Inactive How can I manually remove a trojan horse Crypt/AMAX virus?

SarahT

Posts: 7   +0
I recently scanned my computer for viruses on AVG and found I had a Trojan virus in my csc.sys file. I don't really trust downloading the malware removal etc things as I don't really know which ones to trust, So it would be great if someone could tell me how to remove it manually?

The virus is a Trojan Horse Crypt\AMAX.
 
I found another post and think this may have helped. It was the UPDATED 5-step Viruses/Spyware/Malware Preliminary Removal Instructions. It said to copy and paste the logs so if anyone can have a look over then that would be great. Thanks.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8322

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

06/12/2011 14:38:09
mbam-log-2011-12-06 (14-38-09).txt

Scan type: Quick scan
Objects scanned: 181570
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
c:\Users\Sarah\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> 3164 -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\CORSAIR (Redir.ZWink) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Corsair Addon (Redir.ZWink) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Value: {B4FBA8C3-2083-4ED8-A35B-148478739826} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Value: {B4FBA8C3-2083-4ED8-A35B-148478739826} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Value: {B4FBA8C3-2083-4ED8-A35B-148478739826} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Value: {B4FBA8C3-2083-4ED8-A35B-148478739826} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Live (Trojan.Agent) -> Value: Windows Live -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Corsair\search_domain (Redir.ZWink) -> Value: search_domain -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\corsair addon\corsair.dll (Redir.ZWink) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\csc.sys (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Delete on reboot.
c:\Users\Sarah\AppData\Local\Temp\winini.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-06 14:53:05
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT0 rev.12.01A12
Running: 0i1e2809.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\fgloypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_20
Run by Sarah at 14:54:15 on 2011-12-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3039.1739 [GMT 0:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\efsui.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AVG LiveKive\AVGLiveKive.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG LiveKive\AVGLiveKive.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\AVG LiveKive\windows_dir_watcher.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG2012\avgcfgex.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 06/04/2010 18:19:02
System Uptime: 06/12/2011 14:40:04 (0 hours ago)
.
Motherboard: Compal | | 30F4
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | CPU | 2000/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 30.452 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.623 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP219: 05/12/2011 17:54:31 - Windows Update
RP220: 06/12/2011 11:56:03 - Installed Microsoft Fix it 50561
RP221: 06/12/2011 12:30:34 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Premium
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.1)
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Adobe Widget Browser
Agere Systems HDA Modem
Akamai NetSession Interface
Akamai NetSession Interface Service
µTorrent
AVG 2012
AVG LiveKive
AVG PC Tuneup 2011
Bing Bar
Bing Bar Platform
Bonjour
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink YouCam
D3DX10
DivX Setup
Driver Whiz
Dropbox
ESU for Microsoft Vista
Facebook Video Calling 1.0.0.8953
Hewlett-Packard ACLM.NET v1.1.1.0
HP Customer Experience Enhancements
HP Doc Viewer
HP Quick Launch Buttons 6.40 D1
HP QuickPlay 3.7
HP QuickTouch 1.00 D2
HP Support Assistant
HP Total Care Advisor
HP Update
HP User Guides 0103
HP Wireless Assistant
HPSSupply
IDT Audio
Java(TM) 6 Update 20
Java(TM) 6 Update 6
JMicron JMB38X Flash Media Controller
Junk Mail filter update
LabelPrint
LightScribe System Software 1.12.33.2
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2010 - English
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft PowerPoint Viewer
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MoneyManagerEX version 0.9.8.0
Mozilla Firefox 8.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NEF Codec
Norton Security Scan
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PDF Settings CS5
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
PxMergeModule
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
Skype Click to Call
Skype™ 5.5
swMSM
Synaptics Pointing Device Driver
Uninstall DreamSuite Bonus
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Viewpoint Media Player
VLC media player 1.0.5
WhiteCap
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
ZTE_MF627_USB_MODEM_1.2059.0.4
.
==== Event Viewer Messages From Past Week ========
.
06/12/2011 14:40:53, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
06/12/2011 14:40:05, Error: hpdskflt [1001] - An unsupported disk adapter was found.
06/12/2011 14:40:04, Error: sptd [4] - Driver detected an internal error in its data structures for .
06/12/2011 12:15:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
06/12/2011 12:15:18, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/12/2011 16:24:16, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
03/12/2011 13:46:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hpdskflt
01/12/2011 00:46:15, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
01/12/2011 00:46:07, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.
01/12/2011 00:46:01, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.
.
==== End Of File ===========================
 
Welcome to TechSpot, Sarah! You did the right thing- I would have referred you to the preliminary scans thread. I will be glad to help with the malware.

