beavhope
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by beavhope
-
-
Ran scan this morning and it found Live Platinum again.
I have not removed it yet. What is the next step?
-
I rebooted and ran another scan which came back clean and everything appears to be OK. One thing that concerns me is that on rebooting I saw a small DOS command line window for an instant on top of the Windows screen. I don't think that is part of the usual boot routine for this machine. When I rebooted to show my wife (who is the user of this machine) it didn't appear. Could that be an issue?
-
<p>I'm not sure which logs you need but herer are the first scan log and the log made after reboot along with the DDS and Attach files.</p>
<p> </p>
<p>First can Log:</p>
<p> </p>
<pre>
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.17.12
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Sara :: ASUS [administrator]
7/17/2012 1:12:09 PM
mbam-log-2012-07-17 (13-12-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232781
Time elapsed: 8 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qpoldxhl (Trojan.Phex.THAGen4) -> Data: "C:\Users\Sara\AppData\Local\ocgfaird.exe" -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Sara\AppData\Local\ocgfaird.exe (Trojan.Phex.THAGen4) -> Quarantined and deleted successfully.
C:\Users\Sara\Local Settings\ocgfaird.exe (Trojan.Phex.THAGen4) -> Quarantined and deleted successfully.
C:\Users\Sara\Local Settings\Application Data\ocgfaird.exe (Trojan.Phex.THAGen4) -> Quarantined and deleted successfully.
(end)</pre>
<p>After reboot log:</p>
<p> </p>
<pre>
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.17.12
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Sara :: ASUS [administrator]
7/17/2012 1:29:08 PM
mbam-log-2012-07-17 (13-29-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232150
Time elapsed: 12 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)</pre>
<p> </p>
<p>DDS File:</p>
<p> </p>
<pre>
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Sara at 13:42:15 on 2012-07-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3810 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Reminder] C:\Program Files (x86)\Microsoft Money\System\reminder.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
StartupFolder: C:\Users\Sara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.152.150.23
TCP: Interfaces\{78D9DFA9-5386-4DB3-870B-618C3135BF2A} : DhcpNameServer = 192.168.0.1 205.152.150.23
TCP: Interfaces\{C143592C-058E-4235-80CD-E44433F6309B} : DhcpNameServer = 192.168.0.1 205.152.150.23
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\fqjoyoq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3b184843-5d42-46a0-8b97-b21bab08da36%7D&mid=19ff6163de629b4225c61949b692bf72-9198bf7217863c0dde19be5c2ffe30aefa6055b0&ds=AVG&v=10.2.0.3&lang=us&pr=fr&d=2011-12-12%2008%3A31%3A13&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npoji610.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Sara\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-6-10 232960]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176]
S3 AVerFx2hbtv64;AVerMedia C038 USB Capture Card;C:\Windows\system32\drivers\AVerFx2hbtv64.sys --> C:\Windows\system32\drivers\AVerFx2hbtv64.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-7 167264]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-17 12:55:31 -------- d-----w- C:\Users\Sara\AppData\Local\{4CE40726-3B96-48CE-A593-2F7F0F178436}
2012-07-17 12:55:20 -------- d-----w- C:\Users\Sara\AppData\Local\{8DA62B74-19D7-44B9-B780-935003FF3715}
2012-07-16 14:30:43 -------- d-----w- C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7
2012-07-16 12:21:14 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-07-16 12:21:11 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-07-16 12:13:01 -------- d-----w- C:\AMD
2012-07-16 03:41:24 -------- d-----w- C:\Users\Sara\AppData\Local\{CCADBCF8-3D91-4330-91EC-0B0D19D6F120}
2012-07-16 03:41:13 -------- d-----w- C:\Users\Sara\AppData\Local\{32E133F1-23B7-499E-AE37-E202CFBCC82F}
2012-07-15 23:02:43 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-07-15 19:20:45 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-15 16:47:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-07-15 16:47:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-15 16:47:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-15 14:22:44 -------- d-----w- C:\Users\Sara\AppData\Local\{52E43F87-CA20-4E7F-812C-4BEB75343430}
2012-07-15 14:22:33 -------- d-----w- C:\Users\Sara\AppData\Local\{D75AF7B4-29A4-412E-8D67-3C6BD88E9E96}
2012-07-15 13:17:30 -------- d-----w- C:\Users\Sara\AppData\Local\{E47B790A-F14F-4130-874A-1D770C065414}
2012-07-14 20:01:00 -------- d-----w- C:\Users\Sara\AppData\Local\{E2BFCECF-6C7E-4E2F-9F14-7AB84A0619D2}
2012-07-14 20:00:50 -------- d-----w- C:\Users\Sara\AppData\Local\{82942619-D514-4494-BD08-9799185E3F43}
2012-07-14 16:58:58 -------- d-----w- C:\Users\Sara\AppData\Local\{B754518E-63D3-4313-85A3-C44AF6C3BEA5}
2012-07-14 04:45:34 -------- d-----w- C:\Users\Sara\AppData\Local\{FBDB1AFA-6326-45CD-8DFB-45E4D9358DF3}
2012-07-14 04:45:24 -------- d-----w- C:\Users\Sara\AppData\Local\{B617FC7D-976C-4FD1-A4B7-E17C8DCAEE6D}
2012-07-13 15:58:08 -------- d-----w- C:\Users\Sara\AppData\Local\{1C120FDC-075E-46AF-9DA1-A2D00E9A3A6E}
2012-07-13 15:57:57 -------- d-----w- C:\Users\Sara\AppData\Local\{C2958700-502A-4C18-9FA3-A5FA1DB12B19}
2012-07-12 12:23:05 -------- d-----w- C:\Users\Sara\AppData\Local\{72997D22-D5BB-48CB-8F52-2D0F45B9551B}
2012-07-12 12:22:55 -------- d-----w- C:\Users\Sara\AppData\Local\{A12A17AE-3972-4480-B74F-4944E58AA86F}
2012-07-12 08:08:51 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 18:04:21 -------- d-----w- C:\Users\Sara\AppData\Local\{77917A02-458E-4014-B301-5F60BF966079}
2012-07-11 18:04:10 -------- d-----w- C:\Users\Sara\AppData\Local\{FD0E399B-CAE2-4759-BC25-EA0CCB051E71}
2012-07-11 04:05:08 -------- d-----w- C:\Users\Sara\AppData\Local\{538424CD-A4BC-41A3-8BAC-4930CBD9DE8A}
2012-07-11 04:04:58 -------- d-----w- C:\Users\Sara\AppData\Local\{9813F948-775E-4ABF-B584-B2366D4694F8}
2012-07-11 04:04:48 -------- d-----w- C:\Users\Sara\AppData\Local\{193F5D9A-EC4F-4585-836F-29BDDAE2963B}
2012-07-11 04:04:39 -------- d-----w- C:\Users\Sara\AppData\Local\{65DE554B-377F-4E2A-932E-D896F83AB2DE}
2012-07-10 16:04:13 -------- d-----w- C:\Users\Sara\AppData\Local\{1E12A7E4-7F43-41A2-A780-2A6B0C7DD6A9}
2012-07-10 16:04:02 -------- d-----w- C:\Users\Sara\AppData\Local\{843A6550-F2E0-42EE-A0A0-A3E38AE07CEE}
2012-07-10 03:03:25 -------- d-----w- C:\Users\Sara\AppData\Local\{DC68B9A5-0D51-4B53-997C-AEE8E19EBC8D}
2012-07-10 03:03:14 -------- d-----w- C:\Users\Sara\AppData\Local\{1975ED80-5014-44B8-AB34-B9ABCBDCD108}
2012-07-09 15:02:49 -------- d-----w- C:\Users\Sara\AppData\Local\{BA78413B-E566-44B7-974D-772C11EFC0D2}
2012-07-09 15:02:38 -------- d-----w- C:\Users\Sara\AppData\Local\{31789416-A555-49E5-97ED-F8F15D885D02}
