- d-----w- C:\Users\Sara\AppData\Local\{4C83DF69-7A98-4E84-B892-E737748FE888} 2012-06-20 13:49:36 -------- d-----w- C:\Users\Sara\AppData\Local\{D0626347-24CD-4355-A317-E38A0808A32A} 2012-06-20 13:36:34 -------- d-----w- C:\Users\Sara\AppData\Local\{E0B7BBF2-CB10-4539-9432-7F5860FD4D88} 2012-06-20 13:36:24 -------- d-----w- C:\Users\Sara\AppData\Local\{20BA683C-20DF-4853-B161-C61D0855BC63} 2012-06-20 13:34:59 -------- d-----w- C:\Users\Sara\AppData\Local\{16804482-B561-4797-AF7C-E957620D602A} 2012-06-20 13:34:48 -------- d-----w- C:\Users\Sara\AppData\Local\{392F744E-D781-4438-8009-2E492AACA5E5} 2012-06-20 01:38:46 -------- d-----w- C:\Users\Sara\AppData\Local\{5B86E182-510D-4189-A4A8-B452FF9F7BA9} 2012-06-20 01:38:36 -------- d-----w- C:\Users\Sara\AppData\Local\{0C294998-962A-462C-8559-A363DBE8D1A8} 2012-06-20 00:31:12 -------- d-----w- C:\Users\Sara\AppData\Local\{50ECFA10-0D03-4BFD-BB42-2385D559EE95} 2012-06-20 00:30:51 -------- d-----w- C:\Users\Sara\AppData\Local\{8237D066-7B50-4272-AAF1-1705F134767B} 2012-06-19 12:27:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-19 12:26:51 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-19 12:26:31 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-19 12:26:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 00:42:02 -------- d-----w- C:\Users\Sara\AppData\Local\{309FAB49-3475-44B7-BCAA-019748069507} . ==================== Find3M ==================== . 2012-07-15 19:20:35 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll 2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll 2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-16 17:13:55 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-05-16 17:13:55 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-19 00:39:10 43008 ----a-w- C:\Windows\System32\kdbsdk64.dll 2012-04-19 00:39:10 28672 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll . ============= FINISH: 8:02:04.93 ===============
  6. beavhope
    We received the USPS email, but neither my wife nor I opened it, (just saw it in preview). We got AVG threat warnings about lameshield-cleaned with AVG, got another alert- opened Malwarebytes and cleaned up. Now Live Security Platinum has installed itself and we have a mess. Help! DDS and Attach files attached. Attach.txt DDS.txt
  7. beavhope
    Hit enter before I was finished. Here are my logs. . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33 Run by Sara at 10:11:19 on 2012-07-16 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.5207 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Windows\helppane.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://att.my.yahoo.com/ uInternet Settings,ProxyOverride = <local> uURLSearchHooks: H - No File uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll mURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Google Update] "C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [Reminder] C:\Program Files (x86)\Microsoft Money\System\reminder.exe uRun: [qpoldxhl] "C:\Users\Sara\AppData\Local\ocgfaird.exe" uRunOnce: [7531E8D900098AE70000D6AC4F147CE7] C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7\7531E8D900098AE70000D6AC4F147CE7.exe mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml StartupFolder: C:\Users\Sara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 205.152.150.23 TCP: Interfaces\{78D9DFA9-5386-4DB3-870B-618C3135BF2A} : DhcpNameServer = 192.168.0.1 