beavhope

July 19, 2012

The alerts turned out to be the Live folder and the Live .lnk that showed on the start menu. I cleaned them and everything seems OK at this point.

Thanks Maniac and Malwarebytes.

July 18, 2012

Ran scan this morning and it found Live Platinum again.

I have not removed it yet. What is the next step?

July 17, 2012

I rebooted and ran another scan which came back clean and everything appears to be OK. One thing that concerns me is that on rebooting I saw a small DOS command line window for an instant on top of the Windows screen. I don't think that is part of the usual boot routine for this machine. When I rebooted to show my wife (who is the user of this machine) it didn't appear. Could that be an issue?

July 17, 2012

I'm not sure which logs you need but herer are the first scan log and the log made after reboot along with the DDS and Attach files.

First can Log:

<pre>

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.17.12

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Sara :: ASUS [administrator]

7/17/2012 1:12:09 PM

mbam-log-2012-07-17 (13-12-09).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 232781

Time elapsed: 8 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qpoldxhl (Trojan.Phex.THAGen4) -> Data: "C:\Users\Sara\AppData\Local\ocgfaird.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Users\Sara\AppData\Local\ocgfaird.exe (Trojan.Phex.THAGen4) -> Quarantined and deleted successfully.

C:\Users\Sara\Local Settings\ocgfaird.exe (Trojan.Phex.THAGen4) -> Quarantined and deleted successfully.

C:\Users\Sara\Local Settings\Application Data\ocgfaird.exe (Trojan.Phex.THAGen4) -> Quarantined and deleted successfully.

(end)</pre>

After reboot log:

<pre>

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.17.12

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Sara :: ASUS [administrator]

7/17/2012 1:29:08 PM

mbam-log-2012-07-17 (13-29-08).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 232150

Time elapsed: 12 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)</pre>

DDS File:

<pre>

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33

Run by Sara at 13:42:15 on 2012-07-17

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3810 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\WUDFHost.exe

C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\wuauclt.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://att.my.yahoo.com/

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: H - No File

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Google Update] "C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [Reminder] C:\Program Files (x86)\Microsoft Money\System\reminder.exe

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

StartupFolder: C:\Users\Sara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1 205.152.150.23

TCP: Interfaces\{78D9DFA9-5386-4DB3-870B-618C3135BF2A} : DhcpNameServer = 192.168.0.1 205.152.150.23

TCP: Interfaces\{C143592C-058E-4235-80CD-E44433F6309B} : DhcpNameServer = 192.168.0.1 205.152.150.23

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun-x64: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\fqjoyoq8.default\

FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3b184843-5d42-46a0-8b97-b21bab08da36%7D&mid=19ff6163de629b4225c61949b692bf72-9198bf7217863c0dde19be5c2ffe30aefa6055b0&ds=AVG&v=10.2.0.3&lang=us&pr=fr&d=2011-12-12%2008%3A31%3A13&sap=ku&q=

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npoji610.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Sara\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-6-10 232960]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176]

S3 AVerFx2hbtv64;AVerMedia C038 USB Capture Card;C:\Windows\system32\drivers\AVerFx2hbtv64.sys --> C:\Windows\system32\drivers\AVerFx2hbtv64.sys [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-7 167264]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-17 12:55:31 -------- d-----w- C:\Users\Sara\AppData\Local\{4CE40726-3B96-48CE-A593-2F7F0F178436}

2012-07-17 12:55:20 -------- d-----w- C:\Users\Sara\AppData\Local\{8DA62B74-19D7-44B9-B780-935003FF3715}

2012-07-16 14:30:43 -------- d-----w- C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7

2012-07-16 12:21:14 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-07-16 12:21:11 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-16 12:13:01 -------- d-----w- C:\AMD

2012-07-16 03:41:24 -------- d-----w- C:\Users\Sara\AppData\Local\{CCADBCF8-3D91-4330-91EC-0B0D19D6F120}

2012-07-16 03:41:13 -------- d-----w- C:\Users\Sara\AppData\Local\{32E133F1-23B7-499E-AE37-E202CFBCC82F}