2012-07-09 03:02:14 -------- d-----w- C:\Users\Sara\AppData\Local\{872BC85E-D14A-4187-AA1A-8A66C7E719F2}
2012-07-09 03:02:03 -------- d-----w- C:\Users\Sara\AppData\Local\{C821CA4F-540D-417C-B99C-08DD2AA44BC5}
2012-07-09 03:01:34 -------- d-----w- C:\Users\Sara\AppData\Local\{7C56B39E-BCAC-4EF1-A4A1-5918BC63D214}
2012-07-09 03:01:24 -------- d-----w- C:\Users\Sara\AppData\Local\{503D5374-74AA-4CFA-A1E3-013CF6F56130}
2012-07-08 13:28:08 -------- d-----w- C:\Users\Sara\AppData\Local\{3F71C7DD-AE6A-493A-8205-B0F3C78331A8}
2012-07-08 13:27:57 -------- d-----w- C:\Users\Sara\AppData\Local\{EC6ECB1C-F941-4085-98D3-37824DDDDD7C}
2012-07-07 14:46:48 -------- d-----w- C:\Users\Sara\AppData\Local\{5D27EE36-259D-4A58-9F7A-FFDF4F18FD44}
2012-07-07 14:46:37 -------- d-----w- C:\Users\Sara\AppData\Local\{8269E605-50F8-4D47-B9E5-B91AC9C03534}
2012-07-06 15:50:25 -------- d-----w- C:\Users\Sara\AppData\Local\{BFCF14CD-06EF-4939-AFB7-BFD52C531165}
2012-07-06 15:50:15 -------- d-----w- C:\Users\Sara\AppData\Local\{A2877668-0B93-4E09-B06E-CEC64CEED829}
2012-07-06 01:49:54 -------- d-----w- C:\Users\Sara\AppData\Local\{4481BD06-B1EF-47F6-B744-0A60E3F254B3}
2012-07-06 01:49:42 -------- d-----w- C:\Users\Sara\AppData\Local\{AB0EF8B3-9F2C-43EB-8DE9-CD0493A53D35}
2012-07-05 13:11:06 -------- d-----w- C:\Users\Sara\AppData\Local\{1C737D3C-D2BB-4D30-90DF-45F1FD9E242F}
2012-07-05 13:10:56 -------- d-----w- C:\Users\Sara\AppData\Local\{B4D312C6-4837-43C3-82C8-EA572A9D710E}
2012-07-05 00:47:00 -------- d-----w- C:\Users\Sara\AppData\Local\{F8476180-53FC-4AAC-8FDD-E2F372F6B674}
2012-07-05 00:46:50 -------- d-----w- C:\Users\Sara\AppData\Local\{8AEC27F4-92B2-4B5B-8B2B-7BF890817C43}
2012-07-04 12:33:56 -------- d-----w- C:\Users\Sara\AppData\Local\{36094192-FA40-405B-A573-1CEC2952FAC9}
2012-07-04 12:33:45 -------- d-----w- C:\Users\Sara\AppData\Local\{95A0C8B3-6E45-42CC-B7F4-244C059C33E8}
2012-07-04 07:32:22 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-04 07:32:06 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-04 07:32:02 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-04 07:31:54 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-04 07:31:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-04 07:31:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-04 07:30:58 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-04 07:30:12 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-04 07:30:08 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll
2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-04 00:33:21 -------- d-----w- C:\Users\Sara\AppData\Local\{872769DF-1880-4A8B-A39C-5F50D5F0FF83}
2012-07-04 00:33:11 -------- d-----w- C:\Users\Sara\AppData\Local\{C11962BB-E315-4763-90A1-598AAE0B7165}
2012-07-03 12:32:46 -------- d-----w- C:\Users\Sara\AppData\Local\{601D5921-0CDA-4F8E-B1BA-987ECB56A733}
2012-07-03 12:32:35 -------- d-----w- C:\Users\Sara\AppData\Local\{D85F4635-EB06-4E1E-A637-C4D4A96889E4}
2012-07-02 20:07:05 -------- d-----w- C:\Users\Sara\AppData\Local\{584059B9-F1CF-46A1-AA78-A3CC9F97F0C0}
2012-07-02 20:06:54 -------- d-----w- C:\Users\Sara\AppData\Local\{77768300-7C70-4380-B292-B6D412171A45}
2012-07-02 05:42:40 -------- d-----w- C:\Users\Sara\AppData\Local\{54284725-398D-4509-B558-A8E3B198C12B}
2012-07-02 05:42:29 -------- d-----w- C:\Users\Sara\AppData\Local\{7826F1D1-8F28-4F4D-A319-63B0AC76A89C}
2012-07-01 17:14:26 -------- d-----w- C:\Users\Sara\AppData\Local\{0DCCA92B-AA9D-4B53-9A8D-BD223BD92981}
2012-07-01 17:14:15 -------- d-----w- C:\Users\Sara\AppData\Local\{764DE9D2-6D19-471C-A5CD-3E3C7ACC0BAD}
2012-07-01 02:54:39 -------- d-----w- C:\Users\Sara\AppData\Local\{5C146E8B-14AA-4D8F-B91F-3512175AF6B4}
2012-07-01 02:54:26 -------- d-----w- C:\Users\Sara\AppData\Local\{53143321-B642-40C2-BB50-9229E24019EE}
2012-06-30 14:54:01 -------- d-----w- C:\Users\Sara\AppData\Local\{15B529D2-BC9C-4076-BE2C-818F70098197}
2012-06-30 14:53:50 -------- d-----w- C:\Users\Sara\AppData\Local\{C84134B3-4DF3-4162-B08B-74679927F69A}
2012-06-30 02:53:24 -------- d-----w- C:\Users\Sara\AppData\Local\{9CCD17F3-C89D-4A00-BB48-F896C6059421}
2012-06-30 02:53:14 -------- d-----w- C:\Users\Sara\AppData\Local\{56E4FA0C-FDE4-4700-BAE2-2C9645108465}
2012-06-29 14:52:50 -------- d-----w- C:\Users\Sara\AppData\Local\{5257C3CF-A9A2-41CD-BA3A-912F1E8F24AC}
2012-06-29 14:52:39 -------- d-----w- C:\Users\Sara\AppData\Local\{0E267D62-B673-4112-94E0-BDBCB69FE3F2}
2012-06-29 01:29:13 -------- d-----w- C:\Users\Sara\AppData\Local\{082A2866-8461-4217-9CEB-B6FC1458591C}
2012-06-29 01:29:01 -------- d-----w- C:\Users\Sara\AppData\Local\{FB9739FA-1CB2-4563-A86D-78E4AB340CBE}
2012-06-28 13:28:36 -------- d-----w- C:\Users\Sara\AppData\Local\{E51B2C16-256A-408E-B4F5-47F1B2DA823B}
2012-06-28 13:28:25 -------- d-----w- C:\Users\Sara\AppData\Local\{C64ACD6D-4558-4871-848B-B3A3FE52B066}
2012-06-27 20:48:47 -------- d-----w- C:\Users\Sara\AppData\Local\{01224445-471D-4A8E-8D11-274082EA7594}
2012-06-27 20:48:37 -------- d-----w- C:\Users\Sara\AppData\Local\{C5B8999E-9A1C-4E8D-91C3-3F46B88D05B6}
2012-06-25 17:58:38 -------- d-----w- C:\Users\Sara\AppData\Local\{65FCB27D-6C0D-4243-A2FA-8A9BF1A761DA}
2012-06-24 18:00:11 -------- d-----w- C:\Users\Sara\AppData\Local\{45E284B4-8F6E-48C0-81F7-2CC11F7AC652}
2012-06-24 18:00:01 -------- d-----w- C:\Users\Sara\AppData\Local\{A26C9DAA-D517-44AF-BB1F-3D8240A83C59}
2012-06-24 03:51:43 -------- d-----w- C:\Users\Sara\AppData\Local\{2F7A95C3-15FA-49F5-9580-81735BC300E7}
2012-06-24 03:51:33 -------- d-----w- C:\Users\Sara\AppData\Local\{9799164E-5284-43F0-A471-25217397470B}
2012-06-22 03:36:05 -------- d-----w- C:\Users\Sara\AppData\Local\{92FDDA3A-1079-4278-8C48-3349E0089E70}
2012-06-22 03:35:55 -------- d-----w- C:\Users\Sara\AppData\Local\{3CDC4770-690C-481E-910A-224954F533F8}
2012-06-21 04:56:16 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-06-21 00:44:31 -------- d-----w- C:\Users\Sara\AppData\Local\{29DEE4F9-F4F8-4523-A85D-B4874C967A67}
2012-06-21 00:44:20 -------- d-----w- C:\Users\Sara\AppData\Local\{847E928B-B898-4585-ADA2-1313CFB0020D}
2012-06-21 00:20:13 -------- d-----w- C:\Users\Sara\AppData\Local\{98738CF4-3F11-4CDF-A53E-F1D98105F920}
2012-06-21 00:19:53 -------- d-----w- C:\Windows\en
2012-06-21 00:16:50 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-06-21 00:12:49 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-06-21 00:12:49 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-06-21 00:09:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DSETUP.dll
2012-06-21 00:09:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DXSETUP.exe
2012-06-21 00:09:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\dsetup32.dll
2012-06-21 00:09:12 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16740a301cd4f4204\MeshBetaRemover.exe
2012-06-21 00:08:51 -------- d-----w- C:\Users\Sara\AppData\Local\{6C4FDCCF-5F53-4AC4-B242-030A3A526D73}
2012-06-21 00:08:16 -------- d-----w- C:\Users\Sara\AppData\Local\{E26CAF40-A44D-4DE6-9713-FBE4915FCA51}
2012-06-21 00:08:05 -------- d-----w- C:\Users\Sara\AppData\Local\{6913831E-538D-4B53-8317-B17263EF45AE}