205.152.150.23 TCP: Interfaces\{C143592C-058E-4235-80CD-E44433F6309B} : DhcpNameServer = 192.168.0.1 205.152.150.23 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun-x64: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\fqjoyoq8.default\ FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3b184843-5d42-46a0-8b97-b21bab08da36%7D&mid=19ff6163de629b4225c61949b692bf72-9198bf7217863c0dde19be5c2ffe30aefa6055b0&ds=AVG&v=10.2.0.3〈=us&pr=fr&d=2011-12-12%2008%3A31%3A13&sap=ku&q= FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npoji610.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Sara\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984] S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072] S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176] S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-6-10 232960] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] S3 AVerFx2hbtv64;AVerMedia C038 USB Capture Card;C:\Windows\system32\drivers\AVerFx2hbtv64.sys --> C:\Windows\system32\drivers\AVerFx2hbtv64.sys [?] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-7 167264] S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176] S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?] S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-16 14:30:43 -------- d-----w- C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7 2012-07-16 12:21:14 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-07-16 12:21:11 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-07-16 12:13:01 -------- d-----w- C:\AMD 2012-07-16 03:41:24 -------- d-----w- C:\Users\Sara\AppData\Local\{CCADBCF8-3D91-4330-91EC-0B0D19D6F120} 2012-07-16 03:41:13 -------- d-----w- C:\Users\Sara\AppData\Local\{32E133F1-23B7-499E-AE37-E202CFBCC82F} 2012-07-15 23:02:43 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE 2012-07-15 19:20:45 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-07-15 16:47:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2012-07-15 16:47:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-15 16:47:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-15 14:22:44 -------- d-----w- C:\Users\Sara\AppData\Local\{52E43F87-CA20-4E7F-812C-4BEB75343430} 2012-07-15 14:22:33 -------- d-----w- C:\Users\Sara\AppData\Local\{D75AF7B4-29A4-412E-8D67-3C6BD88E9E96} 2012-07-15 13:17:30 -------- d-----w- C:\Users\Sara\AppData\Local\{E47B790A-F14F-4130-874A-1D770C065414} 2012-07-14 20:05:21 61952 ----a-w- C:\Users\Sara\AppData\Local\ocgfaird.exe 2012-07-14 20:01:00 -------- d-----w- C:\Users\Sara\AppData\Local\{E2BFCECF-6C7E-4E2F-9F14-7AB84A0619D2} 2012-07-14 20:00:50 -------- d-----w- C:\Users\Sara\AppData\Local\{82942619-D514-4494-BD08-9799185E3F43} 2012-07-14 16:58:58 -------- d-----w- C:\Users\Sara\AppData\Local\{B754518E-63D3-4313-85A3-C44AF6C3BEA5} 2012-07-14 04:45:34 -------- d-----w- C:\Users\Sara\AppData\Local\{FBDB1AFA-6326-45CD-8DFB-45E4D9358DF3} 2012-07-14 04:45:24 -------- d-----w- C:\Users\Sara\AppData\Local\{B617FC7D-976C-4FD1-A4B7-E17C8DCAEE6D} 2012-07-13 15:58:08 -------- d-----w- C:\Users\Sara\AppData\Local\{1C120FDC-075E-46AF-9DA1-A2D00E9A3A6E} 2012-07-13 15:57:57 -------- d-----w- C:\Users\Sara\AppData\Local\{C2958700-502A-4C18-9FA3-A5FA1DB12B19} 2012-07-12 12:23:05 -------- d-----w- C:\Users\Sara\AppData\Local\{72997D22-D5BB-48CB-8F52-2D0F45B9551B} 2012-07-12 12:22:55 -------- d-----w- C:\Users\Sara\AppData\Local\{A12A17AE-3972-4480-B74F-4944E58AA86F} 