My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
As you may have noticed in Mbam, removing malware isn't just removing one entry-or two- or more. With all of the different malwares you have, I would like to continue with the cleaning. If you use a Site Advisor (which I will recommend later) you would notice in a search that most of the sites about removing 'malware' would not be recommended, trustworthy sites. WOT would show a 'red light' for most.
==================================
There is a program installed named Relevant Knowledge. This needs to be removed. Please go to the Add/Remove Programs in the Control Panel. Look for this program> if you see it, please uninstall it.

Then use Windows Explorer to go to Computer> Local Drive(usually C)> Programs> look for program folder for Relevant Knowledge. If found, please do a right click> Delete.
====================================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system. (I see Java(TM) 6 Update 20 & Java(TM) 6 Update 62 outdated versions)
Note: Be sure to update before you uninstall outdated versions.
--------------------------------------
Because of the outdated Java, some of the malware will be in the Java cache, so it must be emptied:
This should help with clearing the Java cache:
1. Click Start, and then click Control Panel.
w7_strt_cp_click.gif

2. Click Programs, and then click the Java icon.
java_icon.gif

If you are using Windows 7 and your View by is set to either Large icons or Small icons, then click the Java icon.
w7_cp_lrg_icn_jv.gif

------------------>
w7_cp_lrg_icn_jv.gif

3. Click the General tab> Temporary Internet Files section> click Settings.
4. Click Delete Files.
5. In the Delete Temporary Files window, select all the check boxes, and then click OK.
6. Click OK to close the Temporary Files Settings window.
7. Click OK to close the Java Control Panel window.
Images courtesy AOL Help
=========================================
I would like you to run Combofix. It won't run with AVG, so that needs to be uninstalled temporarily:
Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
==========================================
When the above is finished, please run the Eset online virus scan:
For Internet Explorer:> start here:
  • Open the ESETOnlineScan
    -------------
    Note: If you are using a browser other than Internet Explorer> start here:
  • Open Eset Smart Installer
  • Click on the esetsmartinstaller_enu.exelink and save to the desktop.
  • Double click on the desktop icon to run.
  • After successful installation of the ESET Smart Installer, the ESET Online Scanner wil be launched in a new Window
  • Continue with the directions.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

===============================
Please leave the logs for Combofix and the Eset scan in your net reply.
 
Thanks for your help. Here are the log details.