2012-07-15 23:02:43 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE

2012-07-15 19:20:45 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-07-15 16:47:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2012-07-15 16:47:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-15 16:47:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-15 14:22:44 -------- d-----w- C:\Users\Sara\AppData\Local\{52E43F87-CA20-4E7F-812C-4BEB75343430}

2012-07-15 14:22:33 -------- d-----w- C:\Users\Sara\AppData\Local\{D75AF7B4-29A4-412E-8D67-3C6BD88E9E96}

2012-07-15 13:17:30 -------- d-----w- C:\Users\Sara\AppData\Local\{E47B790A-F14F-4130-874A-1D770C065414}

2012-07-14 20:01:00 -------- d-----w- C:\Users\Sara\AppData\Local\{E2BFCECF-6C7E-4E2F-9F14-7AB84A0619D2}

2012-07-14 20:00:50 -------- d-----w- C:\Users\Sara\AppData\Local\{82942619-D514-4494-BD08-9799185E3F43}

2012-07-14 16:58:58 -------- d-----w- C:\Users\Sara\AppData\Local\{B754518E-63D3-4313-85A3-C44AF6C3BEA5}

2012-07-14 04:45:34 -------- d-----w- C:\Users\Sara\AppData\Local\{FBDB1AFA-6326-45CD-8DFB-45E4D9358DF3}

2012-07-14 04:45:24 -------- d-----w- C:\Users\Sara\AppData\Local\{B617FC7D-976C-4FD1-A4B7-E17C8DCAEE6D}

2012-07-13 15:58:08 -------- d-----w- C:\Users\Sara\AppData\Local\{1C120FDC-075E-46AF-9DA1-A2D00E9A3A6E}

2012-07-13 15:57:57 -------- d-----w- C:\Users\Sara\AppData\Local\{C2958700-502A-4C18-9FA3-A5FA1DB12B19}

2012-07-12 12:23:05 -------- d-----w- C:\Users\Sara\AppData\Local\{72997D22-D5BB-48CB-8F52-2D0F45B9551B}

2012-07-12 12:22:55 -------- d-----w- C:\Users\Sara\AppData\Local\{A12A17AE-3972-4480-B74F-4944E58AA86F}

2012-07-12 08:08:51 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 18:04:21 -------- d-----w- C:\Users\Sara\AppData\Local\{77917A02-458E-4014-B301-5F60BF966079}

2012-07-11 18:04:10 -------- d-----w- C:\Users\Sara\AppData\Local\{FD0E399B-CAE2-4759-BC25-EA0CCB051E71}

2012-07-11 04:05:08 -------- d-----w- C:\Users\Sara\AppData\Local\{538424CD-A4BC-41A3-8BAC-4930CBD9DE8A}

2012-07-11 04:04:58 -------- d-----w- C:\Users\Sara\AppData\Local\{9813F948-775E-4ABF-B584-B2366D4694F8}

2012-07-11 04:04:48 -------- d-----w- C:\Users\Sara\AppData\Local\{193F5D9A-EC4F-4585-836F-29BDDAE2963B}

2012-07-11 04:04:39 -------- d-----w- C:\Users\Sara\AppData\Local\{65DE554B-377F-4E2A-932E-D896F83AB2DE}

2012-07-10 16:04:13 -------- d-----w- C:\Users\Sara\AppData\Local\{1E12A7E4-7F43-41A2-A780-2A6B0C7DD6A9}

2012-07-10 16:04:02 -------- d-----w- C:\Users\Sara\AppData\Local\{843A6550-F2E0-42EE-A0A0-A3E38AE07CEE}

2012-07-10 03:03:25 -------- d-----w- C:\Users\Sara\AppData\Local\{DC68B9A5-0D51-4B53-997C-AEE8E19EBC8D}

2012-07-10 03:03:14 -------- d-----w- C:\Users\Sara\AppData\Local\{1975ED80-5014-44B8-AB34-B9ABCBDCD108}

2012-07-09 15:02:49 -------- d-----w- C:\Users\Sara\AppData\Local\{BA78413B-E566-44B7-974D-772C11EFC0D2}