2012-07-12 08:08:51 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 18:04:21 -------- d-----w- C:\Users\Sara\AppData\Local\{77917A02-458E-4014-B301-5F60BF966079} 2012-07-11 18:04:10 -------- d-----w- C:\Users\Sara\AppData\Local\{FD0E399B-CAE2-4759-BC25-EA0CCB051E71} 2012-07-11 04:05:08 -------- d-----w- C:\Users\Sara\AppData\Local\{538424CD-A4BC-41A3-8BAC-4930CBD9DE8A} 2012-07-11 04:04:58 -------- d-----w- C:\Users\Sara\AppData\Local\{9813F948-775E-4ABF-B584-B2366D4694F8} 2012-07-11 04:04:48 -------- d-----w- C:\Users\Sara\AppData\Local\{193F5D9A-EC4F-4585-836F-29BDDAE2963B} 2012-07-11 04:04:39 -------- d-----w- C:\Users\Sara\AppData\Local\{65DE554B-377F-4E2A-932E-D896F83AB2DE} 2012-07-10 16:04:13 -------- d-----w- C:\Users\Sara\AppData\Local\{1E12A7E4-7F43-41A2-A780-2A6B0C7DD6A9} 2012-07-10 16:04:02 -------- d-----w- C:\Users\Sara\AppData\Local\{843A6550-F2E0-42EE-A0A0-A3E38AE07CEE} 2012-07-10 03:03:25 -------- d-----w- C:\Users\Sara\AppData\Local\{DC68B9A5-0D51-4B53-997C-AEE8E19EBC8D} 2012-07-10 03:03:14 -------- d-----w- C:\Users\Sara\AppData\Local\{1975ED80-5014-44B8-AB34-B9ABCBDCD108} 2012-07-09 15:02:49 -------- d-----w- C:\Users\Sara\AppData\Local\{BA78413B-E566-44B7-974D-772C11EFC0D2} 2012-07-09 15:02:38 -------- d-----w- C:\Users\Sara\AppData\Local\{31789416-A555-49E5-97ED-F8F15D885D02} 2012-07-09 03:02:14 -------- d-----w- C:\Users\Sara\AppData\Local\{872BC85E-D14A-4187-AA1A-8A66C7E719F2} 2012-07-09 03:02:03 -------- d-----w- C:\Users\Sara\AppData\Local\{C821CA4F-540D-417C-B99C-08DD2AA44BC5} 2012-07-09 03:01:34 -------- d-----w- C:\Users\Sara\AppData\Local\{7C56B39E-BCAC-4EF1-A4A1-5918BC63D214} 2012-07-09 03:01:24 -------- d-----w- C:\Users\Sara\AppData\Local\{503D5374-74AA-4CFA-A1E3-013CF6F56130} 2012-07-08 13:28:08 -------- d-----w- C:\Users\Sara\AppData\Local\{3F71C7DD-AE6A-493A-8205-B0F3C78331A8} 2012-07-08 13:27:57 -------- d-----w- C:\Users\Sara\AppData\Local\{EC6ECB1C-F941-4085-98D3-37824DDDDD7C} 2012-07-07 14:46:48 -------- d-----w- C:\Users\Sara\AppData\Local\{5D27EE36-259D-4A58-9F7A-FFDF4F18FD44} 2012-07-07 14:46:37 -------- d-----w- C:\Users\Sara\AppData\Local\{8269E605-50F8-4D47-B9E5-B91AC9C03534} 2012-07-06 15:50:25 -------- d-----w- C:\Users\Sara\AppData\Local\{BFCF14CD-06EF-4939-AFB7-BFD52C531165} 2012-07-06 15:50:15 -------- d-----w- C:\Users\Sara\AppData\Local\{A2877668-0B93-4E09-B06E-CEC64CEED829} 2012-07-06 01:49:54 -------- d-----w- C:\Users\Sara\AppData\Local\{4481BD06-B1EF-47F6-B744-0A60E3F254B3} 2012-07-06 01:49:42 -------- d-----w- C:\Users\Sara\AppData\Local\{AB0EF8B3-9F2C-43EB-8DE9-CD0493A53D35} 2012-07-05 13:11:06 -------- d-----w- C:\Users\Sara\AppData\Local\{1C737D3C-D2BB-4D30-90DF-45F1FD9E242F} 2012-07-05 13:10:56 -------- d-----w- C:\Users\Sara\AppData\Local\{B4D312C6-4837-43C3-82C8-EA572A9D710E} 2012-07-05 00:47:00 -------- d-----w- C:\Users\Sara\AppData\Local\{F8476180-53FC-4AAC-8FDD-E2F372F6B674} 2012-07-05 00:46:50 -------- d-----w- C:\Users\Sara\AppData\Local\{8AEC27F4-92B2-4B5B-8B2B-7BF890817C43} 2012-07-04 12:33:56 -------- d-----w- C:\Users\Sara\AppData\Local\{36094192-FA40-405B-A573-1CEC2952FAC9} 2012-07-04 12:33:45 -------- d-----w- C:\Users\Sara\AppData\Local\{95A0C8B3-6E45-42CC-B7F4-244C059C33E8} 2012-07-04 07:32:22 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-07-04 07:32:06 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-07-04 07:32:02 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-07-04 