ComboFix 11-12-06.01 - Sarah 06/12/2011 21:12:56.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3039.2369 [GMT 0:00]
Running from: c:\users\Sarah\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Corsair Addon
c:\program files\Corsair Addon\uninstall.exe
c:\users\Sarah\AppData\Local\6b2cf9db\U
c:\users\Sarah\AppData\Local\6b2cf9db\U\80000000.@
c:\users\Sarah\AppData\Local\6b2cf9db\U\800000cb.@
c:\users\Sarah\AppData\Local\6b2cf9db\U\800000cf.@
c:\users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\pse_350_enu.exe
c:\users\Sarah\Documents\~WRL0005.tmp
c:\users\Sarah\Documents\~WRL2903.tmp
c:\users\Sarah\Documents\~WRL3042.tmp
c:\users\Sarah\Documents\~WRL3583.tmp
c:\windows\$NtUninstallKB27912$
c:\windows\$NtUninstallKB27912$\4222998134
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\system
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-06 21:45 . 2011-12-06 21:52 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2011-12-06 21:45 . 2011-12-06 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-06 21:18 . 2011-12-06 21:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B04E1F0-0377-4287-8F99-3DA605DD9B0C}\offreg.dll
2011-12-06 21:06 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-06 20:44 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-06 20:44 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-06 20:44 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-06 20:44 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-06 20:44 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-06 20:44 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-06 20:43 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-06 20:43 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-06 20:43 . 2011-12-06 20:43 -------- d-----w- c:\programdata\AVAST Software
2011-12-06 20:43 . 2011-12-06 20:43 -------- d-----w- c:\program files\AVAST Software
2011-12-06 20:26 . 2011-12-06 20:26 -------- d-----w- c:\program files\Common Files\Java
2011-12-06 14:27 . 2011-12-06 14:27 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
2011-12-06 14:26 . 2011-12-06 14:26 -------- d-----w- c:\programdata\Malwarebytes
2011-12-06 14:26 . 2011-12-06 14:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-06 14:26 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-05 10:21 . 2011-12-05 10:21 -------- d-----w- c:\programdata\boost_interprocess
2011-12-04 21:27 . 2011-12-05 10:46 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-12-04 21:27 . 2011-12-04 21:27 -------- d-----w- c:\users\Sarah\AppData\Local\PackageAware
2011-11-28 12:59 . 2010-11-05 01:57 32072 ----a-w- c:\users\Sarah\AppData\Roaming\build6.exe
2011-11-16 17:40 . 2009-05-26 13:29 61440 ----a-w- c:\windows\system32\aestaren.dll
2011-11-16 17:40 . 2009-05-26 13:29 368640 ----a-w- c:\windows\system32\aestecap.dll
2011-11-16 17:40 . 2009-05-26 13:30 536576 ----a-w- c:\windows\system32\idtmini1.exe
2011-11-16 17:40 . 2009-05-26 13:29 142848 ----a-w- c:\windows\system32\aestacap.dll
2011-11-16 17:40 . 2009-05-26 13:30 450652 ----a-w- c:\windows\sttray.exe
2011-11-16 17:40 . 2009-05-26 13:30 3567616 ----a-w- c:\windows\system32\stlang.dll
2011-11-16 17:40 . 2009-05-26 13:29 12017756 ----a-w- c:\windows\system32\idtcpl.cpl
2011-11-15 16:46 . 2010-11-05 01:57 32072 ----a-w- c:\users\Sarah\AppData\Roaming\build7.exe
2011-11-15 14:52 . 2011-11-15 14:52 -------- d-----w- c:\users\Public\Roaming
2011-11-15 13:57 . 2011-12-06 21:43 -------- d-sh--w- c:\users\Sarah\AppData\Local\6b2cf9db
2011-11-15 13:52 . 2011-11-15 13:52 -------- d-----w- c:\programdata\ALM
2011-11-14 19:03 . 2011-11-14 19:03 -------- d-----w- c:\program files\Adobe Download Assistant
2011-11-14 18:02 . 2011-11-14 18:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-11-14 16:57 . 2011-11-14 16:57 -------- d-----w- C:\$AVG
2011-11-14 16:03 . 2011-11-14 16:03 -------- d-----w- c:\users\Sarah\AppData\Local\Seven Zip
2011-11-14 00:34 . 2011-11-14 00:34 -------- d-----w- c:\users\Sarah\AppData\Local\Facebook
2011-11-11 10:31 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-11 10:31 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-11 10:31 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\Sarah\AppData\Roaming\AVG2012
2011-11-10 23:06 . 2011-12-06 20:37 -------- d-----w- c:\programdata\AVG2012
2011-11-09 20:11 . 2011-11-18 01:03 -------- d-----w- c:\users\Sarah\AppData\Local\Akamai
2011-11-08 11:10 . 2011-11-08 11:10 -------- d-----w- c:\programdata\UAB
2011-11-08 11:10 . 2011-11-08 11:10 -------- d-----w- c:\users\Sarah\AppData\Local\PC_Drivers_Headquarters
2011-11-08 11:10 . 2011-11-08 11:10 -------- d-----w- c:\programdata\Driver Whiz
2011-11-08 11:04 . 2011-10-18 01:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B04E1F0-0377-4287-8F99-3DA605DD9B0C}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-06 20:25 . 2010-05-04 13:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-23 20:18 . 2011-10-05 22:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-09 11:13 . 2011-10-09 11:13 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-09 10:38 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-01 02:42 . 2011-10-13 02:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2002-07-28 22:40 . 2007-05-22 15:20 1059840 ----a-w- c:\program files\DS_Bonus_Plugin.8bf
2011-11-05 07:10 . 2011-11-16 11:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-26 468264]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-05-26 450652]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"QlbCtrl.exe"=c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
.
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-06 136176]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-06 136176]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\aestsrv.exe [2009-05-26 81920]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-19 19456]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2010-08-07 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Avgfwfd
*Deregistered* - AVGIDSDrivervtx
*Deregistered* - AVGIDSFiltervtx
*Deregistered* - AVGIDSShimvtx
*Deregistered* - Avgrkx86
*Deregistered* - Avgtdix
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1874340787-3662725805-613299546-1000Core.job
- c:\users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-14 00:34]
.
2011-12-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1874340787-3662725805-613299546-1000UA.job
- c:\users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-14 00:34]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-06 20:44]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-06 20:44]
.
2011-12-05 c:\windows\Tasks\HPCeeScheduleForSarah.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\aqw47cmw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f92a9fe4-2850-4198-b9d5-279880e49b16} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-10 - (no file)
HKCU-Run-AVG LiveKive - c:\program files\AVG LiveKive\AVGLiveKive.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1874340787-3662725805-613299546-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1874340787-3662725805-613299546-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4408)
c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\STacSV.exe
c:\windows\system32\rundll32.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2011-12-06 22:05:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-06 22:05
.
Pre-Run: 45,133,623,296 bytes free
Post-Run: 45,131,022,336 bytes free
.
- - End Of File - - 5A77B6E1F1FA52C48C8ADE558D15E2E8

C:\Users\Sarah\Desktop\keygen.exe a variant of MSIL/Injector.OO trojan
C:\Users\Sarah\Downloads\cnet_IDTv087_zip.exe a variant of Win32/InstallCore.D application
C:\Users\Sarah\Downloads\Adobe_CS5.5_Keygen\keygen.exe a variant of MSIL/Injector.OO trojan
C:\Users\Sarah\Downloads\Adobe_CS5.5_Keygen (2)\keygen.exe a variant of MSIL/Injector.OO trojan

Was that everything you need?
 
You began the DDS.txt log> DDS (Ver_2011-08-26.01) - NTFSx86
followed by the Heading and Security followed>
Then "Running Processes"> but you ended that log with this running processes>C:\Windows\system32\DllHost.exe.

You omitted the entire rest of that log.
The next section begins as: ============== Pseudo HJT Report ===============
followed by 4 more sections> ending ============= FINISH== time given ===============

Please search for the DDS.txt log on the system and include the full logs in your next reply.

The main problems is that you are running way too many processes- so what looks like a full log, isn't!
 
Sarah, I need the information that is in the rest of the DDS.txt log. Please run the program again.

Please follow this part carefully:
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • When done, DDS will open two (2) logs: Please paste both in your next reply.
    [o]DDS.txt
    [o]Attach.txt

You had the log because you pasted part of it in. But since you can't find it for the rest, we'll just make a new one!
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Sarah at 11:49:39 on 2011-12-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3039.1709 [GMT 0:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\aestsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AVG LiveKive\AVGLiveKive.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Sarah\AppData\Local\Temp\svchost.exe
C:\Program Files\AVG LiveKive\AVGLiveKive.exe
C:\Program Files\AVG LiveKive\windows_dir_watcher.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AVG LiveKive] "c:\program files\avg livekive\AVGLiveKive.exe" --windows_startup
uRun: [Windows Live] c:\users\sarah\appdata\local\temp\winini.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25}\244584F6D65684572623D253D46475 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25}\244584F6D65684572623D283B47534 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25}\341627D656C6964756 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25}\8393240234C4142554D4F4E445 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\AEstSrv.exe [2010-4-6 81920]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-31 361808]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2010-8-7 54784]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-14 43552]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-6 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-31 193840]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-6 136176]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-5 15872]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-5 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-19 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-12-13 10:31:05 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3427191b-3f60-48ad-bb34-a889dabc83e3}\offreg.dll
2011-12-11 06:43:51 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3427191b-3f60-48ad-bb34-a889dabc83e3}\mpengine.dll
2011-12-10 13:33:41 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-10 13:12:18 -------- d-----w- C:\ComboFix
2011-12-07 17:23:22 -------- d-----w- c:\users\sarah\appdata\roaming\AVG LiveKive
2011-12-07 17:23:15 -------- d-----w- c:\program files\AVG LiveKive
2011-12-06 22:32:19 -------- d-----w- c:\program files\ESET
2011-12-06 21:45:44 -------- d-----w- c:\users\sarah\appdata\local\temp
2011-12-06 21:06:29 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-06 21:03:09 518144 ----a-w- c:\windows\SWREG.exe
2011-12-06 21:03:09 256000 ----a-w- c:\windows\PEV.exe
2011-12-06 21:03:09 208896 ----a-w- c:\windows\MBR.exe
2011-12-06 21:03:08 98816 ----a-w- c:\windows\sed.exe
2011-12-06 20:43:29 -------- d-----w- c:\programdata\AVAST Software
2011-12-06 20:43:29 -------- d-----w- c:\program files\AVAST Software
2011-12-06 14:27:12 -------- d-----w- c:\users\sarah\appdata\roaming\Malwarebytes
2011-12-06 14:26:34 -------- d-----w- c:\programdata\Malwarebytes
2011-12-06 10:32:51 -------- d-----w- c:\users\sarah\appdata\local\{BDCB2E2B-4D3F-4741-9926-98527B0E6868}
2011-12-06 10:32:32 -------- d-----w- c:\users\sarah\appdata\local\{3EC27877-55DC-4217-83AC-0066B41050B1}
2011-12-05 10:24:22 -------- d-----w- c:\users\sarah\appdata\local\{B1642F59-213B-4419-B8BB-463153FD3E17}
2011-12-05 10:23:11 -------- d-----w- c:\users\sarah\appdata\local\{7764D51D-F515-4997-A974-20B7D8F554C8}
2011-12-05 10:21:17 -------- d-----w- c:\programdata\boost_interprocess
2011-12-04 21:27:46 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-12-04 21:27:29 -------- d-----w- c:\users\sarah\appdata\local\PackageAware
2011-12-04 10:20:59 -------- d-----w- c:\users\sarah\appdata\local\{FB6BCADD-EDF9-41DE-BB9F-37CC3ADA49A1}
2011-12-04 10:20:18 -------- d-----w- c:\users\sarah\appdata\local\{227BF48F-A7C0-4DC9-8C77-2355D9A5EC49}
2011-12-03 13:48:01 -------- d-----w- c:\users\sarah\appdata\local\{70A89CD5-DC8E-49DF-90FE-12C546781B02}
2011-12-03 13:47:38 -------- d-----w- c:\users\sarah\appdata\local\{EC94E687-0959-4845-AE8F-6E9C5B187E4E}
2011-12-03 13:38:53 -------- d-----w- c:\users\sarah\appdata\local\{72638B56-AE5A-457C-BE76-BA4D77EB8E04}
2011-12-03 13:38:17 -------- d-----w- c:\users\sarah\appdata\local\{6138B211-27D1-4160-A9D4-D508D6C95EE3}
2011-12-01 18:13:13 -------- d-----w- c:\users\sarah\appdata\local\{19436110-22D9-496A-80FC-52149B0612F8}
2011-12-01 18:12:47 -------- d-----w- c:\users\sarah\appdata\local\{048B063A-3A32-4C34-A6CD-1890FE1FE5A4}
2011-11-30 23:09:58 -------- d-----w- c:\users\sarah\appdata\local\{311E8C09-A114-4EE0-B3E4-023EB406B98D}
2011-11-30 23:09:35 -------- d-----w- c:\users\sarah\appdata\local\{4DE8767E-6CB0-4D54-BC0A-DD308E641CDD}
2011-11-30 11:09:07 -------- d-----w- c:\users\sarah\appdata\local\{6F12CE3A-BDF0-4B71-AC6B-AE39F7539CAB}
2011-11-30 11:08:43 -------- d-----w- c:\users\sarah\appdata\local\{251730BA-54A2-4438-A1C9-08C7C80B768D}
2011-11-29 23:08:16 -------- d-----w- c:\users\sarah\appdata\local\{3121D1DB-CF08-4B1C-8FC2-58F8BF662116}
2011-11-29 23:07:54 -------- d-----w- c:\users\sarah\appdata\local\{BF268942-97D2-4434-B105-DBF3DAA56FDF}
2011-11-29 11:06:43 -------- d-----w- c:\users\sarah\appdata\local\{CBF13F68-3DA9-469F-B3A6-E95843910A34}
2011-11-29 11:06:15 -------- d-----w- c:\users\sarah\appdata\local\{79ACFAC1-0BE7-45F6-9211-53D0F6496EFA}
2011-11-28 13:01:55 -------- d-----w- c:\users\sarah\appdata\local\{A8A07184-79CA-44E7-87E7-C95EE29FA54C}
2011-11-28 13:00:52 -------- d-----w- c:\users\sarah\appdata\local\{BA4B7E19-69AE-46FA-B3E9-A887EF631FCB}
2011-11-28 12:59:18 32072 ----a-w- c:\users\sarah\appdata\roaming\build6.exe
2011-11-26 12:13:54 -------- d-----w- c:\users\sarah\appdata\local\{4AEC48C2-FAA6-44B7-B90D-95DC2FBDC641}
2011-11-26 12:13:32 -------- d-----w- c:\users\sarah\appdata\local\{0EAB5403-963E-4CA5-83D2-ABC16082A777}
2011-11-26 00:12:46 -------- d-----w- c:\users\sarah\appdata\local\{B2ABF7CF-6128-4FA1-B8BB-E6B043F22441}
2011-11-26 00:11:54 -------- d-----w- c:\users\sarah\appdata\local\{3DF719A2-843E-45E0-8477-223D6EFCC48B}
2011-11-25 11:05:48 -------- d-----w- c:\users\sarah\appdata\local\{BF63A704-D8E7-4632-9A58-C932218FE649}
2011-11-25 11:04:47 -------- d-----w- c:\users\sarah\appdata\local\{BEB8303C-88DF-408D-8543-499457CC6EFE}
2011-11-23 18:51:19 -------- d-----w- c:\users\sarah\appdata\local\{17FA27D9-8955-42C8-8F5F-CC86C88CBBF3}
2011-11-23 18:50:34 -------- d-----w- c:\users\sarah\appdata\local\{F4137256-DB98-498E-B108-76BD279E2E44}
2011-11-22 11:31:36 -------- d-----w- c:\users\sarah\appdata\local\{E94826A0-E808-4FAA-8594-4253B83AD32A}
2011-11-22 11:30:53 -------- d-----w- c:\users\sarah\appdata\local\{2C412344-AAC1-4C18-9905-1C6B050CBED2}
2011-11-22 10:43:44 -------- d-----w- c:\users\sarah\appdata\local\{DAB0DA20-6F5C-41F5-BC1E-5517FDEB39A7}
2011-11-21 22:43:17 -------- d-----w- c:\users\sarah\appdata\local\{92747A0B-AC90-49EB-AB7C-FB870FA89935}
2011-11-21 22:42:51 -------- d-----w- c:\users\sarah\appdata\local\{E20B2176-173E-4493-AA8E-495C805ACA62}
2011-11-21 10:42:23 -------- d-----w- c:\users\sarah\appdata\local\{8D92CEB8-4BA5-4D7F-94C4-31E13082A37F}
2011-11-21 10:42:00 -------- d-----w- c:\users\sarah\appdata\local\{E50610B4-9B29-4B6C-949F-9E4C201201C2}
2011-11-20 22:41:04 -------- d-----w- c:\users\sarah\appdata\local\{BA285C7C-574F-4302-8675-6C861CE2C30B}
2011-11-20 22:39:52 -------- d-----w- c:\users\sarah\appdata\local\{BCA3CAB8-3570-4CC1-9598-805C828A4AC7}
2011-11-20 10:35:09 -------- d-----w- c:\users\sarah\appdata\local\{C33BAB78-FC21-47E9-857E-972BE883F0B3}
2011-11-20 10:34:39 -------- d-----w- c:\users\sarah\appdata\local\{CECB99D1-D893-4B34-9858-47C2C08CDC83}
2011-11-18 11:09:53 -------- d-----w- c:\users\sarah\appdata\local\{F79C2E09-BF86-458C-BB12-160033504517}
2011-11-18 11:09:27 -------- d-----w- c:\users\sarah\appdata\local\{9AC78D1B-09FB-434F-B0C6-0B6835FAC02E}
2011-11-17 18:01:18 -------- d-----w- c:\users\sarah\appdata\local\{9348CB80-984A-4BAF-88F4-D4EC811BC30A}
2011-11-17 18:00:50 -------- d-----w- c:\users\sarah\appdata\local\{699B5147-C644-46AD-8265-8A918BEC6BED}
2011-11-16 23:34:30 -------- d-----w- c:\users\sarah\appdata\local\{5775D18F-6621-466C-92D0-7E7491B50DD2}
2011-11-16 23:34:19 -------- d-----w- c:\users\sarah\appdata\local\{D169B006-9446-44EE-A39F-96A628842B66}
2011-11-16 17:40:40 61440 ----a-w- c:\windows\system32\aestaren.dll
2011-11-16 17:40:40 368640 ----a-w- c:\windows\system32\aestecap.dll
2011-11-16 17:40:39 536576 ----a-w- c:\windows\system32\idtmini1.exe
2011-11-16 17:40:39 142848 ----a-w- c:\windows\system32\aestacap.dll
2011-11-16 17:40:38 450652 ----a-w- c:\windows\sttray.exe
2011-11-16 17:40:38 3567616 ----a-w- c:\windows\system32\stlang.dll
2011-11-16 17:40:38 12017756 ----a-w- c:\windows\system32\idtcpl.cpl
2011-11-16 11:33:31 -------- d-----w- c:\users\sarah\appdata\local\{7DB371DB-4479-4504-9B30-623504CA6DD1}
2011-11-16 11:32:28 -------- d-----w- c:\users\sarah\appdata\local\{8FF918B4-0BF3-4850-9AA3-58F40E8C0ADE}
2011-11-15 23:30:56 -------- d-----w- c:\users\sarah\appdata\local\{E2431094-DC59-4B20-9653-CAF47E071461}
2011-11-15 23:30:30 -------- d-----w- c:\users\sarah\appdata\local\{BE1022A5-CE00-40FA-8595-78954B40DABB}
2011-11-15 16:46:44 32072 ----a-w- c:\users\sarah\appdata\roaming\build7.exe
2011-11-15 13:57:48 -------- d-sh--w- c:\users\sarah\appdata\local\6b2cf9db
2011-11-15 13:52:47 -------- d-----w- c:\programdata\ALM
2011-11-15 11:30:02 -------- d-----w- c:\users\sarah\appdata\local\{DBAAB499-3667-498D-9DA4-D0454502A15B}
2011-11-14 23:29:26 -------- d-----w- c:\users\sarah\appdata\local\{76DE2D43-5FB3-435B-8692-4050140EFB38}
2011-11-14 23:29:04 -------- d-----w- c:\users\sarah\appdata\local\{B41F4F74-86C5-4563-BA21-68331B6331E9}
2011-11-14 19:03:29 -------- d-----w- c:\program files\Adobe Download Assistant
2011-11-14 16:03:20 -------- d-----w- c:\users\sarah\appdata\local\Seven Zip
2011-11-14 11:28:35 -------- d-----w- c:\users\sarah\appdata\local\{E8030936-4D09-447E-BED6-98EB8FFECB56}
2011-11-14 11:28:13 -------- d-----w- c:\users\sarah\appdata\local\{87819FAA-CAF9-427B-8E31-EC3D49645AD1}
2011-11-14 00:34:28 -------- d-----w- c:\users\sarah\appdata\local\Facebook
2011-11-13 14:37:43 -------- d-----w- c:\users\sarah\appdata\local\{EF1F8E9A-BA88-4A07-A9E9-D8FC20E81285}
.
==================== Find3M ====================
.
2011-12-07 16:52:49 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-06 20:25:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-23 20:18:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-09 10:38:38 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37:56 2341888 ----a-w- c:\windows\system32\win32k.sys
2002-07-28 22:40:00 1059840 ----a-w- c:\program files\DS_Bonus_Plugin.8bf
.
============= FINISH: 11:51:06.67 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 06/04/2010 18:19:02
System Uptime: 13/12/2011 11:44:52 (0 hours ago)
.
Motherboard: Compal | | 30F4
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | CPU | 2000/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 28.751 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.627 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&326E9577&0&000000#
Manufacturer: JMCR
Name: NIKON D90
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&326E9577&0&000000#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP234: 09/12/2011 11:31:10 - Windows Update
RP235: 09/12/2011 12:33:51 - Windows Update
RP236: 09/12/2011 19:39:52 - Windows Update
RP237: 10/12/2011 13:00:21 - Removed AVG 2012
RP238: 10/12/2011 13:02:19 - Removed AVG 2012
RP239: 11/12/2011 03:00:19 - Windows Update
RP240: 12/12/2011 03:00:16 - Windows Update
RP241: 13/12/2011 00:18:54 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Premium
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.1)
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Adobe Widget Browser
Agere Systems HDA Modem
Akamai NetSession Interface
Akamai NetSession Interface Service
µTorrent
AVG LiveKive
AVG PC Tuneup 2011
Bing Bar
Bing Bar Platform
Bonjour
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink YouCam
D3DX10
DivX Setup
Driver Whiz
Dropbox
ESET Online Scanner v3
ESU for Microsoft Vista
Facebook Video Calling 1.0.0.8953
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.1.0
HP Customer Experience Enhancements
HP Doc Viewer
HP Quick Launch Buttons 6.40 D1
HP QuickPlay 3.7
HP QuickTouch 1.00 D2
HP Support Assistant
HP Total Care Advisor
HP Update
HP User Guides 0103
HP Wireless Assistant
HPSSupply
IDT Audio
Java Auto Updater
Java(TM) 6 Update 29
JMicron JMB38X Flash Media Controller
Junk Mail filter update
LabelPrint
LightScribe System Software 1.12.33.2
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2010 - English
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft PowerPoint Viewer
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MoneyManagerEX version 0.9.8.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NEF Codec
Norton Security Scan
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PDF Settings CS5
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
PxMergeModule
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
Skype Click to Call
Skype™ 5.5
swMSM
Synaptics Pointing Device Driver
Uninstall DreamSuite Bonus
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Viewpoint Media Player
VLC media player 1.0.5
WhiteCap
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
ZTE_MF627_USB_MODEM_1.2059.0.4
.
==== Event Viewer Messages From Past Week ========
.
13/12/2011 11:45:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hpdskflt
13/12/2011 11:45:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c2 (0x00000007, 0x0000109b, 0x8308052a, 0x85ec10a0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121311-27487-01.
13/12/2011 11:44:53, Error: hpdskflt [1001] - An unsupported disk adapter was found.
13/12/2011 11:44:52, Error: sptd [4] - Driver detected an internal error in its data structures for .
10/12/2011 13:30:49, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/12/2011 13:11:54, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023179
06/12/2011 21:09:54, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
06/12/2011 12:15:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
06/12/2011 12:15:18, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :Files 
    C:\Users\Sarah\Desktop\keygen.exe 
    C:\Users\Sarah\Downloads\cnet_IDTv087_zip.exe 
    C:\Users\Sarah\Downloads\Adobe_CS5.5_Keygen\keygen.exe 
    C:\Users\Sarah\Downloads\Adobe_CS5.5_Keygen (2)\keygen.exe 
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
======================================
The Adobe Creative Suite 5.5 Design Premium has been pirated This is $400.00 program. A keygen from a torrent site was used to download the program instead of paying for it.

This piracy put the MSIL/Injector.OO trojan or bot on the system that may represent security risk for the compromised system and/or its network environment

It is also a malicious backdoor trojan that runs in the background and allows remote access to the compromised system.
=========================================
There are also 60 appupdates between 11/13-12/6, none of which are identifiable.
The Install Date: 06/04/2010, but no security updates.
=========================================
To continue support, remove the pirated program, then run the following:

Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
Please run the MGA Diagnostics tool
  • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
  • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
  • You must choose to Run this tool when prompted.
  • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
  • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
  • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
  • Please return to this thread and Paste the results here for review.
------------------------------------------
This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

1. What edition of Windows OS is it?
2. Does it read "OEM Software" or "OEM Product" in black lettering?
3. Or, does it have the computer manufacturer's name in black lettering?
4. DO NOT post the Product Key.

NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
 
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\bitcomet\torrents\avg anti-virus 9.0.704 crack + keygen.rar.torrent
c:\program files\bitcomet\torrents\avg anti-virus 9.0.704 crack + keygen.rar[0].torrent
c:\program files\bitcomet\torrents\avg anti-virus 9.0.704 crack + keygen.rar[1].torrent
c:\program files\hp games\bejeweled 2 deluxe\wtmui_de\sounds\firecrackle.ogg
c:\program files\hp games\bejeweled 2 deluxe\wtmui_default\sounds\firecrackle.ogg
c:\program files\hp games\bejeweled 2 deluxe\wtmui_es\sounds\firecrackle.ogg
c:\program files\hp games\bejeweled 2 deluxe\wtmui_fr\sounds\firecrackle.ogg
c:\program files\hp games\bejeweled 2 deluxe\wtmui_it\sounds\firecrackle.ogg
c:\users\sarah\downloads\adobe_cs5.5_keygen (1).rar
c:\users\sarah\downloads\adobe_cs5.5_keygen (2).rar
c:\users\sarah\downloads\adobe_cs5.5_keygen.rar
c:\users\sarah\downloads\adobe_cs5.5_keygen\core.nfo
c:\users\sarah\downloads\adobe_cs5.5_keygen (2)\core.nfo
c:\_otm\movedfiles\12162011_161358\c_users\sarah\desktop\keygen.exe
c:\_otm\movedfiles\12162011_161358\c_users\sarah\downloads\adobe_cs5.5_keygen\keygen.exe
c:\_otm\movedfiles\12162011_161358\c_users\sarah\downloads\adobe_cs5.5_keygen (2)\keygen.exe
scanner sequence 3.HH.11.BQLBVO
----- EOF -----

I tried to copy the results for the diagnostics tool but every time I clicked the button nothing happened.
 
It's a sad day when someone pirates an antivirus program!

c:\program files\bitcomet\torrents\avg anti-virus 9.0.704 crack + keygen.rar.torrent
c:\program files\bitcomet\torrents\avg anti-virus 9.0.704 crack + keygen.rar[0].torrent
c:\program files\bitcomet\torrents\avg anti-virus 9.0.704 crack + keygen.rar[1].torrent
The Adobe Creative Suite 5.5 Design Premium has been pirated This is $400.00 program. A keygen from a torrent site was used to download the program instead of paying for it.

I previously removed these entries:
c:\_otm\movedfiles\12162011_161358\c_users\sarah\desktop\keygen.exe
c:\_otm\movedfiles\12162011_161358\c_users\sarah\downloads\adobe_cs5.5_keyg en\keygen.exe
c:\_otm\movedfiles\12162011_161358\c_users\sarah\downloads\adobe_cs5.5_keyg en (2)\keygen.exe

There are more:
c:\users\sarah\downloads\adobe_cs5.5_keygen.rar
c:\users\sarah\downloads\adobe_cs5.5_keygen\core.nfo
c:\users\sarah\downloads\adobe_cs5.5_keygen (2)\core.nfo
c:\users\sarah\downloads\adobe_cs5.5_keygen (2).rar

Unless you remove the pirated programs and run the MGA DX tool so I can see whether the OS is legit, there will be no more support. We do not support piracy.
 
Holiday Notice! I will not be working on the threads Sat. Dec. 24 or Sunday Dec. 25. I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.
 
Back