2012-07-09 15:02:38 -------- d-----w- C:\Users\Sara\AppData\Local\{31789416-A555-49E5-97ED-F8F15D885D02}

2012-07-09 03:02:14 -------- d-----w- C:\Users\Sara\AppData\Local\{872BC85E-D14A-4187-AA1A-8A66C7E719F2}

2012-07-09 03:02:03 -------- d-----w- C:\Users\Sara\AppData\Local\{C821CA4F-540D-417C-B99C-08DD2AA44BC5}

2012-07-09 03:01:34 -------- d-----w- C:\Users\Sara\AppData\Local\{7C56B39E-BCAC-4EF1-A4A1-5918BC63D214}

2012-07-09 03:01:24 -------- d-----w- C:\Users\Sara\AppData\Local\{503D5374-74AA-4CFA-A1E3-013CF6F56130}

2012-07-08 13:28:08 -------- d-----w- C:\Users\Sara\AppData\Local\{3F71C7DD-AE6A-493A-8205-B0F3C78331A8}

2012-07-08 13:27:57 -------- d-----w- C:\Users\Sara\AppData\Local\{EC6ECB1C-F941-4085-98D3-37824DDDDD7C}

2012-07-07 14:46:48 -------- d-----w- C:\Users\Sara\AppData\Local\{5D27EE36-259D-4A58-9F7A-FFDF4F18FD44}

2012-07-07 14:46:37 -------- d-----w- C:\Users\Sara\AppData\Local\{8269E605-50F8-4D47-B9E5-B91AC9C03534}

2012-07-06 15:50:25 -------- d-----w- C:\Users\Sara\AppData\Local\{BFCF14CD-06EF-4939-AFB7-BFD52C531165}

2012-07-06 15:50:15 -------- d-----w- C:\Users\Sara\AppData\Local\{A2877668-0B93-4E09-B06E-CEC64CEED829}

2012-07-06 01:49:54 -------- d-----w- C:\Users\Sara\AppData\Local\{4481BD06-B1EF-47F6-B744-0A60E3F254B3}

2012-07-06 01:49:42 -------- d-----w- C:\Users\Sara\AppData\Local\{AB0EF8B3-9F2C-43EB-8DE9-CD0493A53D35}

2012-07-05 13:11:06 -------- d-----w- C:\Users\Sara\AppData\Local\{1C737D3C-D2BB-4D30-90DF-45F1FD9E242F}

2012-07-05 13:10:56 -------- d-----w- C:\Users\Sara\AppData\Local\{B4D312C6-4837-43C3-82C8-EA572A9D710E}

2012-07-05 00:47:00 -------- d-----w- C:\Users\Sara\AppData\Local\{F8476180-53FC-4AAC-8FDD-E2F372F6B674}

2012-07-05 00:46:50 -------- d-----w- C:\Users\Sara\AppData\Local\{8AEC27F4-92B2-4B5B-8B2B-7BF890817C43}

2012-07-04 12:33:56 -------- d-----w- C:\Users\Sara\AppData\Local\{36094192-FA40-405B-A573-1CEC2952FAC9}

2012-07-04 12:33:45 -------- d-----w- C:\Users\Sara\AppData\Local\{95A0C8B3-6E45-42CC-B7F4-244C059C33E8}

2012-07-04 07:32:22 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-07-04 07:32:06 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-07-04 07:32:02 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-07-04 07:31:54 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-07-04 07:31:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-07-04 07:31:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll

2012-07-04 07:30:58 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-07-04 07:30:12 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-07-04 07:30:08 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll

2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe

2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll

2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll

2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-07-04 00:33:21 -------- d-----w- C:\Users\Sara\AppData\Local\{872769DF-1880-4A8B-A39C-5F50D5F0FF83}

2012-07-04 00:33:11 -------- d-----w- C:\Users\Sara\AppData\Local\{C11962BB-E315-4763-90A1-598AAE0B7165}

2012-07-03 12:32:46 -------- d-----w- C:\Users\Sara\AppData\Local\{601D5921-0CDA-4F8E-B1BA-987ECB56A733}