07:31:54 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-07-04 07:31:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-07-04 07:31:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll 2012-07-04 07:30:58 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-07-04 07:30:12 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2012-07-04 07:30:08 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll 2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe 2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll 2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll 2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll 2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-07-04 00:33:21 -------- d-----w- C:\Users\Sara\AppData\Local\{872769DF-1880-4A8B-A39C-5F50D5F0FF83} 2012-07-04 00:33:11 -------- d-----w- C:\Users\Sara\AppData\Local\{C11962BB-E315-4763-90A1-598AAE0B7165} 2012-07-03 12:32:46 -------- d-----w- C:\Users\Sara\AppData\Local\{601D5921-0CDA-4F8E-B1BA-987ECB56A733} 2012-07-03 12:32:35 -------- d-----w- C:\Users\Sara\AppData\Local\{D85F4635-EB06-4E1E-A637-C4D4A96889E4} 2012-07-02 20:07:05 -------- d-----w- C:\Users\Sara\AppData\Local\{584059B9-F1CF-46A1-AA78-A3CC9F97F0C0} 2012-07-02 20:06:54 -------- d-----w- C:\Users\Sara\AppData\Local\{77768300-7C70-4380-B292-B6D412171A45} 2012-07-02 05:42:40 -------- d-----w- C:\Users\Sara\AppData\Local\{54284725-398D-4509-B558-A8E3B198C12B} 2012-07-02 05:42:29 -------- d-----w- C:\Users\Sara\AppData\Local\{7826F1D1-8F28-4F4D-A319-63B0AC76A89C} 2012-07-01 17:14:26 -------- d-----w- C:\Users\Sara\AppData\Local\{0DCCA92B-AA9D-4B53-9A8D-BD223BD92981} 2012-07-01 17:14:15 -------- d-----w- C:\Users\Sara\AppData\Local\{764DE9D2-6D19-471C-A5CD-3E3C7ACC0BAD} 2012-07-01 02:54:39 -------- d-----w- C:\Users\Sara\AppData\Local\{5C146E8B-14AA-4D8F-B91F-3512175AF6B4} 2012-07-01 02:54:26 -------- d-----w- C:\Users\Sara\AppData\Local\{53143321-B642-40C2-BB50-9229E24019EE} 2012-06-30 14:54:01 -------- d-----w- C:\Users\Sara\AppData\Local\{15B529D2-BC9C-4076-BE2C-818F70098197} 2012-06-30 14:53:50 -------- d-----w- C:\Users\Sara\AppData\Local\{C84134B3-4DF3-4162-B08B-74679927F69A} 2012-06-30 02:53:24 -------- d-----w- C:\Users\Sara\AppData\Local\{9CCD17F3-C89D-4A00-BB48-F896C6059421} 2012-06-30 02:53:14 -------- d-----w- C:\Users\Sara\AppData\Local\{56E4FA0C-FDE4-4700-BAE2-2C9645108465} 2012-06-29 14:52:50 -------- d-----w- C:\Users\Sara\AppData\Local\{5257C3CF-A9A2-41CD-BA3A-912F1E8F24AC} 2012-06-29 14:52:39 -------- d-----w- C:\Users\Sara\AppData\Local\{0E267D62-B673-4112-94E0-BDBCB69FE3F2} 2012-06-29 01:29:13 -------- d-----w- C:\Users\Sara\AppData\Local\{082A2866-8461-4217-9CEB-B6FC1458591C} 2012-06-29 01:29:01 -------- d-----w- C:\Users\Sara\AppData\Local\{FB9739FA-1CB2-4563-A86D-78E4AB340CBE} 2012-06-28 13:28:36 -------- d-----w- C:\Users\Sara\AppData\Local\{E51B2C16-256A-408E-B4F5-47F1B2DA823B} 2012-06-28 13:28:25 -------- d-----w- C:\Users\Sara\AppData\Local\{C64ACD6D-4558-4871-848B-B3A3FE52B066} 2012-06-27 20:48:47 -------- d-----w- C:\Users\Sara\AppData\Local\{01224445-471D-4A8E-8D11-274082EA7594} 2012-06-27 20:48:37 -------- d-----w- C:\Users\Sara\AppData\Local\{C5B8999E-9A1C-4E8D-91C3-3F46B88D05B6} 2012-06-25 17:58:38 -------- d-----w- C:\Users\Sara\AppData\Local\{65FCB27D-6C0D-4243-A2FA-8A9BF1A761DA} 2012-06-24 18:00:11 -------- d-----w- C:\Users\Sara\AppData\Local\{45E284B4-8F6E-48C0-81F7-2CC11F7AC652} 2012-06-24 