How can I manually remove a trojan horse Crypt/AMAX virus?

Inactive
By SarahT
Dec 6, 2011
  1. I recently scanned my computer for viruses on AVG and found I had a Trojan virus in my csc.sys file. I don't really trust downloading the malware removal etc things as I don't really know which ones to trust, So it would be great if someone could tell me how to remove it manually?

    The virus is a Trojan Horse Crypt\AMAX.
  2. SarahT

    SarahT Newcomer, in training Topic Starter

    I found another post and think this may have helped. It was the UPDATED 5-step Viruses/Spyware/Malware Preliminary Removal Instructions. It said to copy and paste the logs so if anyone can have a look over then that would be great. Thanks.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8322

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    06/12/2011 14:38:09
    mbam-log-2011-12-06 (14-38-09).txt

    Scan type: Quick scan
    Objects scanned: 181570
    Time elapsed: 9 minute(s), 11 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 10
    Registry Values Infected: 6
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 7

    Memory Processes Infected:
    c:\Users\Sarah\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> 3164 -> Failed to unload process.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\CORSAIR (Redir.ZWink) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Corsair Addon (Redir.ZWink) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Value: {B4FBA8C3-2083-4ED8-A35B-148478739826} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Value: {B4FBA8C3-2083-4ED8-A35B-148478739826} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Value: {B4FBA8C3-2083-4ED8-A35B-148478739826} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B4FBA8C3-2083-4ED8-A35B-148478739826} (Redir.ZWink) -> Value: {B4FBA8C3-2083-4ED8-A35B-148478739826} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Live (Trojan.Agent) -> Value: Windows Live -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Corsair\search_domain (Redir.ZWink) -> Value: search_domain -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\corsair addon\corsair.dll (Redir.ZWink) -> Quarantined and deleted successfully.
    c:\Windows\System32\drivers\csc.sys (Spyware.Password) -> Quarantined and deleted successfully.
    c:\Users\Sarah\AppData\Local\Temp\svchost.exe (Trojan.Agent) -> Delete on reboot.
    c:\Users\Sarah\AppData\Local\Temp\winini.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-06 14:53:05
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT0 rev.12.01A12
    Running: 0i1e2809.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\fgloypow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_20
    Run by Sarah at 14:54:15 on 2011-12-06
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3039.1739 [GMT 0:00]
    .
    AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\aestsrv.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\efsui.exe
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\AVG LiveKive\AVGLiveKive.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG LiveKive\AVGLiveKive.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files\AVG LiveKive\windows_dir_watcher.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\AVG\AVG2012\avgcfgex.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 06/04/2010 18:19:02
    System Uptime: 06/12/2011 14:40:04 (0 hours ago)
    .
    Motherboard: Compal | | 30F4
    Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | CPU | 2000/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 289 GiB total, 30.452 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.623 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP219: 05/12/2011 17:54:31 - Windows Update
    RP220: 06/12/2011 11:56:03 - Installed Microsoft Fix it 50561
    RP221: 06/12/2011 12:30:34 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Content Viewer
    Adobe Creative Suite 5.5 Design Premium
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player
    Adobe Shockwave Player 11.6
    Adobe Widget Browser
    Agere Systems HDA Modem
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    µTorrent
    AVG 2012
    AVG LiveKive
    AVG PC Tuneup 2011
    Bing Bar
    Bing Bar Platform
    Bonjour
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    CyberLink YouCam
    D3DX10
    DivX Setup
    Driver Whiz
    Dropbox
    ESU for Microsoft Vista
    Facebook Video Calling 1.0.0.8953
    Hewlett-Packard ACLM.NET v1.1.1.0
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Quick Launch Buttons 6.40 D1
    HP QuickPlay 3.7
    HP QuickTouch 1.00 D2
    HP Support Assistant
    HP Total Care Advisor
    HP Update
    HP User Guides 0103
    HP Wireless Assistant
    HPSSupply
    IDT Audio
    Java(TM) 6 Update 20
    Java(TM) 6 Update 6
    JMicron JMB38X Flash Media Controller
    Junk Mail filter update
    LabelPrint
    LightScribe System Software 1.12.33.2
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2010 - English
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft PowerPoint Viewer
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MoneyManagerEX version 0.9.8.0
    Mozilla Firefox 8.0 (x86 en-GB)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.1
    My HP Games
    NEF Codec
    Norton Security Scan
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PDF Settings CS5
    Power2Go
    PowerDirector
    ProtectSmart Hard Drive Protection
    PxMergeModule
    QuickTime
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Shop for HP Supplies
    Skype Click to Call
    Skype™ 5.5
    swMSM
    Synaptics Pointing Device Driver
    Uninstall DreamSuite Bonus
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    Viewpoint Media Player
    VLC media player 1.0.5
    WhiteCap
    Windows Installer Clean Up
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.01 (32-bit)
    ZTE_MF627_USB_MODEM_1.2059.0.4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    06/12/2011 14:40:53, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    06/12/2011 14:40:05, Error: hpdskflt [1001] - An unsupported disk adapter was found.
    06/12/2011 14:40:04, Error: sptd [4] - Driver detected an internal error in its data structures for .
    06/12/2011 12:15:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
    06/12/2011 12:15:18, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    05/12/2011 16:24:16, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    03/12/2011 13:46:41, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hpdskflt
    01/12/2011 00:46:15, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    01/12/2011 00:46:07, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    01/12/2011 00:46:01, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.
    .
    ==== End Of File ===========================
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot, Sarah! You did the right thing- I would have referred you to the preliminary scans thread. I will be glad to help with the malware.