2012-07-03 12:32:35 -------- d-----w- C:\Users\Sara\AppData\Local\{D85F4635-EB06-4E1E-A637-C4D4A96889E4}

2012-07-02 20:07:05 -------- d-----w- C:\Users\Sara\AppData\Local\{584059B9-F1CF-46A1-AA78-A3CC9F97F0C0}

2012-07-02 20:06:54 -------- d-----w- C:\Users\Sara\AppData\Local\{77768300-7C70-4380-B292-B6D412171A45}

2012-07-02 05:42:40 -------- d-----w- C:\Users\Sara\AppData\Local\{54284725-398D-4509-B558-A8E3B198C12B}

2012-07-02 05:42:29 -------- d-----w- C:\Users\Sara\AppData\Local\{7826F1D1-8F28-4F4D-A319-63B0AC76A89C}

2012-07-01 17:14:26 -------- d-----w- C:\Users\Sara\AppData\Local\{0DCCA92B-AA9D-4B53-9A8D-BD223BD92981}

2012-07-01 17:14:15 -------- d-----w- C:\Users\Sara\AppData\Local\{764DE9D2-6D19-471C-A5CD-3E3C7ACC0BAD}

2012-07-01 02:54:39 -------- d-----w- C:\Users\Sara\AppData\Local\{5C146E8B-14AA-4D8F-B91F-3512175AF6B4}

2012-07-01 02:54:26 -------- d-----w- C:\Users\Sara\AppData\Local\{53143321-B642-40C2-BB50-9229E24019EE}

2012-06-30 14:54:01 -------- d-----w- C:\Users\Sara\AppData\Local\{15B529D2-BC9C-4076-BE2C-818F70098197}

2012-06-30 14:53:50 -------- d-----w- C:\Users\Sara\AppData\Local\{C84134B3-4DF3-4162-B08B-74679927F69A}

2012-06-30 02:53:24 -------- d-----w- C:\Users\Sara\AppData\Local\{9CCD17F3-C89D-4A00-BB48-F896C6059421}

2012-06-30 02:53:14 -------- d-----w- C:\Users\Sara\AppData\Local\{56E4FA0C-FDE4-4700-BAE2-2C9645108465}

2012-06-29 14:52:50 -------- d-----w- C:\Users\Sara\AppData\Local\{5257C3CF-A9A2-41CD-BA3A-912F1E8F24AC}

2012-06-29 14:52:39 -------- d-----w- C:\Users\Sara\AppData\Local\{0E267D62-B673-4112-94E0-BDBCB69FE3F2}

2012-06-29 01:29:13 -------- d-----w- C:\Users\Sara\AppData\Local\{082A2866-8461-4217-9CEB-B6FC1458591C}

2012-06-29 01:29:01 -------- d-----w- C:\Users\Sara\AppData\Local\{FB9739FA-1CB2-4563-A86D-78E4AB340CBE}

2012-06-28 13:28:36 -------- d-----w- C:\Users\Sara\AppData\Local\{E51B2C16-256A-408E-B4F5-47F1B2DA823B}

2012-06-28 13:28:25 -------- d-----w- C:\Users\Sara\AppData\Local\{C64ACD6D-4558-4871-848B-B3A3FE52B066}

2012-06-27 20:48:47 -------- d-----w- C:\Users\Sara\AppData\Local\{01224445-471D-4A8E-8D11-274082EA7594}

2012-06-27 20:48:37 -------- d-----w- C:\Users\Sara\AppData\Local\{C5B8999E-9A1C-4E8D-91C3-3F46B88D05B6}

2012-06-25 17:58:38 -------- d-----w- C:\Users\Sara\AppData\Local\{65FCB27D-6C0D-4243-A2FA-8A9BF1A761DA}

2012-06-24 18:00:11 -------- d-----w- C:\Users\Sara\AppData\Local\{45E284B4-8F6E-48C0-81F7-2CC11F7AC652}

2012-06-24 18:00:01 -------- d-----w- C:\Users\Sara\AppData\Local\{A26C9DAA-D517-44AF-BB1F-3D8240A83C59}