18:00:01 -------- d-----w- C:\Users\Sara\AppData\Local\{A26C9DAA-D517-44AF-BB1F-3D8240A83C59} 2012-06-24 03:51:43 -------- d-----w- C:\Users\Sara\AppData\Local\{2F7A95C3-15FA-49F5-9580-81735BC300E7} 2012-06-24 03:51:33 -------- d-----w- C:\Users\Sara\AppData\Local\{9799164E-5284-43F0-A471-25217397470B} 2012-06-22 03:36:05 -------- d-----w- C:\Users\Sara\AppData\Local\{92FDDA3A-1079-4278-8C48-3349E0089E70} 2012-06-22 03:35:55 -------- d-----w- C:\Users\Sara\AppData\Local\{3CDC4770-690C-481E-910A-224954F533F8} 2012-06-21 04:56:16 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2012-06-21 00:44:31 -------- d-----w- C:\Users\Sara\AppData\Local\{29DEE4F9-F4F8-4523-A85D-B4874C967A67} 2012-06-21 00:44:20 -------- d-----w- C:\Users\Sara\AppData\Local\{847E928B-B898-4585-ADA2-1313CFB0020D} 2012-06-21 00:20:13 -------- d-----w- C:\Users\Sara\AppData\Local\{98738CF4-3F11-4CDF-A53E-F1D98105F920} 2012-06-21 00:19:53 -------- d-----w- C:\Windows\en 2012-06-21 00:16:50 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2012-06-21 00:12:49 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll 2012-06-21 00:12:49 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll 2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll 2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll 2012-06-21 00:09:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DSETUP.dll 2012-06-21 00:09:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DXSETUP.exe 2012-06-21 00:09:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\dsetup32.dll 2012-06-21 00:09:12 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16740a301cd4f4204\MeshBetaRemover.exe 2012-06-21 00:08:51 -------- d-----w- C:\Users\Sara\AppData\Local\{6C4FDCCF-5F53-4AC4-B242-030A3A526D73} 2012-06-21 00:08:16 -------- d-----w- C:\Users\Sara\AppData\Local\{E26CAF40-A44D-4DE6-9713-FBE4915FCA51} 2012-06-21 00:08:05 -------- d-----w- C:\Users\Sara\AppData\Local\{6913831E-538D-4B53-8317-B17263EF45AE} 2012-06-20 23:31:40 -------- d-----w- C:\Users\Sara\AppData\Local\{EE887356-AB7A-41AD-B433-4878471C94D8} 2012-06-20 23:31:30 -------- d-----w- C:\Users\Sara\AppData\Local\{B1D969BF-4B07-4018-B4B8-622B363A6B04} 2012-06-20 19:09:37 -------- d-----w- C:\Users\Sara\AppData\Local\{91B7A935-CCDE-4C47-95D5-224836167B9D} 2012-06-20 19:09:26 -------- d-----w- C:\Users\Sara\AppData\Local\{9E2E8FBB-F652-4AA2-BB49-015B8E25D10A} 2012-06-20 13:49:46 -------- d-----w- C:\Users\Sara\AppData\Local\{4C83DF69-7A98-4E84-B892-E737748FE888} 2012-06-20 13:49:36 -------- d-----w- C:\Users\Sara\AppData\Local\{D0626347-24CD-4355-A317-E38A0808A32A} 2012-06-20 13:36:34 -------- d-----w- C:\Users\Sara\AppData\Local\{E0B7BBF2-CB10-4539-9432-7F5860FD4D88} 2012-06-20 13:36:24 -------- d-----w- C:\Users\Sara\AppData\Local\{20BA683C-20DF-4853-B161-C61D0855BC63} 2012-06-20 13:34:59 -------- d-----w- C:\Users\Sara\AppData\Local\{16804482-B561-4797-AF7C-E957620D602A} 2012-06-20 13:34:48 -------- d-----w- C:\Users\Sara\AppData\Local\{392F744E-D781-4438-8009-2E492AACA5E5} 2012-06-20 01:38:46 -------- d-----w- C:\Users\Sara\AppData\Local\{5B86E182-510D-4189-A4A8-B452FF9F7BA9} 2012-06-20 01:38:36 -------- d-----w- C:\Users\Sara\AppData\Local\{0C294998-962A-462C-8559-A363DBE8D1A8} 2012-06-20 00:31:12 -------- d-----w- C:\Users\Sara\AppData\Local\{50ECFA10-0D03-4BFD-BB42-2385D559EE95} 2012-06-20 00:30:51 -------- d-----w- C:\Users\Sara\AppData\Local\{8237D066-7B50-4272-AAF1-1705F134767B} 2012-06-19 12:27:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-19 12:26:51 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-19 12:26:31 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-19 12:26:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 00:42:02 -------- d-----w- C:\Users\Sara\AppData\Local\{309FAB49-3475-44B7-BCAA-019748069507} 2012-06-17 11:41:57 -------- d-----w- C:\Users\Sara\AppData\Local\{227D2400-5DBF-49E3-AE75-D5699DDB81C0} . ==================== Find3M ==================== . 2012-07-15 19:20:35 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll 2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll 2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-16 17:13:55 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-05-16 17:13:55 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-19 00:39:10 43008 ----a-w- C:\Windows\System32\kdbsdk64.dll 2012-04-19 00:39:10 28672 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll . ============= FINISH: 10:13:06.15 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/8/2011 7:08:39 PM System Uptime: 7/16/2012 9:41:54 AM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | CM1630 Processor: AMD Phenom II X4 830 Processor | AM3 | 2812/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 279 GiB total, 36.569 GiB free. D: is FIXED (NTFS) - 409 GiB total, 365.829 GiB free. E: is CDROM () F: is FIXED (NTFS) - 917 GiB total, 266.391 GiB free. G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Deskjet F4500 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Deskjet F4500 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Deskjet F4500 series Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Deskjet F4500 series PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP125: 5/27/2012 10:00:41 AM - Windows Backup RP126: 6/3/2012 10:00:44 AM - Windows Backup RP127: 6/5/2012 12:48:22 AM - Windows Update RP128: 6/11/2012 12:07:04 AM - Windows Backup RP129: 6/13/2012 3:00:39 AM - Windows Update RP130: 6/17/2012 6:58:25 PM - Windows Backup RP131: 6/19/2012 7:25:54 AM - Windows Update RP132: 6/20/2012 7:09:30 PM - Windows Live Essentials RP133: 6/20/2012 7:10:40 PM - Windows Update RP134: 6/20/2012 7:11:58 PM - Windows Update RP135: 6/20/2012 7:13:10 PM - Installed DirectX RP136: 6/20/2012 7:14:14 PM - Installed DirectX RP137: 6/20/2012 7:15:48 PM - WLSetup RP138: 6/20/2012 11:52:29 PM - Windows Update RP139: 6/22/2012 12:19:48 AM - Windows Update RP140: 6/24/2012 10:00:40 AM - Windows Backup RP141: 7/1/2012 10:00:41 AM - Windows Backup RP142: 7/8/2012 10:00:41 AM - Windows Backup RP143: 7/12/2012 3:01:00 AM - Windows Update RP144: 7/15/2012 10:00:38 AM - Windows Backup RP145: 7/15/2012 2:19:28 PM - Installed Java 6 Update 33 RP146: 7/16/2012 7:16:06 AM - Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Community Help Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Photoshop Elements 9 Adobe Photoshop.com Inspiration Browser Adobe Premiere Elements 9 Adobe Premiere Elements 9 Content Adobe Premiere Elements 9 Content 1 Adobe Premiere Elements 9 Content 2 Adobe Premiere Elements 9 Content 3 Adobe Premiere Elements 9 HD Content 1 Adobe Premiere Elements 9 HD Content 2 Adobe Premiere Elements 9 HD Content 3 Adobe Reader X (10.1.3) AMD VISION Engine Control Center Apple Application Support Apple Software Update AVerMedia C038 USB Capture Card 2.0.64.124 Azurewave Wireless LAN Card Bing Bar BufferChm CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.8 Canon Utilities EOS Utility Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities WFT Utility Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Compatibility Pack for the 2007 Office system Copy Core FTP LE 2.1 Coupon Printer for Windows D3DX10 DesignPro 5 Destinations DeviceDiscovery DHTML Menu Builder LITE 4.20 DJ_AIO_06_F4500_SW_MIN Elements 9 Organizer Elements STI Installer F4500 Family Tree Maker Firebird SQL Server - MAGIX Edition GIMP 2.6.7 Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper GPBaseService2 HP Photo Creations HP Update HPPhotoGadget HPProductAssistant HPSSupply iCamSource iClone v4.2 EX J2SE Runtime Environment 5.0 Jalbum Java Auto Updater Java 6 Update 33 Junk Mail filter update Live Security Platinum Logitech Vid HD MAGIX Movie Edit Pro 17 Plus MAGIX Screenshare MAGIX Speed burnR (MSI) Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch Memorex exPressit Label Design Studio Mesh Runtime Microsoft Expression Web 2 Microsoft Expression Web 2 MUI (English) Microsoft Money 99 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Live Add-in 1.3 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Picture It! Photo 2001 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft UI Engine Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox (3.5.8) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Stereoscopic 3D Driver OpenOffice.org 3.1 PE-DESIGN Ver.6 PhotoScape Player PrimoPDF -- by Nitro PDF Software proDAD Heroglyph 2.5 QuickTime Ralink RT2860 Wireless LAN Card RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek 8136 8168 8169 Ethernet Driver Realtek High Definition Audio Driver RealUpgrade 1.1 Scan Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office system 2007 (KB974234) Segoe UI Shockwave Skype Toolbars Skype™ 5.5 SmartSound Quicktracks for Premiere Elements 9.0 SmartWebPrinting SolutionCenter Status The Logo Creator v5.2 Toolbox TrayApp Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Expression Web 2 (KB957827) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Script Editor Help (KB963671) Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Detect Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 7/16/2012 9:50:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 7/16/2012 9:50:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 7/16/2012 9:44:26 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/16/2012 9:42:42 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 7/16/2012 9:42:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 7/16/2012 9:42:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 7/16/2012 9:42:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 7/16/2012 9:42:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 7/16/2012 9:42:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6 7/16/2012 9:33:55 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 7/16/2012 10:12:58 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. . ==== End Of File ===========================
  8. beavhope
    We received the USPS email, but neither my wife nor I opened it, (just saw it in preview). We got AVG threat warnings about lameshield-cleaned with AVG, got another alert- opened Malwarebytes and cleaned up. Now Live Security Platinum has installed itself and we have a mess. Help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.