2012-06-20 23:31:40 -------- d-----w- C:\Users\Sara\AppData\Local\{EE887356-AB7A-41AD-B433-4878471C94D8}
2012-06-20 23:31:30 -------- d-----w- C:\Users\Sara\AppData\Local\{B1D969BF-4B07-4018-B4B8-622B363A6B04}
2012-06-20 19:09:37 -------- d-----w- C:\Users\Sara\AppData\Local\{91B7A935-CCDE-4C47-95D5-224836167B9D}
2012-06-20 19:09:26 -------- d-----w- C:\Users\Sara\AppData\Local\{9E2E8FBB-F652-4AA2-BB49-015B8E25D10A}
2012-06-20 13:49:46 -------- d-----w- C:\Users\Sara\AppData\Local\{4C83DF69-7A98-4E84-B892-E737748FE888}
2012-06-20 13:49:36 -------- d-----w- C:\Users\Sara\AppData\Local\{D0626347-24CD-4355-A317-E38A0808A32A}
2012-06-20 13:36:34 -------- d-----w- C:\Users\Sara\AppData\Local\{E0B7BBF2-CB10-4539-9432-7F5860FD4D88}
2012-06-20 13:36:24 -------- d-----w- C:\Users\Sara\AppData\Local\{20BA683C-20DF-4853-B161-C61D0855BC63}
2012-06-20 13:34:59 -------- d-----w- C:\Users\Sara\AppData\Local\{16804482-B561-4797-AF7C-E957620D602A}
2012-06-20 13:34:48 -------- d-----w- C:\Users\Sara\AppData\Local\{392F744E-D781-4438-8009-2E492AACA5E5}
2012-06-20 01:38:46 -------- d-----w- C:\Users\Sara\AppData\Local\{5B86E182-510D-4189-A4A8-B452FF9F7BA9}
2012-06-20 01:38:36 -------- d-----w- C:\Users\Sara\AppData\Local\{0C294998-962A-462C-8559-A363DBE8D1A8}
2012-06-20 00:31:12 -------- d-----w- C:\Users\Sara\AppData\Local\{50ECFA10-0D03-4BFD-BB42-2385D559EE95}
2012-06-20 00:30:51 -------- d-----w- C:\Users\Sara\AppData\Local\{8237D066-7B50-4272-AAF1-1705F134767B}
2012-06-19 12:27:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 12:26:51 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 12:26:31 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 12:26:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 00:42:02 -------- d-----w- C:\Users\Sara\AppData\Local\{309FAB49-3475-44B7-BCAA-019748069507}
.
==================== Find3M ====================
.
2012-07-15 19:20:35 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-16 17:13:55 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-16 17:13:55 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-19 00:39:10 43008 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-04-19 00:39:10 28672 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
.
============= FINISH: 13:43:44.74 ===============</pre>
<p> </p>
<p>Attach File:</p>
<p> </p>
<pre>
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/8/2011 7:08:39 PM
System Uptime: 7/17/2012 1:25:06 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | CM1630
Processor: AMD Phenom II X4 830 Processor | AM3 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 36.089 GiB free.
D: is FIXED (NTFS) - 409 GiB total, 365.829 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 917 GiB total, 266.391 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Deskjet F4500 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP125: 5/27/2012 10:00:41 AM - Windows Backup
RP126: 6/3/2012 10:00:44 AM - Windows Backup
RP127: 6/5/2012 12:48:22 AM - Windows Update
RP128: 6/11/2012 12:07:04 AM - Windows Backup
RP129: 6/13/2012 3:00:39 AM - Windows Update
RP130: 6/17/2012 6:58:25 PM - Windows Backup
RP131: 6/19/2012 7:25:54 AM - Windows Update
RP132: 6/20/2012 7:09:30 PM - Windows Live Essentials
RP133: 6/20/2012 7:10:40 PM - Windows Update
RP134: 6/20/2012 7:11:58 PM - Windows Update
RP135: 6/20/2012 7:13:10 PM - Installed DirectX
RP136: 6/20/2012 7:14:14 PM - Installed DirectX
RP137: 6/20/2012 7:15:48 PM - WLSetup
RP138: 6/20/2012 11:52:29 PM - Windows Update
RP139: 6/22/2012 12:19:48 AM - Windows Update
RP140: 6/24/2012 10:00:40 AM - Windows Backup
RP141: 7/1/2012 10:00:41 AM - Windows Backup
RP142: 7/8/2012 10:00:41 AM - Windows Backup
RP143: 7/12/2012 3:01:00 AM - Windows Update
RP144: 7/15/2012 10:00:38 AM - Windows Backup
RP145: 7/15/2012 2:19:28 PM - Installed Java 6 Update 33
RP146: 7/16/2012 7:16:06 AM - Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 9
Adobe Premiere Elements 9 Content
Adobe Premiere Elements 9 Content 1
Adobe Premiere Elements 9 Content 2
Adobe Premiere Elements 9 Content 3
Adobe Premiere Elements 9 HD Content 1
Adobe Premiere Elements 9 HD Content 2
Adobe Premiere Elements 9 HD Content 3
Adobe Reader X (10.1.3)
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
AVerMedia C038 USB Capture Card 2.0.64.124
Azurewave Wireless LAN Card
Bing Bar
BufferChm
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Copy
Core FTP LE 2.1
Coupon Printer for Windows
D3DX10
DesignPro 5
Destinations
DeviceDiscovery
DHTML Menu Builder LITE 4.20
DJ_AIO_06_F4500_SW_MIN
Elements 9 Organizer
Elements STI Installer
F4500
Family Tree Maker
Firebird SQL Server - MAGIX Edition
GIMP 2.6.7
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
iCamSource
iClone v4.2 EX
J2SE Runtime Environment 5.0
Jalbum
Java Auto Updater
Java 6 Update 33
Junk Mail filter update
Logitech Vid HD
MAGIX Movie Edit Pro 17 Plus
MAGIX Screenshare
MAGIX Speed burnR (MSI)
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Memorex exPressit Label Design Studio
Mesh Runtime
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Money 99
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Picture It! Photo 2001
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox (3.5.8)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.1
PE-DESIGN Ver.6
PhotoScape
Player
PrimoPDF -- by Nitro PDF Software
proDAD Heroglyph 2.5
QuickTime
Ralink RT2860 Wireless LAN Card
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Segoe UI
Shockwave
Skype Toolbars
Skype™ 5.5
SmartSound Quicktracks for Premiere Elements 9.0
SmartWebPrinting
SolutionCenter
Status
The Logo Creator v5.2
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/17/2012 1:32:07 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/17/2012 1:26:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/16/2012 3:32:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2012 3:07:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
7/16/2012 3:07:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/16/2012 3:06:27 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2012 3:04:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2012 3:04:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/16/2012 3:04:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/16/2012 3:04:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/16/2012 3:04:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/16/2012 3:04:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6
7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================</pre>
-
Hi Maniac,
I appreciate the quick response. I ran Chamellion and forgot I had disabled the network adapter so it didn't update. The database was a few days old. I dealt with the items found in the scan and rebooted. When the system came back up I got the Live Platinum popup and an AVG threat warning. I ran the follow up Malwarebytes scan and it returned 8 Lameshield entries. (Still have the Live Premium logo on the start menu.)
This is the log from the Chamellion scan:
Malwarebytes Anti-Malware 1.62.0.1300
Database version: v2012.07.15.09
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Sara :: ASUS [administrator]
7/17/2012 6:45:37 AM
mbam-log-2012-07-17 (06-45-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231164
Time elapsed: 20 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.Lameshield) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|7531E8D900098AE70000D6AC4F147CE7 (Trojan.Lameshield) -> Data: C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7\7531E8D900098AE70000D6AC4F147CE7.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7\7531E8D900098AE70000D6AC4F147CE7.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Sara\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
(end)
This is the scan after reboot:
Malwarebytes Anti-Malware 1.62.0.1300
Database version: v2012.07.15.09
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Sara :: ASUS [administrator]
7/17/2012 7:19:50 AM
mbam-log-2012-07-17 (07-19-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231939
Time elapsed: 11 minute(s), 47 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
C:\Users\Sara\Local Settings\pmekmeju.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Sara\Local Settings\vduaonqq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Sara\Local Settings\Application Data\pmekmeju.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Sara\Local Settings\Application Data\vduaonqq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Sara\Local Settings\Temporary Internet Files\Content.IE5\1IRBW8UE\3[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Sara\Local Settings\Temporary Internet Files\Content.IE5\92BI1HPU\3[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Sara\Local Settings\Temporary Internet Files\Content.IE5\EX9GIU86\3[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\Sara\Local Settings\Temporary Internet Files\Content.IE5\U5G7TBF2\3[1].exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
(end)
And the DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Sara at 8:01:20 on 2012-07-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.3858 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE
svchost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
svchost.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Reminder] C:\Program Files (x86)\Microsoft Money\System\reminder.exe
uRun: [qpoldxhl] "C:\Users\Sara\AppData\Local\ocgfaird.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
StartupFolder: C:\Users\Sara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.152.150.23
TCP: Interfaces\{78D9DFA9-5386-4DB3-870B-618C3135BF2A} : DhcpNameServer = 192.168.0.1 205.152.150.23
TCP: Interfaces\{C143592C-058E-4235-80CD-E44433F6309B} : DhcpNameServer = 192.168.0.1 205.152.150.23
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\fqjoyoq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3b184843-5d42-46a0-8b97-b21bab08da36%7D&mid=19ff6163de629b4225c61949b692bf72-9198bf7217863c0dde19be5c2ffe30aefa6055b0&ds=AVG&v=10.2.0.3〈=us&pr=fr&d=2011-12-12%2008%3A31%3A13&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npoji610.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Sara\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-6-10 232960]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176]
S3 AVerFx2hbtv64;AVerMedia C038 USB Capture Card;C:\Windows\system32\drivers\AVerFx2hbtv64.sys --> C:\Windows\system32\drivers\AVerFx2hbtv64.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-7 167264]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-17 12:55:31 -------- d-----w- C:\Users\Sara\AppData\Local\{4CE40726-3B96-48CE-A593-2F7F0F178436}
2012-07-17 12:55:20 -------- d-----w- C:\Users\Sara\AppData\Local\{8DA62B74-19D7-44B9-B780-935003FF3715}
2012-07-17 12:28:41 413696 ----a-w- C:\Users\Sara\AppData\Local\uebgxbsa.exe
2012-07-17 12:26:36 409600 ----a-w- C:\Users\Sara\AppData\Local\xvtphaqj.exe
2012-07-16 14:30:43 -------- d-----w- C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7
2012-07-16 12:21:14 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-07-16 12:21:11 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-07-16 12:13:01 -------- d-----w- C:\AMD
2012-07-16 03:41:24 -------- d-----w- C:\Users\Sara\AppData\Local\{CCADBCF8-3D91-4330-91EC-0B0D19D6F120}
2012-07-16 03:41:13 -------- d-----w- C:\Users\Sara\AppData\Local\{32E133F1-23B7-499E-AE37-E202CFBCC82F}
2012-07-15 23:02:43 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-07-15 19:20:45 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-15 16:47:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-07-15 16:47:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-15 16:47:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-15 14:22:44 -------- d-----w- C:\Users\Sara\AppData\Local\{52E43F87-CA20-4E7F-812C-4BEB75343430}
2012-07-15 14:22:33 -------- d-----w- C:\Users\Sara\AppData\Local\{D75AF7B4-29A4-412E-8D67-3C6BD88E9E96}
2012-07-15 13:17:30 -------- d-----w- C:\Users\Sara\AppData\Local\{E47B790A-F14F-4130-874A-1D770C065414}
2012-07-14 20:05:21 61952 ----a-w- C:\Users\Sara\AppData\Local\ocgfaird.exe
2012-07-14 20:01:00 -------- d-----w- C:\Users\Sara\AppData\Local\{E2BFCECF-6C7E-4E2F-9F14-7AB84A0619D2}
2012-07-14 20:00:50 -------- d-----w- C:\Users\Sara\AppData\Local\{82942619-D514-4494-BD08-9799185E3F43}
2012-07-14 16:58:58 -------- d-----w- C:\Users\Sara\AppData\Local\{B754518E-63D3-4313-85A3-C44AF6C3BEA5}
2012-07-14 04:45:34 -------- d-----w- C:\Users\Sara\AppData\Local\{FBDB1AFA-6326-45CD-8DFB-45E4D9358DF3}
2012-07-14 04:45:24 -------- d-----w- C:\Users\Sara\AppData\Local\{B617FC7D-976C-4FD1-A4B7-E17C8DCAEE6D}
2012-07-13 15:58:08 -------- d-----w- C:\Users\Sara\AppData\Local\{1C120FDC-075E-46AF-9DA1-A2D00E9A3A6E}
2012-07-13 15:57:57 -------- d-----w- C:\Users\Sara\AppData\Local\{C2958700-502A-4C18-9FA3-A5FA1DB12B19}
2012-07-12 12:23:05 -------- d-----w- C:\Users\Sara\AppData\Local\{72997D22-D5BB-48CB-8F52-2D0F45B9551B}
2012-07-12 12:22:55 -------- d-----w- C:\Users\Sara\AppData\Local\{A12A17AE-3972-4480-B74F-4944E58AA86F}
2012-07-12 08:08:51 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 18:04:21 -------- d-----w- C:\Users\Sara\AppData\Local\{77917A02-458E-4014-B301-5F60BF966079}
2012-07-11 18:04:10 -------- d-----w- C:\Users\Sara\AppData\Local\{FD0E399B-CAE2-4759-BC25-EA0CCB051E71}
2012-07-11 04:05:08 -------- d-----w- C:\Users\Sara\AppData\Local\{538424CD-A4BC-41A3-8BAC-4930CBD9DE8A}
2012-07-11 04:04:58 -------- d-----w- C:\Users\Sara\AppData\Local\{9813F948-775E-4ABF-B584-B2366D4694F8}
2012-07-11 04:04:48 -------- d-----w- C:\Users\Sara\AppData\Local\{193F5D9A-EC4F-4585-836F-29BDDAE2963B}
2012-07-11 04:04:39 -------- d-----w- C:\Users\Sara\AppData\Local\{65DE554B-377F-4E2A-932E-D896F83AB2DE}
2012-07-10 16:04:13 -------- d-----w- C:\Users\Sara\AppData\Local\{1E12A7E4-7F43-41A2-A780-2A6B0C7DD6A9}
2012-07-10 16:04:02 -------- d-----w- C:\Users\Sara\AppData\Local\{843A6550-F2E0-42EE-A0A0-A3E38AE07CEE}
2012-07-10 03:03:25 -------- d-----w- C:\Users\Sara\AppData\Local\{DC68B9A5-0D51-4B53-997C-AEE8E19EBC8D}
2012-07-10 03:03:14 -------- d-----w- C:\Users\Sara\AppData\Local\{1975ED80-5014-44B8-AB34-B9ABCBDCD108}
2012-07-09 15:02:49 -------- d-----w- C:\Users\Sara\AppData\Local\{BA78413B-E566-44B7-974D-772C11EFC0D2}
2012-07-09 15:02:38 -------- d-----w- C:\Users\Sara\AppData\Local\{31789416-A555-49E5-97ED-F8F15D885D02}
2012-07-09 03:02:14 -------- d-----w- C:\Users\Sara\AppData\Local\{872BC85E-D14A-4187-AA1A-8A66C7E719F2}
2012-07-09 03:02:03 -------- d-----w- C:\Users\Sara\AppData\Local\{C821CA4F-540D-417C-B99C-08DD2AA44BC5}
2012-07-09 03:01:34 -------- d-----w- C:\Users\Sara\AppData\Local\{7C56B39E-BCAC-4EF1-A4A1-5918BC63D214}
2012-07-09 03:01:24 -------- d-----w- C:\Users\Sara\AppData\Local\{503D5374-74AA-4CFA-A1E3-013CF6F56130}
2012-07-08 13:28:08 -------- d-----w- C:\Users\Sara\AppData\Local\{3F71C7DD-AE6A-493A-8205-B0F3C78331A8}
2012-07-08 13:27:57 -------- d-----w- C:\Users\Sara\AppData\Local\{EC6ECB1C-F941-4085-98D3-37824DDDDD7C}
2012-07-07 14:46:48 -------- d-----w- C:\Users\Sara\AppData\Local\{5D27EE36-259D-4A58-9F7A-FFDF4F18FD44}
2012-07-07 14:46:37 -------- d-----w- C:\Users\Sara\AppData\Local\{8269E605-50F8-4D47-B9E5-B91AC9C03534}
2012-07-06 15:50:25 -------- d-----w- C:\Users\Sara\AppData\Local\{BFCF14CD-06EF-4939-AFB7-BFD52C531165}
2012-07-06 15:50:15 -------- d-----w- C:\Users\Sara\AppData\Local\{A2877668-0B93-4E09-B06E-CEC64CEED829}
2012-07-06 01:49:54 -------- d-----w- C:\Users\Sara\AppData\Local\{4481BD06-B1EF-47F6-B744-0A60E3F254B3}
2012-07-06 01:49:42 -------- d-----w- C:\Users\Sara\AppData\Local\{AB0EF8B3-9F2C-43EB-8DE9-CD0493A53D35}
2012-07-05 13:11:06 -------- d-----w- C:\Users\Sara\AppData\Local\{1C737D3C-D2BB-4D30-90DF-45F1FD9E242F}
2012-07-05 13:10:56 -------- d-----w- C:\Users\Sara\AppData\Local\{B4D312C6-4837-43C3-82C8-EA572A9D710E}
2012-07-05 00:47:00 -------- d-----w- C:\Users\Sara\AppData\Local\{F8476180-53FC-4AAC-8FDD-E2F372F6B674}
2012-07-05 00:46:50 -------- d-----w- C:\Users\Sara\AppData\Local\{8AEC27F4-92B2-4B5B-8B2B-7BF890817C43}
2012-07-04 12:33:56 -------- d-----w- C:\Users\Sara\AppData\Local\{36094192-FA40-405B-A573-1CEC2952FAC9}
2012-07-04 12:33:45 -------- d-----w- C:\Users\Sara\AppData\Local\{95A0C8B3-6E45-42CC-B7F4-244C059C33E8}
2012-07-04 07:32:22 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-04 07:32:06 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-04 07:32:02 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-04 07:31:54 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-04 07:31:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-04 07:31:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-04 07:30:58 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-04 07:30:12 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-04 07:30:08 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll
2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-04 00:33:21 -------- d-----w- C:\Users\Sara\AppData\Local\{872769DF-1880-4A8B-A39C-5F50D5F0FF83}
2012-07-04 00:33:11 -------- d-----w- C:\Users\Sara\AppData\Local\{C11962BB-E315-4763-90A1-598AAE0B7165}
2012-07-03 12:32:46 -------- d-----w- C:\Users\Sara\AppData\Local\{601D5921-0CDA-4F8E-B1BA-987ECB56A733}
2012-07-03 12:32:35 -------- d-----w- C:\Users\Sara\AppData\Local\{D85F4635-EB06-4E1E-A637-C4D4A96889E4}
2012-07-02 20:07:05 -------- d-----w- C:\Users\Sara\AppData\Local\{584059B9-F1CF-46A1-AA78-A3CC9F97F0C0}
2012-07-02 20:06:54 -------- d-----w- C:\Users\Sara\AppData\Local\{77768300-7C70-4380-B292-B6D412171A45}
2012-07-02 05:42:40 -------- d-----w- C:\Users\Sara\AppData\Local\{54284725-398D-4509-B558-A8E3B198C12B}
2012-07-02 05:42:29 -------- d-----w- C:\Users\Sara\AppData\Local\{7826F1D1-8F28-4F4D-A319-63B0AC76A89C}
2012-07-01 17:14:26 -------- d-----w- C:\Users\Sara\AppData\Local\{0DCCA92B-AA9D-4B53-9A8D-BD223BD92981}
2012-07-01 17:14:15 -------- d-----w- C:\Users\Sara\AppData\Local\{764DE9D2-6D19-471C-A5CD-3E3C7ACC0BAD}
2012-07-01 02:54:39 -------- d-----w- C:\Users\Sara\AppData\Local\{5C146E8B-14AA-4D8F-B91F-3512175AF6B4}
2012-07-01 02:54:26 -------- d-----w- C:\Users\Sara\AppData\Local\{53143321-B642-40C2-BB50-9229E24019EE}
2012-06-30 14:54:01 -------- d-----w- C:\Users\Sara\AppData\Local\{15B529D2-BC9C-4076-BE2C-818F70098197}
2012-06-30 14:53:50 -------- d-----w- C:\Users\Sara\AppData\Local\{C84134B3-4DF3-4162-B08B-74679927F69A}
2012-06-30 02:53:24 -------- d-----w- C:\Users\Sara\AppData\Local\{9CCD17F3-C89D-4A00-BB48-F896C6059421}
2012-06-30 02:53:14 -------- d-----w- C:\Users\Sara\AppData\Local\{56E4FA0C-FDE4-4700-BAE2-2C9645108465}
2012-06-29 14:52:50 -------- d-----w- C:\Users\Sara\AppData\Local\{5257C3CF-A9A2-41CD-BA3A-912F1E8F24AC}
2012-06-29 14:52:39 -------- d-----w- C:\Users\Sara\AppData\Local\{0E267D62-B673-4112-94E0-BDBCB69FE3F2}
2012-06-29 01:29:13 -------- d-----w- C:\Users\Sara\AppData\Local\{082A2866-8461-4217-9CEB-B6FC1458591C}
2012-06-29 01:29:01 -------- d-----w- C:\Users\Sara\AppData\Local\{FB9739FA-1CB2-4563-A86D-78E4AB340CBE}
2012-06-28 13:28:36 -------- d-----w- C:\Users\Sara\AppData\Local\{E51B2C16-256A-408E-B4F5-47F1B2DA823B}
2012-06-28 13:28:25 -------- d-----w- C:\Users\Sara\AppData\Local\{C64ACD6D-4558-4871-848B-B3A3FE52B066}
2012-06-27 20:48:47 -------- d-----w- C:\Users\Sara\AppData\Local\{01224445-471D-4A8E-8D11-274082EA7594}
2012-06-27 20:48:37 -------- d-----w- C:\Users\Sara\AppData\Local\{C5B8999E-9A1C-4E8D-91C3-3F46B88D05B6}
2012-06-25 17:58:38 -------- d-----w- C:\Users\Sara\AppData\Local\{65FCB27D-6C0D-4243-A2FA-8A9BF1A761DA}
2012-06-24 18:00:11 -------- d-----w- C:\Users\Sara\AppData\Local\{45E284B4-8F6E-48C0-81F7-2CC11F7AC652}
2012-06-24 18:00:01 -------- d-----w- C:\Users\Sara\AppData\Local\{A26C9DAA-D517-44AF-BB1F-3D8240A83C59}
2012-06-24 03:51:43 -------- d-----w- C:\Users\Sara\AppData\Local\{2F7A95C3-15FA-49F5-9580-81735BC300E7}
2012-06-24 03:51:33 -------- d-----w- C:\Users\Sara\AppData\Local\{9799164E-5284-43F0-A471-25217397470B}
2012-06-22 03:36:05 -------- d-----w- C:\Users\Sara\AppData\Local\{92FDDA3A-1079-4278-8C48-3349E0089E70}
2012-06-22 03:35:55 -------- d-----w- C:\Users\Sara\AppData\Local\{3CDC4770-690C-481E-910A-224954F533F8}
2012-06-21 04:56:16 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-06-21 00:44:31 -------- d-----w- C:\Users\Sara\AppData\Local\{29DEE4F9-F4F8-4523-A85D-B4874C967A67}
2012-06-21 00:44:20 -------- d-----w- C:\Users\Sara\AppData\Local\{847E928B-B898-4585-ADA2-1313CFB0020D}
2012-06-21 00:20:13 -------- d-----w- C:\Users\Sara\AppData\Local\{98738CF4-3F11-4CDF-A53E-F1D98105F920}
2012-06-21 00:19:53 -------- d-----w- C:\Windows\en
2012-06-21 00:16:50 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-06-21 00:12:49 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-06-21 00:12:49 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-06-21 00:09:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DSETUP.dll
2012-06-21 00:09:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DXSETUP.exe
2012-06-21 00:09:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\dsetup32.dll
2012-06-21 00:09:12 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16740a301cd4f4204\MeshBetaRemover.exe
2012-06-21 00:08:51 -------- d-----w- C:\Users\Sara\AppData\Local\{6C4FDCCF-5F53-4AC4-B242-030A3A526D73}
2012-06-21 00:08:16 -------- d-----w- C:\Users\Sara\AppData\Local\{E26CAF40-A44D-4DE6-9713-FBE4915FCA51}
2012-06-21 00:08:05 -------- d-----w- C:\Users\Sara\AppData\Local\{6913831E-538D-4B53-8317-B17263EF45AE}
2012-06-20 23:31:40 -------- d-----w- C:\Users\Sara\AppData\Local\{EE887356-AB7A-41AD-B433-4878471C94D8}
2012-06-20 23:31:30 -------- d-----w- C:\Users\Sara\AppData\Local\{B1D969BF-4B07-4018-B4B8-622B363A6B04}
2012-06-20 19:09:37 -------- d-----w- C:\Users\Sara\AppData\Local\{91B7A935-CCDE-4C47-95D5-224836167B9D}
2012-06-20 19:09:26 -------- d-----w- C:\Users\Sara\AppData\Local\{9E2E8FBB-F652-4AA2-BB49-015B8E25D10A}
2012-06-20 13:49:46 -------- d-----w- C:\Users\Sara\AppData\Local\{4C83DF69-7A98-4E84-B892-E737748FE888}
2012-06-20 13:49:36 -------- d-----w- C:\Users\Sara\AppData\Local\{D0626347-24CD-4355-A317-E38A0808A32A}
2012-06-20 13:36:34 -------- d-----w- C:\Users\Sara\AppData\Local\{E0B7BBF2-CB10-4539-9432-7F5860FD4D88}
2012-06-20 13:36:24 -------- d-----w- C:\Users\Sara\AppData\Local\{20BA683C-20DF-4853-B161-C61D0855BC63}
2012-06-20 13:34:59 -------- d-----w- C:\Users\Sara\AppData\Local\{16804482-B561-4797-AF7C-E957620D602A}
2012-06-20 13:34:48 -------- d-----w- C:\Users\Sara\AppData\Local\{392F744E-D781-4438-8009-2E492AACA5E5}
2012-06-20 01:38:46 -------- d-----w- C:\Users\Sara\AppData\Local\{5B86E182-510D-4189-A4A8-B452FF9F7BA9}
2012-06-20 01:38:36 -------- d-----w- C:\Users\Sara\AppData\Local\{0C294998-962A-462C-8559-A363DBE8D1A8}
2012-06-20 00:31:12 -------- d-----w- C:\Users\Sara\AppData\Local\{50ECFA10-0D03-4BFD-BB42-2385D559EE95}
2012-06-20 00:30:51 -------- d-----w- C:\Users\Sara\AppData\Local\{8237D066-7B50-4272-AAF1-1705F134767B}
2012-06-19 12:27:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 12:26:51 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 12:26:31 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 12:26:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 00:42:02 -------- d-----w- C:\Users\Sara\AppData\Local\{309FAB49-3475-44B7-BCAA-019748069507}
.
==================== Find3M ====================
.
2012-07-15 19:20:35 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-16 17:13:55 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-16 17:13:55 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-19 00:39:10 43008 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-04-19 00:39:10 28672 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
.
============= FINISH: 8:02:04.93 ===============
-
We received the USPS email, but neither my wife nor I opened it, (just saw it in preview). We got AVG threat warnings about lameshield-cleaned with AVG, got another alert- opened Malwarebytes and cleaned up. Now Live Security Platinum has installed itself and we have a mess. Help!
DDS and Attach files attached.
-
Hit enter before I was finished. Here are my logs.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Sara at 10:11:19 on 2012-07-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.5207 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Reminder] C:\Program Files (x86)\Microsoft Money\System\reminder.exe
uRun: [qpoldxhl] "C:\Users\Sara\AppData\Local\ocgfaird.exe"
uRunOnce: [7531E8D900098AE70000D6AC4F147CE7] C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7\7531E8D900098AE70000D6AC4F147CE7.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
StartupFolder: C:\Users\Sara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.152.150.23
TCP: Interfaces\{78D9DFA9-5386-4DB3-870B-618C3135BF2A} : DhcpNameServer = 192.168.0.1 205.152.150.23
TCP: Interfaces\{C143592C-058E-4235-80CD-E44433F6309B} : DhcpNameServer = 192.168.0.1 205.152.150.23
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\fqjoyoq8.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3b184843-5d42-46a0-8b97-b21bab08da36%7D&mid=19ff6163de629b4225c61949b692bf72-9198bf7217863c0dde19be5c2ffe30aefa6055b0&ds=AVG&v=10.2.0.3〈=us&pr=fr&d=2011-12-12%2008%3A31%3A13&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_33.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npoji610.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Sara\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Sara\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-6-10 232960]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 AVerFx2hbtv64;AVerMedia C038 USB Capture Card;C:\Windows\system32\drivers\AVerFx2hbtv64.sys --> C:\Windows\system32\drivers\AVerFx2hbtv64.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-7 167264]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-26 136176]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-16 14:30:43 -------- d-----w- C:\ProgramData\7531E8D900098AE70000D6AC4F147CE7
2012-07-16 12:21:14 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-07-16 12:21:11 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-07-16 12:13:01 -------- d-----w- C:\AMD
2012-07-16 03:41:24 -------- d-----w- C:\Users\Sara\AppData\Local\{CCADBCF8-3D91-4330-91EC-0B0D19D6F120}
2012-07-16 03:41:13 -------- d-----w- C:\Users\Sara\AppData\Local\{32E133F1-23B7-499E-AE37-E202CFBCC82F}
2012-07-15 23:02:43 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-07-15 19:20:45 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-15 16:47:41 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-07-15 16:47:38 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-15 16:47:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-15 14:22:44 -------- d-----w- C:\Users\Sara\AppData\Local\{52E43F87-CA20-4E7F-812C-4BEB75343430}
2012-07-15 14:22:33 -------- d-----w- C:\Users\Sara\AppData\Local\{D75AF7B4-29A4-412E-8D67-3C6BD88E9E96}
2012-07-15 13:17:30 -------- d-----w- C:\Users\Sara\AppData\Local\{E47B790A-F14F-4130-874A-1D770C065414}
2012-07-14 20:05:21 61952 ----a-w- C:\Users\Sara\AppData\Local\ocgfaird.exe
2012-07-14 20:01:00 -------- d-----w- C:\Users\Sara\AppData\Local\{E2BFCECF-6C7E-4E2F-9F14-7AB84A0619D2}
2012-07-14 20:00:50 -------- d-----w- C:\Users\Sara\AppData\Local\{82942619-D514-4494-BD08-9799185E3F43}
2012-07-14 16:58:58 -------- d-----w- C:\Users\Sara\AppData\Local\{B754518E-63D3-4313-85A3-C44AF6C3BEA5}
2012-07-14 04:45:34 -------- d-----w- C:\Users\Sara\AppData\Local\{FBDB1AFA-6326-45CD-8DFB-45E4D9358DF3}
2012-07-14 04:45:24 -------- d-----w- C:\Users\Sara\AppData\Local\{B617FC7D-976C-4FD1-A4B7-E17C8DCAEE6D}
2012-07-13 15:58:08 -------- d-----w- C:\Users\Sara\AppData\Local\{1C120FDC-075E-46AF-9DA1-A2D00E9A3A6E}
2012-07-13 15:57:57 -------- d-----w- C:\Users\Sara\AppData\Local\{C2958700-502A-4C18-9FA3-A5FA1DB12B19}
2012-07-12 12:23:05 -------- d-----w- C:\Users\Sara\AppData\Local\{72997D22-D5BB-48CB-8F52-2D0F45B9551B}
2012-07-12 12:22:55 -------- d-----w- C:\Users\Sara\AppData\Local\{A12A17AE-3972-4480-B74F-4944E58AA86F}
2012-07-12 08:08:51 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 18:04:21 -------- d-----w- C:\Users\Sara\AppData\Local\{77917A02-458E-4014-B301-5F60BF966079}
2012-07-11 18:04:10 -------- d-----w- C:\Users\Sara\AppData\Local\{FD0E399B-CAE2-4759-BC25-EA0CCB051E71}
2012-07-11 04:05:08 -------- d-----w- C:\Users\Sara\AppData\Local\{538424CD-A4BC-41A3-8BAC-4930CBD9DE8A}
2012-07-11 04:04:58 -------- d-----w- C:\Users\Sara\AppData\Local\{9813F948-775E-4ABF-B584-B2366D4694F8}
2012-07-11 04:04:48 -------- d-----w- C:\Users\Sara\AppData\Local\{193F5D9A-EC4F-4585-836F-29BDDAE2963B}
2012-07-11 04:04:39 -------- d-----w- C:\Users\Sara\AppData\Local\{65DE554B-377F-4E2A-932E-D896F83AB2DE}
2012-07-10 16:04:13 -------- d-----w- C:\Users\Sara\AppData\Local\{1E12A7E4-7F43-41A2-A780-2A6B0C7DD6A9}
2012-07-10 16:04:02 -------- d-----w- C:\Users\Sara\AppData\Local\{843A6550-F2E0-42EE-A0A0-A3E38AE07CEE}
2012-07-10 03:03:25 -------- d-----w- C:\Users\Sara\AppData\Local\{DC68B9A5-0D51-4B53-997C-AEE8E19EBC8D}
2012-07-10 03:03:14 -------- d-----w- C:\Users\Sara\AppData\Local\{1975ED80-5014-44B8-AB34-B9ABCBDCD108}
2012-07-09 15:02:49 -------- d-----w- C:\Users\Sara\AppData\Local\{BA78413B-E566-44B7-974D-772C11EFC0D2}
2012-07-09 15:02:38 -------- d-----w- C:\Users\Sara\AppData\Local\{31789416-A555-49E5-97ED-F8F15D885D02}
2012-07-09 03:02:14 -------- d-----w- C:\Users\Sara\AppData\Local\{872BC85E-D14A-4187-AA1A-8A66C7E719F2}
2012-07-09 03:02:03 -------- d-----w- C:\Users\Sara\AppData\Local\{C821CA4F-540D-417C-B99C-08DD2AA44BC5}
2012-07-09 03:01:34 -------- d-----w- C:\Users\Sara\AppData\Local\{7C56B39E-BCAC-4EF1-A4A1-5918BC63D214}
2012-07-09 03:01:24 -------- d-----w- C:\Users\Sara\AppData\Local\{503D5374-74AA-4CFA-A1E3-013CF6F56130}
2012-07-08 13:28:08 -------- d-----w- C:\Users\Sara\AppData\Local\{3F71C7DD-AE6A-493A-8205-B0F3C78331A8}
2012-07-08 13:27:57 -------- d-----w- C:\Users\Sara\AppData\Local\{EC6ECB1C-F941-4085-98D3-37824DDDDD7C}
2012-07-07 14:46:48 -------- d-----w- C:\Users\Sara\AppData\Local\{5D27EE36-259D-4A58-9F7A-FFDF4F18FD44}
2012-07-07 14:46:37 -------- d-----w- C:\Users\Sara\AppData\Local\{8269E605-50F8-4D47-B9E5-B91AC9C03534}
2012-07-06 15:50:25 -------- d-----w- C:\Users\Sara\AppData\Local\{BFCF14CD-06EF-4939-AFB7-BFD52C531165}
2012-07-06 15:50:15 -------- d-----w- C:\Users\Sara\AppData\Local\{A2877668-0B93-4E09-B06E-CEC64CEED829}
2012-07-06 01:49:54 -------- d-----w- C:\Users\Sara\AppData\Local\{4481BD06-B1EF-47F6-B744-0A60E3F254B3}
2012-07-06 01:49:42 -------- d-----w- C:\Users\Sara\AppData\Local\{AB0EF8B3-9F2C-43EB-8DE9-CD0493A53D35}
2012-07-05 13:11:06 -------- d-----w- C:\Users\Sara\AppData\Local\{1C737D3C-D2BB-4D30-90DF-45F1FD9E242F}
2012-07-05 13:10:56 -------- d-----w- C:\Users\Sara\AppData\Local\{B4D312C6-4837-43C3-82C8-EA572A9D710E}
2012-07-05 00:47:00 -------- d-----w- C:\Users\Sara\AppData\Local\{F8476180-53FC-4AAC-8FDD-E2F372F6B674}
2012-07-05 00:46:50 -------- d-----w- C:\Users\Sara\AppData\Local\{8AEC27F4-92B2-4B5B-8B2B-7BF890817C43}
2012-07-04 12:33:56 -------- d-----w- C:\Users\Sara\AppData\Local\{36094192-FA40-405B-A573-1CEC2952FAC9}
2012-07-04 12:33:45 -------- d-----w- C:\Users\Sara\AppData\Local\{95A0C8B3-6E45-42CC-B7F4-244C059C33E8}
2012-07-04 07:32:22 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-04 07:32:06 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-04 07:32:02 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-04 07:31:54 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-04 07:31:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-04 07:31:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-04 07:30:58 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-04 07:30:12 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-04 07:30:08 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll
2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll
2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-07-04 00:33:21 -------- d-----w- C:\Users\Sara\AppData\Local\{872769DF-1880-4A8B-A39C-5F50D5F0FF83}
2012-07-04 00:33:11 -------- d-----w- C:\Users\Sara\AppData\Local\{C11962BB-E315-4763-90A1-598AAE0B7165}
2012-07-03 12:32:46 -------- d-----w- C:\Users\Sara\AppData\Local\{601D5921-0CDA-4F8E-B1BA-987ECB56A733}
2012-07-03 12:32:35 -------- d-----w- C:\Users\Sara\AppData\Local\{D85F4635-EB06-4E1E-A637-C4D4A96889E4}
2012-07-02 20:07:05 -------- d-----w- C:\Users\Sara\AppData\Local\{584059B9-F1CF-46A1-AA78-A3CC9F97F0C0}
2012-07-02 20:06:54 -------- d-----w- C:\Users\Sara\AppData\Local\{77768300-7C70-4380-B292-B6D412171A45}
2012-07-02 05:42:40 -------- d-----w- C:\Users\Sara\AppData\Local\{54284725-398D-4509-B558-A8E3B198C12B}
2012-07-02 05:42:29 -------- d-----w- C:\Users\Sara\AppData\Local\{7826F1D1-8F28-4F4D-A319-63B0AC76A89C}
2012-07-01 17:14:26 -------- d-----w- C:\Users\Sara\AppData\Local\{0DCCA92B-AA9D-4B53-9A8D-BD223BD92981}
2012-07-01 17:14:15 -------- d-----w- C:\Users\Sara\AppData\Local\{764DE9D2-6D19-471C-A5CD-3E3C7ACC0BAD}
2012-07-01 02:54:39 -------- d-----w- C:\Users\Sara\AppData\Local\{5C146E8B-14AA-4D8F-B91F-3512175AF6B4}
2012-07-01 02:54:26 -------- d-----w- C:\Users\Sara\AppData\Local\{53143321-B642-40C2-BB50-9229E24019EE}
2012-06-30 14:54:01 -------- d-----w- C:\Users\Sara\AppData\Local\{15B529D2-BC9C-4076-BE2C-818F70098197}
2012-06-30 14:53:50 -------- d-----w- C:\Users\Sara\AppData\Local\{C84134B3-4DF3-4162-B08B-74679927F69A}
2012-06-30 02:53:24 -------- d-----w- C:\Users\Sara\AppData\Local\{9CCD17F3-C89D-4A00-BB48-F896C6059421}
2012-06-30 02:53:14 -------- d-----w- C:\Users\Sara\AppData\Local\{56E4FA0C-FDE4-4700-BAE2-2C9645108465}
2012-06-29 14:52:50 -------- d-----w- C:\Users\Sara\AppData\Local\{5257C3CF-A9A2-41CD-BA3A-912F1E8F24AC}
2012-06-29 14:52:39 -------- d-----w- C:\Users\Sara\AppData\Local\{0E267D62-B673-4112-94E0-BDBCB69FE3F2}
2012-06-29 01:29:13 -------- d-----w- C:\Users\Sara\AppData\Local\{082A2866-8461-4217-9CEB-B6FC1458591C}
2012-06-29 01:29:01 -------- d-----w- C:\Users\Sara\AppData\Local\{FB9739FA-1CB2-4563-A86D-78E4AB340CBE}
2012-06-28 13:28:36 -------- d-----w- C:\Users\Sara\AppData\Local\{E51B2C16-256A-408E-B4F5-47F1B2DA823B}
2012-06-28 13:28:25 -------- d-----w- C:\Users\Sara\AppData\Local\{C64ACD6D-4558-4871-848B-B3A3FE52B066}
2012-06-27 20:48:47 -------- d-----w- C:\Users\Sara\AppData\Local\{01224445-471D-4A8E-8D11-274082EA7594}
2012-06-27 20:48:37 -------- d-----w- C:\Users\Sara\AppData\Local\{C5B8999E-9A1C-4E8D-91C3-3F46B88D05B6}
2012-06-25 17:58:38 -------- d-----w- C:\Users\Sara\AppData\Local\{65FCB27D-6C0D-4243-A2FA-8A9BF1A761DA}
2012-06-24 18:00:11 -------- d-----w- C:\Users\Sara\AppData\Local\{45E284B4-8F6E-48C0-81F7-2CC11F7AC652}
2012-06-24 18:00:01 -------- d-----w- C:\Users\Sara\AppData\Local\{A26C9DAA-D517-44AF-BB1F-3D8240A83C59}
2012-06-24 03:51:43 -------- d-----w- C:\Users\Sara\AppData\Local\{2F7A95C3-15FA-49F5-9580-81735BC300E7}
2012-06-24 03:51:33 -------- d-----w- C:\Users\Sara\AppData\Local\{9799164E-5284-43F0-A471-25217397470B}
2012-06-22 03:36:05 -------- d-----w- C:\Users\Sara\AppData\Local\{92FDDA3A-1079-4278-8C48-3349E0089E70}
2012-06-22 03:35:55 -------- d-----w- C:\Users\Sara\AppData\Local\{3CDC4770-690C-481E-910A-224954F533F8}
2012-06-21 04:56:16 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-06-21 00:44:31 -------- d-----w- C:\Users\Sara\AppData\Local\{29DEE4F9-F4F8-4523-A85D-B4874C967A67}
2012-06-21 00:44:20 -------- d-----w- C:\Users\Sara\AppData\Local\{847E928B-B898-4585-ADA2-1313CFB0020D}
2012-06-21 00:20:13 -------- d-----w- C:\Users\Sara\AppData\Local\{98738CF4-3F11-4CDF-A53E-F1D98105F920}
2012-06-21 00:19:53 -------- d-----w- C:\Windows\en
2012-06-21 00:16:50 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-06-21 00:12:49 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2012-06-21 00:12:49 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2012-06-21 00:12:49 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2012-06-21 00:09:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DSETUP.dll
2012-06-21 00:09:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\DXSETUP.exe
2012-06-21 00:09:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16078b2a1cd4f4203\dsetup32.dll
2012-06-21 00:09:12 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\16740a301cd4f4204\MeshBetaRemover.exe
2012-06-21 00:08:51 -------- d-----w- C:\Users\Sara\AppData\Local\{6C4FDCCF-5F53-4AC4-B242-030A3A526D73}
2012-06-21 00:08:16 -------- d-----w- C:\Users\Sara\AppData\Local\{E26CAF40-A44D-4DE6-9713-FBE4915FCA51}
2012-06-21 00:08:05 -------- d-----w- C:\Users\Sara\AppData\Local\{6913831E-538D-4B53-8317-B17263EF45AE}
2012-06-20 23:31:40 -------- d-----w- C:\Users\Sara\AppData\Local\{EE887356-AB7A-41AD-B433-4878471C94D8}
2012-06-20 23:31:30 -------- d-----w- C:\Users\Sara\AppData\Local\{B1D969BF-4B07-4018-B4B8-622B363A6B04}
2012-06-20 19:09:37 -------- d-----w- C:\Users\Sara\AppData\Local\{91B7A935-CCDE-4C47-95D5-224836167B9D}
2012-06-20 19:09:26 -------- d-----w- C:\Users\Sara\AppData\Local\{9E2E8FBB-F652-4AA2-BB49-015B8E25D10A}
2012-06-20 13:49:46 -------- d-----w- C:\Users\Sara\AppData\Local\{4C83DF69-7A98-4E84-B892-E737748FE888}
2012-06-20 13:49:36 -------- d-----w- C:\Users\Sara\AppData\Local\{D0626347-24CD-4355-A317-E38A0808A32A}
2012-06-20 13:36:34 -------- d-----w- C:\Users\Sara\AppData\Local\{E0B7BBF2-CB10-4539-9432-7F5860FD4D88}
2012-06-20 13:36:24 -------- d-----w- C:\Users\Sara\AppData\Local\{20BA683C-20DF-4853-B161-C61D0855BC63}
2012-06-20 13:34:59 -------- d-----w- C:\Users\Sara\AppData\Local\{16804482-B561-4797-AF7C-E957620D602A}
2012-06-20 13:34:48 -------- d-----w- C:\Users\Sara\AppData\Local\{392F744E-D781-4438-8009-2E492AACA5E5}
2012-06-20 01:38:46 -------- d-----w- C:\Users\Sara\AppData\Local\{5B86E182-510D-4189-A4A8-B452FF9F7BA9}
2012-06-20 01:38:36 -------- d-----w- C:\Users\Sara\AppData\Local\{0C294998-962A-462C-8559-A363DBE8D1A8}
2012-06-20 00:31:12 -------- d-----w- C:\Users\Sara\AppData\Local\{50ECFA10-0D03-4BFD-BB42-2385D559EE95}
2012-06-20 00:30:51 -------- d-----w- C:\Users\Sara\AppData\Local\{8237D066-7B50-4272-AAF1-1705F134767B}
2012-06-19 12:27:13 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 12:26:51 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 12:26:31 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 12:26:31 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 00:42:02 -------- d-----w- C:\Users\Sara\AppData\Local\{309FAB49-3475-44B7-BCAA-019748069507}
2012-06-17 11:41:57 -------- d-----w- C:\Users\Sara\AppData\Local\{227D2400-5DBF-49E3-AE75-D5699DDB81C0}
.
==================== Find3M ====================
.
2012-07-15 19:20:35 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-16 17:13:55 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-16 17:13:55 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-19 00:39:10 43008 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-04-19 00:39:10 28672 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
.
============= FINISH: 10:13:06.15 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/8/2011 7:08:39 PM
System Uptime: 7/16/2012 9:41:54 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | CM1630
Processor: AMD Phenom II X4 830 Processor | AM3 | 2812/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 36.569 GiB free.
D: is FIXED (NTFS) - 409 GiB total, 365.829 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 917 GiB total, 266.391 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Deskjet F4500 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP125: 5/27/2012 10:00:41 AM - Windows Backup
RP126: 6/3/2012 10:00:44 AM - Windows Backup
RP127: 6/5/2012 12:48:22 AM - Windows Update
RP128: 6/11/2012 12:07:04 AM - Windows Backup
RP129: 6/13/2012 3:00:39 AM - Windows Update
RP130: 6/17/2012 6:58:25 PM - Windows Backup
RP131: 6/19/2012 7:25:54 AM - Windows Update
RP132: 6/20/2012 7:09:30 PM - Windows Live Essentials
RP133: 6/20/2012 7:10:40 PM - Windows Update
RP134: 6/20/2012 7:11:58 PM - Windows Update
RP135: 6/20/2012 7:13:10 PM - Installed DirectX
RP136: 6/20/2012 7:14:14 PM - Installed DirectX
RP137: 6/20/2012 7:15:48 PM - WLSetup
RP138: 6/20/2012 11:52:29 PM - Windows Update
RP139: 6/22/2012 12:19:48 AM - Windows Update
RP140: 6/24/2012 10:00:40 AM - Windows Backup
RP141: 7/1/2012 10:00:41 AM - Windows Backup
RP142: 7/8/2012 10:00:41 AM - Windows Backup
RP143: 7/12/2012 3:01:00 AM - Windows Update
RP144: 7/15/2012 10:00:38 AM - Windows Backup
RP145: 7/15/2012 2:19:28 PM - Installed Java 6 Update 33
RP146: 7/16/2012 7:16:06 AM - Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 9
Adobe Premiere Elements 9 Content
Adobe Premiere Elements 9 Content 1
Adobe Premiere Elements 9 Content 2
Adobe Premiere Elements 9 Content 3
Adobe Premiere Elements 9 HD Content 1
Adobe Premiere Elements 9 HD Content 2
Adobe Premiere Elements 9 HD Content 3
Adobe Reader X (10.1.3)
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
AVerMedia C038 USB Capture Card 2.0.64.124
Azurewave Wireless LAN Card
Bing Bar
BufferChm
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Copy
Core FTP LE 2.1
Coupon Printer for Windows
D3DX10
DesignPro 5
Destinations
DeviceDiscovery
DHTML Menu Builder LITE 4.20
DJ_AIO_06_F4500_SW_MIN
Elements 9 Organizer
Elements STI Installer
F4500
Family Tree Maker
Firebird SQL Server - MAGIX Edition
GIMP 2.6.7
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Photo Creations
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
iCamSource
iClone v4.2 EX
J2SE Runtime Environment 5.0
Jalbum
Java Auto Updater
Java 6 Update 33
Junk Mail filter update
Live Security Platinum
Logitech Vid HD
MAGIX Movie Edit Pro 17 Plus
MAGIX Screenshare
MAGIX Speed burnR (MSI)
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Memorex exPressit Label Design Studio
Mesh Runtime
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft Money 99
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Live Add-in 1.3
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Picture It! Photo 2001
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox (3.5.8)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Stereoscopic 3D Driver
OpenOffice.org 3.1
PE-DESIGN Ver.6
PhotoScape
Player
PrimoPDF -- by Nitro PDF Software
proDAD Heroglyph 2.5
QuickTime
Ralink RT2860 Wireless LAN Card
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Segoe UI
Shockwave
Skype Toolbars
Skype™ 5.5
SmartSound Quicktracks for Premiere Elements 9.0
SmartWebPrinting
SolutionCenter
Status
The Logo Creator v5.2
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/16/2012 9:50:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
7/16/2012 9:50:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/16/2012 9:44:26 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2012 9:42:42 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/16/2012 9:42:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/16/2012 9:42:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/16/2012 9:42:37 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/16/2012 9:42:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/16/2012 9:42:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6
7/16/2012 9:33:55 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/16/2012 12:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Asus\Sara SID (S-1-5-21-2112477045-800725573-1140253011-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/16/2012 10:12:58 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================
-
We received the USPS email, but neither my wife nor I opened it, (just saw it in preview). We got AVG threat warnings about lameshield-cleaned with AVG, got another alert- opened Malwarebytes and cleaned up. Now Live Security Platinum has installed itself and we have a mess. Help!
Live Security Platinum/Lameshield Problems
in Resolved Malware Removal Logs
Posted
The alerts turned out to be the Live folder and the Live .lnk that showed on the start menu. I cleaned them and everything seems OK at this point.
Thanks Maniac and Malwarebytes.