2012-06-24 03:51:43 -------- d-----w- C:\Users\Sara\AppData\Local\{2F7A95C3-15FA-49F5-9580-81735BC300E7}

2012-06-24 03:51:33 -------- d-----w- C:\Users\Sara\AppData\Local\{9799164E-5284-43F0-A471-25217397470B}

2012-06-22 03:36:05 -------- d-----w- C:\Users\Sara\AppData\Local\{92FDDA3A-1079-4278-8C48-3349E0089E70}

2012-06-22 03:35:55 -------- d-----w- C:\Users\Sara\AppData\Local\{3CDC4770-690C-481E-910A-224954F533F8}

2012-06-21 04:56:16 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

2012-06-21 00:44:31 -------- d-----w- C:\Users\Sara\AppData\Local\{29DEE4F9-F4F8-4523-A85D-B4874C967A67}

2012-06-21 00:44:20 -------- d-----w- C:\Users\Sara\AppData\Local\{847E928B-B898-4585-ADA2-1313CFB0020D}

2012-06-21 00:20:13 -------- d-----w- C:\Users\Sara\AppData\Local\{98738CF4-3F11-4CDF-A53E-F1D98105F920}

2012-06-21 00:19:53 -------- d-----w- C:\Windows\en

2012-06-21 00:16:50 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2012-06-21 00:12:49 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll

2012-06-21 00:12:49 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll

2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll

2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll

2012-06-21 00:09:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DSETUP.dll

2012-06-21 00:09:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DXSETUP.exe

2012-06-21 00:09:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\dsetup32.dll

2012-06-21 00:09:12 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16740a301cd4f4204\MeshBetaRemover.exe

2012-06-21 00:08:51 -------- d-----w- C:\Users\Sara\AppData\Local\{6C4FDCCF-5F53-4AC4-B242-030A3A526D73}

2012-06-21 00:08:16 -------- d-----w- C:\Users\Sara\AppData\Local\{E26CAF40-A44D-4DE6-9713-FBE4915FCA51}

2012-06-21 00:08:05 -------- d-----w- C:\Users\Sara\AppData\Local\{6913831E-538D-4B53-8317-B17263EF45AE}

2012-06-20 23:31:40 -------- d-----w- C:\Users\Sara\AppData\Local\{EE887356-AB7A-41AD-B433-4878471C94D8}

2012-06-20 23:31:30 -------- d-----w- C:\Users\Sara\AppData\Local\{B1D969BF-4B07-4018-B4B8-622B363A6B04}

2012-06-20 19:09:37 -------- d-----w- C:\Users\Sara\AppData\Local\{91B7A935-CCDE-4C47-95D5-224836167B9D}

2012-06-20 19:09:26 -------- d-----w- C:\Users\Sara\AppData\Local\{9E2E8FBB-F652-4AA2-BB49-015B8E25D10A}

2012-06-20 13:49:46 -------- d-----w- C:\Users\Sara\AppData\Local\{4C83DF69-7A98-4E84-B892-E737748FE888}

2012-06-20 13:49:36 -------- d-----w- C:\Users\Sara\AppData\Local\{D0626347-24CD-4355-A317-E38A0808A32A}

2012-06-20 13:36:34 -------- d-----w- C:\Users\Sara\AppData\Local\{E0B7BBF2-CB10-4539-9432-7F5860FD4D88}

2012-06-20 13:36:24 -------- d-----w- C:\Users\Sara\AppData\Local\{20BA683C-20DF-4853-B161-C61D0855BC63}

2012-06-20 13:34:59 -------- d-----w- C:\Users\Sara\AppData\Local\{16804482-B561-4797-AF7C-E957620D602A}

2012-06-20 13:34:48 -------- d-----w- C:\Users\Sara\AppData\Local\{392F744E-D781-4438-8009-2E492AACA5E5}

2012-06-20 01:38:46 -------- d-----w- C:\Users\Sara\AppData\Local\{5B86E182-510D-4189-A4A8-B452FF9F7BA9}