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    As you may have noticed in Mbam, removing malware isn't just removing one entry-or two- or more. With all of the different malwares you have, I would like to continue with the cleaning. If you use a Site Advisor (which I will recommend later) you would notice in a search that most of the sites about removing 'malware' would not be recommended, trustworthy sites. WOT would show a 'red light' for most.
    ==================================
    There is a program installed named Relevant Knowledge. This needs to be removed. Please go to the Add/Remove Programs in the Control Panel. Look for this program> if you see it, please uninstall it.

    Then use Windows Explorer to go to Computer> Local Drive(usually C)> Programs> look for program folder for Relevant Knowledge. If found, please do a right click> Delete.
    ====================================
    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system. (I see Java(TM) 6 Update 20 & Java(TM) 6 Update 62 outdated versions)
    Note: Be sure to update before you uninstall outdated versions.
    --------------------------------------
    Because of the outdated Java, some of the malware will be in the Java cache, so it must be emptied:
    This should help with clearing the Java cache:
    1. Click Start, and then click Control Panel.
    [​IMG]
    2. Click Programs, and then click the Java icon.
    [​IMG]
    If you are using Windows 7 and your View by is set to either Large icons or Small icons, then click the Java icon.
    [​IMG]
    ------------------>[​IMG]
    3. Click the General tab> Temporary Internet Files section> click Settings.
    4. Click Delete Files.
    5. In the Delete Temporary Files window, select all the check boxes, and then click OK.
    6. Click OK to close the Temporary Files Settings window.
    7. Click OK to close the Java Control Panel window.
    Images courtesy AOL Help
    =========================================
    I would like you to run Combofix. It won't run with AVG, so that needs to be uninstalled temporarily:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
      ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==========================================
    When the above is finished, please run the Eset online virus scan:
    For Internet Explorer:> start here:
    • Open the ESETOnlineScan
      -------------
      Note: If you are using a browser other than Internet Explorer> start here:
    • Open Eset Smart Installer
    • Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    • Double click on the desktop icon to run.
    • After successful installation of the ESET Smart Installer, the ESET Online Scanner wil be launched in a new Window
    • Continue with the directions.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    ===============================
    Please leave the logs for Combofix and the Eset scan in your net reply.
  4. SarahT

    SarahT Newcomer, in training Topic Starter

    Thanks for your help. Here are the log details.

    ComboFix 11-12-06.01 - Sarah 06/12/2011 21:12:56.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3039.2369 [GMT 0:00]
    Running from: c:\users\Sarah\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Corsair Addon
    c:\program files\Corsair Addon\uninstall.exe
    c:\users\Sarah\AppData\Local\6b2cf9db\U
    c:\users\Sarah\AppData\Local\6b2cf9db\U\80000000.@
    c:\users\Sarah\AppData\Local\6b2cf9db\U\800000cb.@
    c:\users\Sarah\AppData\Local\6b2cf9db\U\800000cf.@
    c:\users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\pse_350_enu.exe
    c:\users\Sarah\Documents\~WRL0005.tmp
    c:\users\Sarah\Documents\~WRL2903.tmp
    c:\users\Sarah\Documents\~WRL3042.tmp
    c:\users\Sarah\Documents\~WRL3583.tmp
    c:\windows\$NtUninstallKB27912$
    c:\windows\$NtUninstallKB27912$\4222998134
    c:\windows\system32\drivers\etc\hosts.txt
    c:\windows\system32\system
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-06 21:45 . 2011-12-06 21:52 -------- d-----w- c:\users\Sarah\AppData\Local\temp
    2011-12-06 21:45 . 2011-12-06 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-06 21:18 . 2011-12-06 21:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B04E1F0-0377-4287-8F99-3DA605DD9B0C}\offreg.dll
    2011-12-06 21:06 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2011-12-06 20:44 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-12-06 20:44 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-12-06 20:44 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-12-06 20:44 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-12-06 20:44 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-12-06 20:44 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-12-06 20:43 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
    2011-12-06 20:43 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-12-06 20:43 . 2011-12-06 20:43 -------- d-----w- c:\programdata\AVAST Software
    2011-12-06 20:43 . 2011-12-06 20:43 -------- d-----w- c:\program files\AVAST Software
    2011-12-06 20:26 . 2011-12-06 20:26 -------- d-----w- c:\program files\Common Files\Java
    2011-12-06 14:27 . 2011-12-06 14:27 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
    2011-12-06 14:26 . 2011-12-06 14:26 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-06 14:26 . 2011-12-06 14:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-06 14:26 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-05 10:21 . 2011-12-05 10:21 -------- d-----w- c:\programdata\boost_interprocess
    2011-12-04 21:27 . 2011-12-05 10:46 -------- d-----w- c:\program files\Windows iLivid Toolbar
    2011-12-04 21:27 . 2011-12-04 21:27 -------- d-----w- c:\users\Sarah\AppData\Local\PackageAware
    2011-11-28 12:59 . 2010-11-05 01:57 32072 ----a-w- c:\users\Sarah\AppData\Roaming\build6.exe
    2011-11-16 17:40 . 2009-05-26 13:29 61440 ----a-w- c:\windows\system32\aestaren.dll
    2011-11-16 17:40 . 2009-05-26 13:29 368640 ----a-w- c:\windows\system32\aestecap.dll
    2011-11-16 17:40 . 2009-05-26 13:30 536576 ----a-w- c:\windows\system32\idtmini1.exe
    2011-11-16 17:40 . 2009-05-26 13:29 142848 ----a-w- c:\windows\system32\aestacap.dll
    2011-11-16 17:40 . 2009-05-26 13:30 450652 ----a-w- c:\windows\sttray.exe
    2011-11-16 17:40 . 2009-05-26 13:30 3567616 ----a-w- c:\windows\system32\stlang.dll
    2011-11-16 17:40 . 2009-05-26 13:29 12017756 ----a-w- c:\windows\system32\idtcpl.cpl
    2011-11-15 16:46 . 2010-11-05 01:57 32072 ----a-w- c:\users\Sarah\AppData\Roaming\build7.exe
    2011-11-15 14:52 . 2011-11-15 14:52 -------- d-----w- c:\users\Public\Roaming
    2011-11-15 13:57 . 2011-12-06 21:43 -------- d-sh--w- c:\users\Sarah\AppData\Local\6b2cf9db
    2011-11-15 13:52 . 2011-11-15 13:52 -------- d-----w- c:\programdata\ALM
    2011-11-14 19:03 . 2011-11-14 19:03 -------- d-----w- c:\program files\Adobe Download Assistant
    2011-11-14 18:02 . 2011-11-14 18:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-11-14 16:57 . 2011-11-14 16:57 -------- d-----w- C:\$AVG
    2011-11-14 16:03 . 2011-11-14 16:03 -------- d-----w- c:\users\Sarah\AppData\Local\Seven Zip
    2011-11-14 00:34 . 2011-11-14 00:34 -------- d-----w- c:\users\Sarah\AppData\Local\Facebook
    2011-11-11 10:31 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-11 10:31 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-11 10:31 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
    2011-11-10 23:09 . 2011-11-10 23:09 -------- d-----w- c:\users\Sarah\AppData\Roaming\AVG2012
    2011-11-10 23:06 . 2011-12-06 20:37 -------- d-----w- c:\programdata\AVG2012
    2011-11-09 20:11 . 2011-11-18 01:03 -------- d-----w- c:\users\Sarah\AppData\Local\Akamai
    2011-11-08 11:10 . 2011-11-08 11:10 -------- d-----w- c:\programdata\UAB
    2011-11-08 11:10 . 2011-11-08 11:10 -------- d-----w- c:\users\Sarah\AppData\Local\PC_Drivers_Headquarters
    2011-11-08 11:10 . 2011-11-08 11:10 -------- d-----w- c:\programdata\Driver Whiz
    2011-11-08 11:04 . 2011-10-18 01:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2B04E1F0-0377-4287-8F99-3DA605DD9B0C}\mpengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-06 20:25 . 2010-05-04 13:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-23 20:18 . 2011-10-05 22:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-09 11:13 . 2011-10-09 11:13 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-10-09 10:38 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-10-01 02:42 . 2011-10-13 02:05 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2002-07-28 22:40 . 2007-05-22 15:20 1059840 ----a-w- c:\program files\DS_Bonus_Plugin.8bf
    2011-11-05 07:10 . 2011-11-16 11:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-26 468264]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-05-26 450652]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "QlbCtrl.exe"=c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    .
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-06 136176]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-06 136176]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1343400]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\aestsrv.exe [2009-05-26 81920]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-19 19456]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2010-08-07 54784]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - Avgfwfd
    *Deregistered* - AVGIDSDrivervtx
    *Deregistered* - AVGIDSFiltervtx
    *Deregistered* - AVGIDSShimvtx
    *Deregistered* - Avgrkx86
    *Deregistered* - Avgtdix
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1874340787-3662725805-613299546-1000Core.job
    - c:\users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-14 00:34]
    .
    2011-12-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1874340787-3662725805-613299546-1000UA.job
    - c:\users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-14 00:34]
    .
    2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-06 20:44]
    .
    2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-06 20:44]
    .
    2011-12-05 c:\windows\Tasks\HPCeeScheduleForSarah.job
    - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.searchqu.com/406
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = http=127.0.0.1
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\aqw47cmw.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{f92a9fe4-2850-4198-b9d5-279880e49b16} - (no file)
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    Toolbar-10 - (no file)
    HKCU-Run-AVG LiveKive - c:\program files\AVG LiveKive\AVGLiveKive.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1874340787-3662725805-613299546-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1874340787-3662725805-613299546-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(4408)
    c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\STacSV.exe
    c:\windows\system32\rundll32.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\DllHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\DllHost.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-06 22:05:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-06 22:05
    .
    Pre-Run: 45,133,623,296 bytes free
    Post-Run: 45,131,022,336 bytes free
    .
    - - End Of File - - 5A77B6E1F1FA52C48C8ADE558D15E2E8

    C:\Users\Sarah\Desktop\keygen.exe a variant of MSIL/Injector.OO trojan
    C:\Users\Sarah\Downloads\cnet_IDTv087_zip.exe a variant of Win32/InstallCore.D application
    C:\Users\Sarah\Downloads\Adobe_CS5.5_Keygen\keygen.exe a variant of MSIL/Injector.OO trojan
    C:\Users\Sarah\Downloads\Adobe_CS5.5_Keygen (2)\keygen.exe a variant of MSIL/Injector.OO trojan

    Was that everything you need?
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You began the DDS.txt log> DDS (Ver_2011-08-26.01) - NTFSx86
    followed by the Heading and Security followed>
    Then "Running Processes"> but you ended that log with this running processes>C:\Windows\system32\DllHost.exe.

    You omitted the entire rest of that log.
    The next section begins as: ============== Pseudo HJT Report ===============
    followed by 4 more sections> ending ============= FINISH== time given ===============

    Please search for the DDS.txt log on the system and include the full logs in your next reply.

    The main problems is that you are running way too many processes- so what looks like a full log, isn't!
  6. SarahT

    SarahT Newcomer, in training Topic Starter

    I can't seem to find where the DDS log is anywhere.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Sarah, I need the information that is in the rest of the DDS.txt log. Please run the program again.

    Please follow this part carefully:
    • Notepad will open with the results, click no to the Optional_Scan
    • Follow the instructions that pop up for posting the results.
    • When done, DDS will open two (2) logs: Please paste both in your next reply.
      [o]DDS.txt
      [o]Attach.txt

    You had the log because you pasted part of it in. But since you can't find it for the rest, we'll just make a new one!
  8. SarahT

    SarahT Newcomer, in training Topic Starter

    When I go to the download site for DDS by subs the link doesn't let me download.
  9. SarahT

    SarahT Newcomer, in training Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
    Run by Sarah at 11:49:39 on 2011-12-13
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3039.1709 [GMT 0:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\aestsrv.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\AVG LiveKive\AVGLiveKive.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Sarah\AppData\Local\Temp\svchost.exe
    C:\Program Files\AVG LiveKive\AVGLiveKive.exe
    C:\Program Files\AVG LiveKive\windows_dir_watcher.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.searchqu.com/406
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local;<local>
    uInternet Settings,ProxyServer = http=127.0.0.1
    BHO: AutorunsDisabled - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [AVG LiveKive] "c:\program files\avg livekive\AVGLiveKive.exe" --windows_startup
    uRun: [Windows Live] c:\users\sarah\appdata\local\temp\winini.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25}\244584F6D65684572623D253D46475 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25}\244584F6D65684572623D283B47534 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25}\341627D656C6964756 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{360466AF-B47F-4BF2-AB82-C3FF4FFFED25}\8393240234C4142554D4F4E445 : DhcpNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_b8cef5f1d6fff385\AEstSrv.exe [2010-4-6 81920]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-31 361808]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2010-8-7 54784]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-14 43552]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-6 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-31 193840]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-6 136176]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-5 15872]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-5 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-19 1343400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2011-12-13 10:31:05 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3427191b-3f60-48ad-bb34-a889dabc83e3}\offreg.dll
    2011-12-11 06:43:51 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{3427191b-3f60-48ad-bb34-a889dabc83e3}\mpengine.dll
    2011-12-10 13:33:41 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-12-10 13:12:18 -------- d-----w- C:\ComboFix
    2011-12-07 17:23:22 -------- d-----w- c:\users\sarah\appdata\roaming\AVG LiveKive
    2011-12-07 17:23:15 -------- d-----w- c:\program files\AVG LiveKive
    2011-12-06 22:32:19 -------- d-----w- c:\program files\ESET
    2011-12-06 21:45:44 -------- d-----w- c:\users\sarah\appdata\local\temp
    2011-12-06 21:06:29 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2011-12-06 21:03:09 518144 ----a-w- c:\windows\SWREG.exe
    2011-12-06 21:03:09 256000 ----a-w- c:\windows\PEV.exe
    2011-12-06 21:03:09 208896 ----a-w- c:\windows\MBR.exe
    2011-12-06 21:03:08 98816 ----a-w- c:\windows\sed.exe
    2011-12-06 20:43:29 -------- d-----w- c:\programdata\AVAST Software
    2011-12-06 20:43:29 -------- d-----w- c:\program files\AVAST Software
    2011-12-06 14:27:12 -------- d-----w- c:\users\sarah\appdata\roaming\Malwarebytes
    2011-12-06 14:26:34 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-06 10:32:51 -------- d-----w- c:\users\sarah\appdata\local\{BDCB2E2B-4D3F-4741-9926-98527B0E6868}
    2011-12-06 10:32:32 -------- d-----w- c:\users\sarah\appdata\local\{3EC27877-55DC-4217-83AC-0066B41050B1}
    2011-12-05 10:24:22 -------- d-----w- c:\users\sarah\appdata\local\{B1642F59-213B-4419-B8BB-463153FD3E17}
    2011-12-05 10:23:11 -------- d-----w- c:\users\sarah\appdata\local\{7764D51D-F515-4997-A974-20B7D8F554C8}
    2011-12-05 10:21:17 -------- d-----w- c:\programdata\boost_interprocess
    2011-12-04 21:27:46 -------- d-----w- c:\program files\Windows iLivid Toolbar
    2011-12-04 21:27:29 -------- d-----w- c:\users\sarah\appdata\local\PackageAware
    2011-12-04 10:20:59 -------- d-----w- c:\users\sarah\appdata\local\{FB6BCADD-EDF9-41DE-BB9F-37CC3ADA49A1}
    2011-12-04 10:20:18 -------- d-----w- c:\users\sarah\appdata\local\{227BF48F-A7C0-4DC9-8C77-2355D9A5EC49}
    2011-12-03 13:48:01 -------- d-----w- c:\users\sarah\appdata\local\{70A89CD5-DC8E-49DF-90FE-12C546781B02}
    2011-12-03 13:47:38 -------- d-----w- c:\users\sarah\appdata\local\{EC94E687-0959-4845-AE8F-6E9C5B187E4E}
    2011-12-03 13:38:53 -------- d-----w- c:\users\sarah\appdata\local\{72638B56-AE5A-457C-BE76-BA4D77EB8E04}
    2011-12-03 13:38:17 -------- d-----w- c:\users\sarah\appdata\local\{6138B211-27D1-4160-A9D4-D508D6C95EE3}
    2011-12-01 18:13:13 -------- d-----w- c:\users\sarah\appdata\local\{19436110-22D9-496A-80FC-52149B0612F8}
    2011-12-01 18:12:47 -------- d-----w- c:\users\sarah\appdata\local\{048B063A-3A32-4C34-A6CD-1890FE1FE5A4}
    2011-11-30 23:09:58 -------- d-----w- c:\users\sarah\appdata\local\{311E8C09-A114-4EE0-B3E4-023EB406B98D}
    2011-11-30 23:09:35 -------- d-----w- c:\users\sarah\appdata\local\{4DE8767E-6CB0-4D54-BC0A-DD308E641CDD}
    2011-11-30 11:09:07 -------- d-----w- c:\users\sarah\appdata\local\{6F12CE3A-BDF0-4B71-AC6B-AE39F7539CAB}
    2011-11-30 11:08:43 -------- d-----w- c:\users\sarah\appdata\local\{251730BA-54A2-4438-A1C9-08C7C80B768D}
    2011-11-29 23:08:16 -------- d-----w- c:\users\sarah\appdata\local\{3121D1DB-CF08-4B1C-8FC2-58F8BF662116}
    2011-11-29 23:07:54 -------- d-----w- c:\users\sarah\appdata\local\{BF268942-97D2-4434-B105-DBF3DAA56FDF}
    2011-11-29 11:06:43 -------- d-----w- c:\users\sarah\appdata\local\{CBF13F68-3DA9-469F-B3A6-E95843910A34}
    2011-11-29 11:06:15 -------- d-----w- c:\users\sarah\appdata\local\{79ACFAC1-0BE7-45F6-9211-53D0F6496EFA}
    2011-11-28 13:01:55 -------- d-----w- c:\users\sarah\appdata\local\{A8A07184-79CA-44E7-87E7-C95EE29FA54C}
    2011-11-28 13:00:52 -------- d-----w- c:\users\sarah\appdata\local\{BA4B7E19-69AE-46FA-B3E9-A887EF631FCB}
    2011-11-28 12:59:18 32072 ----a-w- c:\users\sarah\appdata\roaming\build6.exe
    2011-11-26 12:13:54 -------- d-----w- c:\users\sarah\appdata\local\{4AEC48C2-FAA6-44B7-B90D-95DC2FBDC641}
    2011-11-26 12:13:32 -------- d-----w- c:\users\sarah\appdata\local\{0EAB5403-963E-4CA5-83D2-ABC16082A777}
    2011-11-26 00:12:46 -------- d-----w- c:\users\sarah\appdata\local\{B2ABF7CF-6128-4FA1-B8BB-E6B043F22441}
    2011-11-26 00:11:54 -------- d-----w- c:\users\sarah\appdata\local\{3DF719A2-843E-45E0-8477-223D6EFCC48B}
    2011-11-25 11:05:48 -------- d-----w- c:\users\sarah\appdata\local\{BF63A704-D8E7-4632-9A58-C932218FE649}
    2011-11-25 11:04:47 -------- d-----w- c:\users\sarah\appdata\local\{BEB8303C-88DF-408D-8543-499457CC6EFE}
    2011-11-23 18:51:19 -------- d-----w- c:\users\sarah\appdata\local\{17FA27D9-8955-42C8-8F5F-CC86C88CBBF3}
    2011-11-23 18:50:34 -------- d-----w- c:\users\sarah\appdata\local\{F4137256-DB98-498E-B108-76BD279E2E44}
    2011-11-22 11:31:36 -------- d-----w- c:\users\sarah\appdata\local\{E94826A0-E808-4FAA-8594-4253B83AD32A}
    2011-11-22 11:30:53 -------- d-----w- c:\users\sarah\appdata\local\{2C412344-AAC1-4C18-9905-1C6B050CBED2}
    2011-11-22 10:43:44 -------- d-----w- c:\users\sarah\appdata\local\{DAB0DA20-6F5C-41F5-BC1E-5517FDEB39A7}
    2011-11-21 22:43:17 -------- d-----w- c:\users\sarah\appdata\local\{92747A0B-AC90-49EB-AB7C-FB870FA89935}
    2011-11-21 22:42:51 -------- d-----w- c:\users\sarah\appdata\local\{E20B2176-173E-4493-AA8E-495C805ACA62}
    2011-11-21 10:42:23 -------- d-----w- c:\users\sarah\appdata\local\{8D92CEB8-4BA5-4D7F-94C4-31E13082A37F}
    2011-11-21 10:42:00 -------- d-----w- c:\users\sarah\appdata\local\{E50610B4-9B29-4B6C-949F-9E4C201201C2}
    2011-11-20 22:41:04 -------- d-----w- c:\users\sarah\appdata\local\{BA285C7C-574F-4302-8675-6C861CE2C30B}
    2011-11-20 22:39:52 -------- d-----w- c:\users\sarah\appdata\local\{BCA3CAB8-3570-4CC1-9598-805C828A4AC7}
    2011-11-20 10:35:09 -------- d-----w- c:\users\sarah\appdata\local\{C33BAB78-FC21-47E9-857E-972BE883F0B3}
    2011-11-20 10:34:39 -------- d-----w- c:\users\sarah\appdata\local\{CECB99D1-D893-4B34-9858-47C2C08CDC83}
    2011-11-18 11:09:53 -------- d-----w- c:\users\sarah\appdata\local\{F79C2E09-BF86-458C-BB12-160033504517}
    2011-11-18 11:09:27 -------- d-----w- c:\users\sarah\appdata\local\{9AC78D1B-09FB-434F-B0C6-0B6835FAC02E}
    2011-11-17 18:01:18 -------- d-----w- c:\users\sarah\appdata\local\{9348CB80-984A-4BAF-88F4-D4EC811BC30A}
    2011-11-17 18:00:50 -------- d-----w- c:\users\sarah\appdata\local\{699B5147-C644-46AD-8265-8A918BEC6BED}
    2011-11-16 23:34:30 -------- d-----w- c:\users\sarah\appdata\local\{5775D18F-6621-466C-92D0-7E7491B50DD2}
    2011-11-16 23:34:19 -------- d-----w- c:\users\sarah\appdata\local\{D169B006-9446-44EE-A39F-96A628842B66}
    2011-11-16 17:40:40 61440 ----a-w- c:\windows\system32\aestaren.dll
    2011-11-16 17:40:40 368640 ----a-w- c:\windows\system32\aestecap.dll
    2011-11-16 17:40:39 536576 ----a-w- c:\windows\system32\idtmini1.exe
    2011-11-16 17:40:39 142848 ----a-w- c:\windows\system32\aestacap.dll
    2011-11-16 17:40:38 450652 ----a-w- c:\windows\sttray.exe
    2011-11-16 17:40:38 3567616 ----a-w- c:\windows\system32\stlang.dll
    2011-11-16 17:40:38 12017756 ----a-w- c:\windows\system32\idtcpl.cpl
    2011-11-16 11:33:31 -------- d-----w- c:\users\sarah\appdata\local\{7DB371DB-4479-4504-9B30-623504CA6DD1}
    2011-11-16 11:32:28 -------- d-----w- c:\users\sarah\appdata\local\{8FF918B4-0BF3-4850-9AA3-58F40E8C0ADE}
    2011-11-15 23:30:56 -------- d-----w- c:\users\sarah\appdata\local\{E2431094-DC59-4B20-9653-CAF47E071461}
    2011-11-15 23:30:30 -------- d-----w- c:\users\sarah\appdata\local\{BE1022A5-CE00-40FA-8595-78954B40DABB}
    2011-11-15 16:46:44 32072 ----a-w- c:\users\sarah\appdata\roaming\build7.exe
    2011-11-15 13:57:48 -------- d-sh--w- c:\users\sarah\appdata\local\6b2cf9db
    2011-11-15 13:52:47 -------- d-----w- c:\programdata\ALM
    2011-11-15 11:30:02 -------- d-----w- c:\users\sarah\appdata\local\{DBAAB499-3667-498D-9DA4-D0454502A15B}
    2011-11-14 23:29:26 -------- d-----w- c:\users\sarah\appdata\local\{76DE2D43-5FB3-435B-8692-4050140EFB38}
    2011-11-14 23:29:04 -------- d-----w- c:\users\sarah\appdata\local\{B41F4F74-86C5-4563-BA21-68331B6331E9}
    2011-11-14 19:03:29 -------- d-----w- c:\program files\Adobe Download Assistant
    2011-11-14 16:03:20 -------- d-----w- c:\users\sarah\appdata\local\Seven Zip
    2011-11-14 11:28:35 -------- d-----w- c:\users\sarah\appdata\local\{E8030936-4D09-447E-BED6-98EB8FFECB56}
    2011-11-14 11:28:13 -------- d-----w- c:\users\sarah\appdata\local\{87819FAA-CAF9-427B-8E31-EC3D49645AD1}
    2011-11-14 00:34:28 -------- d-----w- c:\users\sarah\appdata\local\Facebook
    2011-11-13 14:37:43 -------- d-----w- c:\users\sarah\appdata\local\{EF1F8E9A-BA88-4A07-A9E9-D8FC20E81285}
    .
    ==================== Find3M ====================
    .
    2011-12-07 16:52:49 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-12-06 20:25:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-23 20:18:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-09 10:38:38 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-09-29 03:37:56 2341888 ----a-w- c:\windows\system32\win32k.sys
    2002-07-28 22:40:00 1059840 ----a-w- c:\program files\DS_Bonus_Plugin.8bf
    .
    ============= FINISH: 11:51:06.67 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 06/04/2010 18:19:02
    System Uptime: 13/12/2011 11:44:52 (0 hours ago)
    .
    Motherboard: Compal | | 30F4
    Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | CPU | 2000/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 289 GiB total, 28.751 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.627 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: SD/MMC
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&326E9577&0&000000#
    Manufacturer: JMCR
    Name: NIKON D90
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&326E9577&0&000000#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP234: 09/12/2011 11:31:10 - Windows Update
    RP235: 09/12/2011 12:33:51 - Windows Update
    RP236: 09/12/2011 19:39:52 - Windows Update
    RP237: 10/12/2011 13:00:21 - Removed AVG 2012
    RP238: 10/12/2011 13:02:19 - Removed AVG 2012
    RP239: 11/12/2011 03:00:19 - Windows Update
    RP240: 12/12/2011 03:00:16 - Windows Update
    RP241: 13/12/2011 00:18:54 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Content Viewer
    Adobe Creative Suite 5.5 Design Premium
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player
    Adobe Shockwave Player 11.6
    Adobe Widget Browser
    Agere Systems HDA Modem
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    µTorrent
    AVG LiveKive
    AVG PC Tuneup 2011
    Bing Bar
    Bing Bar Platform
    Bonjour
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    CyberLink YouCam
    D3DX10
    DivX Setup
    Driver Whiz
    Dropbox
    ESET Online Scanner v3
    ESU for Microsoft Vista
    Facebook Video Calling 1.0.0.8953
    Google Chrome
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.1.1.0
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP Quick Launch Buttons 6.40 D1
    HP QuickPlay 3.7
    HP QuickTouch 1.00 D2
    HP Support Assistant
    HP Total Care Advisor
    HP Update
    HP User Guides 0103
    HP Wireless Assistant
    HPSSupply
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 29
    JMicron JMB38X Flash Media Controller
    Junk Mail filter update
    LabelPrint
    LightScribe System Software 1.12.33.2
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2010 - English
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft PowerPoint Viewer
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MoneyManagerEX version 0.9.8.0
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.1
    My HP Games
    NEF Codec
    Norton Security Scan
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PDF Settings CS5
    Power2Go
    PowerDirector
    ProtectSmart Hard Drive Protection
    PxMergeModule
    QuickTime
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Shop for HP Supplies
    Skype Click to Call
    Skype™ 5.5
    swMSM
    Synaptics Pointing Device Driver
    Uninstall DreamSuite Bonus
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    Viewpoint Media Player
    VLC media player 1.0.5
    WhiteCap
    Windows Installer Clean Up
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.01 (32-bit)
    ZTE_MF627_USB_MODEM_1.2059.0.4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    13/12/2011 11:45:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hpdskflt
    13/12/2011 11:45:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c2 (0x00000007, 0x0000109b, 0x8308052a, 0x85ec10a0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121311-27487-01.
    13/12/2011 11:44:53, Error: hpdskflt [1001] - An unsupported disk adapter was found.
    13/12/2011 11:44:52, Error: sptd [4] - Driver detected an internal error in its data structures for .
    10/12/2011 13:30:49, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/12/2011 13:11:54, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147023179
    06/12/2011 21:09:54, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    06/12/2011 12:15:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
    06/12/2011 12:15:18, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Users\Sarah\Desktop\keygen.exe 
      C:\Users\Sarah\Downloads\cnet_IDTv087_zip.exe 
      C:\Users\Sarah\Downloads\Adobe_CS5.5_Keygen\keygen.exe 
      C:\Users\Sarah\Downloads\Adobe_CS5.5_Keygen (2)\keygen.exe 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ======================================
    The Adobe Creative Suite 5.5 Design Premium has been pirated This is $400.00 program. A keygen from a torrent site was used to download the program instead of paying for it.

    This piracy put the MSIL/Injector.OO trojan or bot on the system that may represent security risk for the compromised system and/or its network environment

    It is also a malicious backdoor trojan that runs in the background and allows remote access to the compromised system.
    =========================================
    There are also 60 appupdates between 11/13-12/6, none of which are identifiable.
    The Install Date: 06/04/2010, but no security updates.
    =========================================
    To continue support, remove the pirated program, then run the following:

    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
    Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
    This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

    1. What edition of Windows OS is it?
    2. Does it read "OEM Software" or "OEM Product" in black lettering?
    3. Or, does it have the computer manufacturer's name in black lettering?
    4. DO NOT post the Product Key.

    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
  11. SarahT

    SarahT Newcomer, in training Topic Starter

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files\bitcomet\torrents\avg anti-virus 9.0.704 crack + keygen.rar.torrent
    c:\program files\bitcomet\torrents\avg anti-virus 9.0.704 crack + keygen.rar[0].torrent
    c:\program files\bitcomet\torrents\avg anti-virus 9.0.704 crack + keygen.rar[1].torrent
    c:\program files\hp games\bejeweled 2 deluxe\wtmui_de\sounds\firecrackle.ogg
    c:\program files\hp games\bejeweled 2 deluxe\wtmui_default\sounds\firecrackle.ogg
    c:\program files\hp games\bejeweled 2 deluxe\wtmui_es\sounds\firecrackle.ogg
    c:\program files\hp games\bejeweled 2 deluxe\wtmui_fr\sounds\firecrackle.ogg
    c:\program files\hp games\bejeweled 2 deluxe\wtmui_it\sounds\firecrackle.ogg
    c:\users\sarah\downloads\adobe_cs5.5_keygen (1).rar
    c:\users\sarah\downloads\adobe_cs5.5_keygen (2).rar
    c:\users\sarah\downloads\adobe_cs5.5_keygen.rar
    c:\users\sarah\downloads\adobe_cs5.5_keygen\core.nfo
    c:\users\sarah\downloads\adobe_cs5.5_keygen (2)\core.nfo
    c:\_otm\movedfiles\12162011_161358\c_users\sarah\desktop\keygen.exe
    c:\_otm\movedfiles\12162011_161358\c_users\sarah\downloads\adobe_cs5.5_keygen\keygen.exe
    c:\_otm\movedfiles\12162011_161358\c_users\sarah\downloads\adobe_cs5.5_keygen (2)\keygen.exe
    scanner sequence 3.HH.11.BQLBVO
    ----- EOF -----

    I tried to copy the results for the diagnostics tool but every time I clicked the button nothing happened.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    It's a sad day when someone pirates an antivirus program!

    I previously removed these entries:
    There are more:
    Unless you remove the pirated programs and run the MGA DX tool so I can see whether the OS is legit, there will be no more support. We do not support piracy.
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Holiday Notice! I will not be working on the threads Sat. Dec. 24 or Sunday Dec. 25. I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.