2012-06-20 01:38:36 -------- d-----w- C:\Users\Sara\AppData\Local\{0C294998-962A-462C-8559-A363DBE8D1A8}

2012-06-20 00:31:12 -------- d-----w- C:\Users\Sara\AppData\Local\{50ECFA10-0D03-4BFD-BB42-2385D559EE95}

2012-06-20 00:30:51 -------- d-----w- C:\Users\Sara\AppData\Local\{8237D066-7B50-4272-AAF1-1705F134767B}

2012-06-19 12:27:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-19 12:26:51 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-19 12:26:31 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-19 12:26:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-18 00:42:02 -------- d-----w- C:\Users\Sara\AppData\Local\{309FAB49-3475-44B7-BCAA-019748069507}

.

==================== Find3M ====================

.

2012-07-15 19:20:35 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll

2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll

2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-16 17:13:55 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-05-16 17:13:55 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-19 00:39:10 43008 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-04-19 00:39:10 28672 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

.

============= FINISH: 13:43:44.74 ===============</pre>

Attach File:

<pre>

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/8/2011 7:08:39 PM

System Uptime: 7/17/2012 1:25:06 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | CM1630

Processor: AMD Phenom II X4 830 Processor | AM3 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 36.089 GiB free.

D: is FIXED (NTFS) - 409 GiB total, 365.829 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 917 GiB total, 266.391 GiB free.

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet F4500 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Deskjet F4500 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Deskjet F4500 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Deskjet F4500 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

==== System Restore Points ===================

.

RP125: 5/27/2012 10:00:41 AM - Windows Backup

RP126: 6/3/2012 10:00:44 AM - Windows Backup

RP127: 6/5/2012 12:48:22 AM - Windows Update

RP128: 6/11/2012 12:07:04 AM - Windows Backup

RP129: 6/13/2012 3:00:39 AM - Windows Update

RP130: 6/17/2012 6:58:25 PM - Windows Backup

RP131: 6/19/2012 7:25:54 AM - Windows Update

RP132: 6/20/2012 7:09:30 PM - Windows Live Essentials

RP133: 6/20/2012 7:10:40 PM - Windows Update

RP134: 6/20/2012 7:11:58 PM - Windows Update

RP135: 6/20/2012 7:13:10 PM - Installed DirectX

RP136: 6/20/2012 7:14:14 PM - Installed DirectX

RP137: 6/20/2012 7:15:48 PM - WLSetup

RP138: 6/20/2012 11:52:29 PM - Windows Update

RP139: 6/22/2012 12:19:48 AM - Windows Update

RP140: 6/24/2012 10:00:40 AM - Windows Backup

RP141: 7/1/2012 10:00:41 AM - Windows Backup

RP142: 7/8/2012 10:00:41 AM - Windows Backup

RP143: 7/12/2012 3:01:00 AM - Windows Update

RP144: 7/15/2012 10:00:38 AM - Windows Backup

RP145: 7/15/2012 2:19:28 PM - Installed Java 6 Update 33

RP146: 7/16/2012 7:16:06 AM - Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Photoshop Elements 9

Adobe Photoshop.com Inspiration Browser

Adobe Premiere Elements 9

Adobe Premiere Elements 9 Content

Adobe Premiere Elements 9 Content 1

Adobe Premiere Elements 9 Content 2

Adobe Premiere Elements 9 Content 3

Adobe Premiere Elements 9 HD Content 1

Adobe Premiere Elements 9 HD Content 2

Adobe Premiere Elements 9 HD Content 3

Adobe Reader X (10.1.3)

AMD VISION Engine Control Center

Apple Application Support

Apple Software Update

AVerMedia C038 USB Capture Card 2.0.64.124

Azurewave Wireless LAN Card

Bing Bar

BufferChm

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon Utilities Digital Photo Professional 3.8

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities WFT Utility

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Compatibility Pack for the 2007 Office system

Copy

Core FTP LE 2.1

Coupon Printer for Windows

D3DX10

DesignPro 5

Destinations

DeviceDiscovery

DHTML Menu Builder LITE 4.20

DJ_AIO_06_F4500_SW_MIN

Elements 9 Organizer

Elements STI Installer

F4500

Family Tree Maker

Firebird SQL Server - MAGIX Edition

GIMP 2.6.7

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

HP Photo Creations

HP Update

HPPhotoGadget

HPProductAssistant

HPSSupply

iCamSource

iClone v4.2 EX

J2SE Runtime Environment 5.0

Jalbum

Java Auto Updater

Java 6 Update 33

Junk Mail filter update

Logitech Vid HD

MAGIX Movie Edit Pro 17 Plus

MAGIX Screenshare

MAGIX Speed burnR (MSI)

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Memorex exPressit Label Design Studio

Mesh Runtime

Microsoft Expression Web 2

Microsoft Expression Web 2 MUI (English)

Microsoft Money 99

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Live Add-in 1.3

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Picture It! Photo 2001

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft UI Engine

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_CRT_x86

Mozilla Firefox (3.5.8)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Stereoscopic 3D Driver

OpenOffice.org 3.1

PE-DESIGN Ver.6

PhotoScape

Player

PrimoPDF -- by Nitro PDF Software

proDAD Heroglyph 2.5

QuickTime

Ralink RT2860 Wireless LAN Card

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office system 2007 (KB974234)

Segoe UI

Shockwave

Skype Toolbars

Skype™ 5.5

SmartSound Quicktracks for Premiere Elements 9.0

SmartWebPrinting

SolutionCenter

Status

The Logo Creator v5.2

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Expression Web 2 (KB957827)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Script Editor Help (KB963671)

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Detect

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

7/17/2012 1:32:07 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

7/17/2012 1:26:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

7/16/2012 3:32:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/16/2012 3:07:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

7/16/2012 3:07:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

7/16/2012 3:06:27 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

7/16/2012 3:04:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

7/16/2012 3:04:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/16/2012 3:04:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/16/2012 3:04:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/16/2012 3:04:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/16/2012 3:04:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6

7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

.

==== End Of File ===========================</pre>

July 17, 2012

Hi Maniac,

I appreciate the quick response. I ran Chamellion and forgot I had disabled the network adapter so it didn't update. The database was a few days old. I dealt with the items found in the scan and rebooted. When the system came back up I got the Live Platinum popup and an AVG threat warning. I ran the follow up Malwarebytes scan and it returned 8 Lameshield entries. (Still have the Live Premium logo on the start menu.)

This is the log from the Chamellion scan:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.15.09

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Sara :: ASUS [administrator]

7/17/2012 6:45:37 AM

mbam-log-2012-07-17 (06-45-37).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 231164

Time elapsed: 20 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.Lameshield) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|7531E8D900098AE70000D6AC4F147CE7 (Trojan.Lameshield) -> Data: C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7\7531E8D900098AE70000D6AC4F147CE7.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7\7531E8D900098AE70000D6AC4F147CE7.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.

C:\Users\Sara\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

(end)

This is the scan after reboot:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.15.09

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Sara :: ASUS [administrator]

7/17/2012 7:19:50 AM

mbam-log-2012-07-17 (07-19-50).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 231939

Time elapsed: 11 minute(s), 47 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 8

C:\Users\Sara\Local Settings\pmekmeju.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.

C:\Users\Sara\Local Settings\vduaonqq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.

C:\Users\Sara\Local Settings\Application Data\pmekmeju.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.

C:\Users\Sara\Local Settings\Application Data\vduaonqq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.

C:\Users\Sara\Local Settings\Temporary Internet Files\Content.IE5\1IRBW8UE\3[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully.

C:\Users\Sara\Local Settings\Temporary Internet Files\Content.IE5\92BI1HPU\3[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully.

C:\Users\Sara\Local Settings\Temporary Internet Files\Content.IE5\EX9GIU86\3[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully.

C:\Users\Sara\Local Settings\Temporary Internet Files\Content.IE5\U5G7TBF2\3[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully.

(end)

And the DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33

Run by Sara at 8:01:20 on 2012-07-17

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3858 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE

svchost.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

svchost.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe