Inactive Email Hacked, Keylogger?

Status
Not open for further replies.
W

wwm1129

Posts: 11   +0
Hi,

I have been having problems with my email account, more specifically, my password has been changed numerous times without my consent. I am wondering if this could be a result from keyloggers/other viruses.

Thank you!

Here are my logs:
 
Melwarebyte Scan Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5643

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/31/2011 8:11:36 PM
mbam-log-2011-01-31 (20-11-36).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 313284
Time elapsed: 3 hour(s), 1 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Gmer Log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-01 17:59:10
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320320AS rev.HP07
Running: kqbzn89j.exe; Driver: C:\Users\Wendy\AppData\Local\Temp\pxldypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwAccessCheckAndAuditAlarm [0x8B359810]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwClose [0x8B35B970]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwDeleteKey [0x8B35B620]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwDeleteValueKey [0x8B35B400]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwDuplicateToken [0x8B3596A0]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwImpersonateClientOfPort [0x8B359140]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwOpenThreadToken [0x8B359610]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwOpenThreadTokenEx [0x8B359650]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwQueryInformationToken [0x8B359BF0]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwQueryValueKey [0x8B35AD50]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwReplaceKey [0x8B35B850]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwRestoreKey [0x8B35B730]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwSetInformationThread [0x8B359290]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwSetSecurityObject [0x8B35BA60]
SSDT \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ZwSetValueKey [0x8B35AF10]

Code \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) MmCreateSection
Code \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) MmMapViewOfSection
Code \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ObCreateObject
Code \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.) ObOpenObjectByName

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C5D599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C81F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 1F8 82C89708 4 Bytes [10, 98, 35, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82C897C8 4 Bytes [70, B9, 35, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 38C 82C8989C 4 Bytes [20, B6, 35, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 398 82C898A8 4 Bytes [00, B4, 35, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 3B0 82C898C0 4 Bytes JMP B85F3947
.text ...
PAGE ntkrnlpa.exe!RtlEqualUnicodeString + 27B 82E3C721 5 Bytes JMP 8B372900 \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.)
PAGE ntkrnlpa.exe!MmCreateSection 82E3D197 5 Bytes JMP 8B372B00 \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.)
PAGE ntkrnlpa.exe!ObCreateObject 82E3DDC2 5 Bytes JMP 8B372980 \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.)
PAGE ntkrnlpa.exe!ObOpenObjectByName 82E61174 5 Bytes JMP 8B372A00 \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.)
PAGE ntkrnlpa.exe!MmMapViewOfSection 82E99217 5 Bytes JMP 8B372A80 \SystemRoot\System32\Drivers\GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74322494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74305624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743056E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7432250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74318573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74314D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743150CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743151A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [743166D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743182CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74318819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7431907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7431E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2408] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74314C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice GeSWall.sys (GeSWall driver/GentleSecurity S.a.r.l.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device tdx.sys (TDI Translation Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
DDS log

DDS (Ver_10-12-12.02) - NTFSx86
Run by Wendy at 18:43:46.18 on Tue 02/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.2074 [GMT -5:00]

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\geswall\gswserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\geswall\gswui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Wendy\Downloads\dds(3).scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uSearch Bar =
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\geswall\gswui.exe,
BHO: BobaBHOApp Class: {0832ff2c-0867-48ac-a446-3ec50fb4cc3a} - c:\bbplayer\BobaBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\wendy\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [printutil] c:\users\wendy\appdata\local\temp\7zs2224\HPPDU.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\wendy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download All By FlashGet3 - c:\users\wendy\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\wendy\appdata\roaming\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: juno.com
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: http\https - {C3238BEC-FEFC-46B7-9C86-0CD8200B4496} - c:\windows\system32\RichTX32.dll
SEH: GeSWall Shell Extension: {f6acc71c-420b-4a95-905c-c7534706813c} - c:\program files\geswall\gswshext.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\wendy\appdata\roaming\mozilla\firefox\profiles\n3t6fd8l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\users\wendy\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\wendy\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\wendy\appdata\roaming\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\users\wendy\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\wendy\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\wendy\appdata\roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R0 GeSWall;GeSWall;c:\windows\system32\drivers\geswall.sys [2009-7-30 157184]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-30 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-30 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-30 61960]
R2 gswserv;GeSWall service;c:\program files\geswall\gswserv.exe [2010-12-6 970752]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-22 365952]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-22 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-10-24 166912]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-20 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-15 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

=============== Created Last 30 ================

2011-02-01 11:17:58 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ef4ad6c4-7b8b-4536-88aa-f4332bb5bf1f}\mpengine.dll
2011-01-30 23:39:01 -------- d-----w- c:\users\wendy\appdata\roaming\Malwarebytes
2011-01-30 23:37:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 23:37:48 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-30 23:37:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 23:37:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 23:16:01 -------- d-----w- c:\windows\geswall
2011-01-30 23:15:51 -------- d-----w- c:\program files\geswall
2011-01-30 23:04:36 -------- d-----w- c:\users\wendy\appdata\roaming\Avira
2011-01-30 23:02:34 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-30 23:02:33 -------- d-----w- c:\program files\Avira
2011-01-30 23:02:33 -------- d-----w- c:\progra~2\Avira
2011-01-30 22:10:10 -------- d-----w- c:\users\wendy\appdata\roaming\SUPERAntiSpyware.com
2011-01-30 22:10:10 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-23 02:20:26 -------- d-----r- c:\program files\Skype
2011-01-16 14:28:05 -------- d-----w- c:\users\wendy\appdata\local\AOL
2011-01-16 14:28:05 -------- d-----w- c:\users\wendy\appdata\local\AIM
2011-01-16 14:28:02 -------- d-----w- c:\progra~2\AIM
2011-01-16 14:27:59 -------- d-----w- c:\program files\AIM
2011-01-16 14:27:58 -------- d-----w- c:\program files\common files\Software Update Utility
2011-01-16 14:27:55 -------- d-----w- c:\program files\common files\AOL
2011-01-15 18:06:13 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-11 21:16:59 161792 ----a-w- c:\windows\system32\d3d10_1.dll

==================== Find3M ====================

2010-12-06 15:01:02 675840 ----a-w- c:\windows\system32\gswgp.dll
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

============= FINISH: 18:45:33.35 ===============
 
Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/4/2010 6:06:42 PM
System Uptime: 2/1/2011 6:37:44 PM (0 hours ago)

Motherboard: Wistron | | 3612
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 1200/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 287 GiB total, 209.32 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.433 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL

==== System Restore Points ===================

RP123: 12/17/2010 3:26:26 PM - Windows Update
RP124: 12/21/2010 5:44:49 PM - Windows Update
RP125: 12/24/2010 3:34:34 PM - Windows Update
RP126: 12/28/2010 6:55:37 AM - Windows Update
RP127: 12/30/2010 7:42:02 AM - Windows Update
RP128: 12/31/2010 7:34:39 AM - Windows Update
RP129: 1/4/2011 6:15:06 AM - Windows Update
RP130: 1/7/2011 2:43:36 PM - Windows Update
RP131: 1/7/2011 2:57:34 PM - Windows Update
RP132: 1/11/2011 4:16:52 PM - Windows Update
RP133: 1/12/2011 9:11:40 AM - Windows Update
RP134: 1/14/2011 4:16:16 PM - Windows Update
RP135: 1/15/2011 1:04:59 PM - Installed Java(TM) 6 Update 23
RP136: 1/18/2011 6:25:17 AM - Windows Update
RP137: 1/21/2011 3:15:54 PM - Windows Update
RP138: 1/25/2011 4:26:06 PM - Windows Update
RP139: 1/26/2011 10:00:40 PM - Windows Update
RP140: 1/28/2011 2:37:55 PM - Windows Update
RP141: 1/30/2011 6:15:11 PM - Installed GeSWall 2.9.1 Freeware
RP142: 2/1/2011 6:17:21 AM - Windows Update

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player
Adobe Shockwave Player 11.5
AIM 7
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Avira AntiVir Personal - Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Bonjour
BufferChm
C5200
C5200_Help
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Content Transfer
Copy
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink YouCam
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Download Updater (AOL LLC)
ESU for Microsoft Vista
eSupportQFolder
Fax
GeSWall 2.9.1 Freeware
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
GPBaseService
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Doc Viewer
HP Driver Diagnostics
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Quick Launch Buttons 6.40 H2
HP Solution Center 10.0
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 6 Update 7
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
NetWaiting
Norton Internet Security
Norton Security Scan
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
PanoStandAlone
PhotoScape
Power2Go
PowerDirector
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.1
SolutionCenter
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toolbox
TrayApp
Unity Web Player
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg

==== Event Viewer Messages From Past Week ========

2/1/2011 6:40:16 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/3714764274/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
2/1/2011 6:40:16 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
2/1/2011 6:39:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
2/1/2011 6:39:46 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
2/1/2011 4:06:31 PM, Error: Service Control Manager [7034] - The GeSWall service service terminated unexpectedly. It has done this 1 time(s).
1/31/2011 4:15:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2011 4:15:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/31/2011 4:15:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/31/2011 4:15:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/31/2011 4:15:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/31/2011 4:15:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/31/2011 4:14:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/31/2011 4:14:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr ssmdrv tdx vwififlt Wanarpv6 WfpLwf
1/31/2011 4:14:37 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2011 4:14:37 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2011 4:14:37 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2011 4:14:37 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2011 4:14:37 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2011 4:14:37 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2011 4:14:37 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2011 4:14:37 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2011 4:14:37 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2011 4:14:37 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2011 4:05:44 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/31/2011 4:05:44 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846.
1/31/2011 4:05:44 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
1/31/2011 4:05:44 PM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The pipe has been ended.
1/31/2011 4:05:44 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
1/31/2011 4:05:44 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032.
1/31/2011 4:05:43 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The pipe has been ended.
1/31/2011 4:05:42 PM, Error: Service Control Manager [7023] - The hpqcxs08 service terminated with the following error: %%-2147467243
1/31/2011 4:05:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/31/2011 4:05:41 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/31/2011 4:05:41 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/31/2011 4:05:41 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/31/2011 4:05:41 PM, Error: Service Control Manager [7038] - The FontCache3.0.0.0 service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/31/2011 4:05:41 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
1/31/2011 4:05:41 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not start due to a logon failure.
1/31/2011 4:05:41 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
1/31/2011 4:05:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/30/2011 6:34:14 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/30/2011 6:28:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
1/30/2011 6:28:00 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/30/2011 6:03:08 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
1/28/2011 5:43:46 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MANDYMOY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A0D47FC9-8808-4ECD-835C-5CDAEA. The master browser is stopping or an election is being forced.
1/27/2011 12:39:44 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Moy\Wendy SID (S-1-5-21-2239686510-729420797-886957577-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/26/2011 9:09:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/26/2011 12:19:32 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Moy\Guest SID (S-1-5-21-2239686510-729420797-886957577-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRcheck log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP G60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 197):
0x82C02000 \SystemRoot\system32\ntkrnlpa.exe
0x83012000 \SystemRoot\system32\halmacpi.dll
0x80BD2000 \SystemRoot\system32\kdcom.dll
0x8323F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832B7000 \SystemRoot\system32\PSHED.dll
0x832C8000 \SystemRoot\system32\BOOTVID.dll
0x832D0000 \SystemRoot\system32\CLFS.SYS
0x83312000 \SystemRoot\system32\CI.dll
0x8AE1E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AE8F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AE9D000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8AEE5000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8AEEE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8AEF6000 \SystemRoot\system32\DRIVERS\pci.sys
0x8AF20000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8AF2B000 \SystemRoot\System32\drivers\partmgr.sys
0x8AF3C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8AF4C000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AF97000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AF9F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AFAA000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AFC0000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8AFC9000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8AFEC000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8AE00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8AE0E000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x833BD000 \SystemRoot\system32\drivers\fltmgr.sys
0x83200000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B00A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B139000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B164000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B177000 \SystemRoot\System32\Drivers\cng.sys
0x8B1D4000 \SystemRoot\System32\drivers\pcw.sys
0x8B1E2000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B201000 \SystemRoot\system32\drivers\ndis.sys
0x8B2B8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B2F6000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B40A000 \SystemRoot\System32\drivers\tcpip.sys
0x8B553000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B584000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B5C3000 \SystemRoot\System32\Drivers\spldr.sys
0x8B5CB000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B31B000 \SystemRoot\System32\Drivers\mup.sys
0x8B5F8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B32B000 \SystemRoot\System32\Drivers\GeSWall.sys
0x8B352000 \SystemRoot\System32\Drivers\TDI.SYS
0x8B35D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B38F000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B3A0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x83211000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B3EE000 \SystemRoot\System32\Drivers\Null.SYS
0x8B3F5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B1EB000 \SystemRoot\System32\drivers\vga.sys
0x8FA1D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FA3E000 \SystemRoot\System32\drivers\watchdog.sys
0x8FA4B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FA53000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FA5B000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8FA63000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FA6E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FA7C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FA93000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FAC5000 \SystemRoot\system32\drivers\afd.sys
0x8FB1F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8FB26000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FB45000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8FB56000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FB64000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FB77000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FB87000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8FB8D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FBCE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FBD8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FBE2000 \SystemRoot\System32\drivers\discache.sys
0x8FA00000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FBEE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90819000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x9083F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90860000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90872000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x91415000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x91912000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9087B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x919C9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x908B4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x919D4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x908FF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9091E000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x90A0B000 \SystemRoot\system32\DRIVERS\athr.sys
0x90B1B000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x90B25000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90B3D000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x90B42000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90B4F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90B7F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90B81000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90B8E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90B92000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90B98000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x90BA5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90BB7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90BCF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90BDA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x919E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90940000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90957000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90BFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9096E000 \SystemRoot\system32\DRIVERS\ks.sys
0x91400000 \SystemRoot\system32\DRIVERS\umbus.sys
0x909A2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x909E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x93839000 \SystemRoot\system32\drivers\CHDRT32.sys
0x93874000 \SystemRoot\system32\drivers\portcls.sys
0x938A3000 \SystemRoot\system32\drivers\drmk.sys
0x938BC000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x938FA000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90E21000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x90ED6000 \SystemRoot\system32\drivers\modem.sys
0x90EE3000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x90F04000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x90F30000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x97E16000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x98169000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x98177000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x99F60000 \SystemRoot\System32\win32k.sys
0x9817E000 \SystemRoot\System32\drivers\Dxapi.sys
0x98188000 \SystemRoot\System32\Drivers\crashdmp.sys
0x98195000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x981A0000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x981AA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x981BB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A1C0000 \SystemRoot\System32\TSDDD.dll
0x99E00000 \SystemRoot\System32\cdd.dll
0x99E20000 \SystemRoot\System32\ATMFD.DLL
0x981C6000 \SystemRoot\system32\drivers\luafv.sys
0x981E1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x90F47000 \SystemRoot\system32\drivers\WudfPf.sys
0x97E00000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90F61000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90FA7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x90FB7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x981F6000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x9B434000 \SystemRoot\system32\drivers\HTTP.sys
0x9B4B9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B4D2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B4E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B507000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B542000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B575000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAC418000 \SystemRoot\system32\drivers\peauth.sys
0xAC4AF000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAC4B9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAC4DA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAC4E7000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAC4EF000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAC53E000 \SystemRoot\System32\DRIVERS\srv.sys
0xAC400000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAC409000 \??\C:\Users\Wendy\AppData\Local\Temp\mbr.sys
0x776F0000 \Windows\System32\ntdll.dll
0x47CB0000 \Windows\System32\smss.exe
0x77930000 \Windows\System32\apisetschema.dll
0x00880000 \Windows\System32\autochk.exe
0x778C0000 \Windows\System32\difxapi.dll
0x775F0000 \Windows\System32\wininet.dll
0x77860000 \Windows\System32\shlwapi.dll
0x77550000 \Windows\System32\usp10.dll
0x77410000 \Windows\System32\urlmon.dll
0x77360000 \Windows\System32\rpcrt4.dll
0x772B0000 \Windows\System32\msvcrt.dll
0x77840000 \Windows\System32\imm32.dll
0x77290000 \Windows\System32\sechost.dll
0x77200000 \Windows\System32\oleaut32.dll
0x77130000 \Windows\System32\user32.dll
0x764E0000 \Windows\System32\shell32.dll
0x76340000 \Windows\System32\setupapi.dll
0x76270000 \Windows\System32\msctf.dll
0x761F0000 \Windows\System32\comdlg32.dll
0x761A0000 \Windows\System32\gdi32.dll
0x76040000 \Windows\System32\ole32.dll
0x77830000 \Windows\System32\nsi.dll
0x75FF0000 \Windows\System32\Wldap32.dll
0x75F60000 \Windows\System32\clbcatq.dll
0x75F50000 \Windows\System32\psapi.dll
0x75D50000 \Windows\System32\iertutil.dll
0x75C70000 \Windows\System32\kernel32.dll
0x75C60000 \Windows\System32\lpk.dll
0x75C50000 \Windows\System32\normaliz.dll
0x75BB0000 \Windows\System32\advapi32.dll
0x75B70000 \Windows\System32\ws2_32.dll
0x75B40000 \Windows\System32\imagehlp.dll
0x75A20000 \Windows\System32\crypt32.dll
0x759F0000 \Windows\System32\wintrust.dll
0x759D0000 \Windows\System32\devobj.dll
0x75980000 \Windows\System32\KernelBase.dll
0x75950000 \Windows\System32\cfgmgr32.dll
0x758C0000 \Windows\System32\comctl32.dll
0x758B0000 \Windows\System32\msasn1.dll

Processes (total 79):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
416 csrss.exe
468 C:\Windows\System32\wininit.exe
476 csrss.exe
524 C:\Windows\System32\services.exe
556 C:\Windows\System32\lsass.exe
564 C:\Windows\System32\winlogon.exe
576 C:\Windows\System32\lsm.exe
692 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\svchost.exe
844 C:\Program Files\geswall\gswserv.exe
988 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\spoolsv.exe
1468 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1488 C:\Windows\System32\svchost.exe
1596 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1628 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1652 C:\Program Files\Bonjour\mDNSResponder.exe
1700 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\svchost.exe
1768 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1844 C:\Windows\System32\svchost.exe
1876 C:\Windows\System32\svchost.exe
1960 C:\Program Files\SMINST\BLService.exe
1984 C:\Program Files\CyberLink\Shared files\RichVideo.exe
1992 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2000 C:\Windows\System32\conhost.exe
424 C:\Windows\System32\drivers\XAudio.exe
2168 C:\Program Files\geswall\gswui.exe
2176 C:\Windows\System32\dwm.exe
2244 C:\Windows\System32\taskhost.exe
2260 C:\Windows\explorer.exe
2644 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2652 C:\Windows\vsnp2uvc.exe
2660 C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
2736 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2748 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2760 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2772 C:\Program Files\HP\QuickPlay\QPService.exe
2860 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2920 C:\Program Files\iTunes\iTunesHelper.exe
2928 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3056 C:\Windows\ehome\ehmsas.exe
3168 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3204 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3220 C:\Program Files\Windows Sidebar\sidebar.exe
3456 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
4016 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2216 C:\Windows\System32\SearchIndexer.exe
2556 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3188 C:\Program Files\iPod\bin\iPodService.exe
3404 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3720 WmiPrvSE.exe
532 C:\Windows\System32\svchost.exe
4244 C:\Program Files\Windows Media Player\wmpnetwk.exe
4376 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4384 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
5836 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5964 C:\Windows\System32\svchost.exe
2112 C:\Windows\System32\svchost.exe
2968 C:\Program Files\AIM\aim.exe
4536 C:\Program Files\Mozilla Firefox\firefox.exe
1440 C:\Program Files\Mozilla Firefox\plugin-container.exe
4396 C:\Program Files\iTunes\iTunes.exe
5548 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
5404 C:\Windows\System32\conhost.exe
5208 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
3648 C:\Windows\System32\conhost.exe
5204 C:\Windows\System32\audiodg.exe
3160 C:\Windows\System32\SearchProtocolHost.exe
4640 C:\Users\Wendy\Downloads\MBRCheck.exe
3408 C:\Windows\System32\conhost.exe
2368 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`cab00000 (NTFS)

PhysicalDrive0 Model Number: ST9320320AS, Rev: HP07

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
Combofix log

ComboFix 11-01-31.02 - Wendy 02/01/2011 21:01:48.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.2075 [GMT -5:00]
Running from: c:\users\Wendy\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-02 to 2011-02-02 )))))))))))))))))))))))))))))))
.

2011-02-02 02:08 . 2011-02-02 02:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-02-02 02:08 . 2011-02-02 02:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-01 11:17 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF4AD6C4-7B8B-4536-88AA-F4332BB5BF1F}\mpengine.dll
2011-01-30 23:39 . 2011-01-30 23:39 -------- d-----w- c:\users\Wendy\AppData\Roaming\Malwarebytes
2011-01-30 23:37 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-30 23:37 . 2011-01-30 23:37 -------- d-----w- c:\programdata\Malwarebytes
2011-01-30 23:37 . 2011-01-31 03:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-30 23:37 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-30 23:16 . 2011-01-30 23:16 -------- d-----w- c:\windows\geswall
2011-01-30 23:15 . 2011-01-30 23:27 -------- d-----w- c:\program files\geswall
2011-01-30 23:04 . 2011-01-30 23:04 -------- d-----w- c:\users\Wendy\AppData\Roaming\Avira
2011-01-30 23:02 . 2010-12-13 13:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-30 23:02 . 2010-12-13 13:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-30 23:02 . 2011-01-30 23:02 -------- d-----w- c:\programdata\Avira
2011-01-30 23:02 . 2011-01-30 23:02 -------- d-----w- c:\program files\Avira
2011-01-30 22:10 . 2011-01-30 22:10 -------- d-----w- c:\users\Wendy\AppData\Roaming\SUPERAntiSpyware.com
2011-01-30 22:10 . 2011-01-30 22:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-23 02:23 . 2011-01-23 15:32 -------- d-----w- c:\users\Wendy\AppData\Roaming\skypePM
2011-01-23 02:20 . 2011-01-23 02:20 -------- d-----w- c:\program files\Common Files\Skype
2011-01-23 02:20 . 2011-01-23 02:20 -------- d-----r- c:\program files\Skype
2011-01-23 02:20 . 2011-01-23 16:32 -------- d-----w- c:\users\Wendy\AppData\Roaming\Skype
2011-01-23 02:20 . 2011-01-23 02:20 -------- d-----w- c:\programdata\Skype
2011-01-16 14:28 . 2011-01-16 14:28 -------- d-----w- c:\users\Wendy\AppData\Roaming\acccore
2011-01-16 14:28 . 2011-01-16 14:28 -------- d-----w- c:\users\Wendy\AppData\Local\AOL
2011-01-16 14:28 . 2011-01-16 14:28 -------- d-----w- c:\users\Wendy\AppData\Local\AIM
2011-01-16 14:28 . 2011-01-16 14:28 -------- d-----w- c:\programdata\AIM
2011-01-16 14:27 . 2011-01-16 14:28 -------- d-----w- c:\program files\AIM
2011-01-16 14:27 . 2011-01-16 14:27 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-01-16 14:27 . 2011-01-16 14:27 -------- d-----w- c:\program files\Common Files\AOL
2011-01-15 18:06 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-11 21:16 . 2010-11-02 04:35 161792 ----a-w- c:\windows\system32\d3d10_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-06 15:01 . 2010-12-06 15:01 675840 ----a-w- c:\windows\system32\gswgp.dll
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 23:53 . 2010-07-31 10:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52 . 2010-12-15 10:39 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 10:39 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 10:39 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 10:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GeSWall]
@="{F6ACC71C-420B-4a95-905C-C7534706813C}"
[HKEY_CLASSES_ROOT\CLSID\{F6ACC71C-420B-4a95-905C-C7534706813C}]
2010-12-07 18:36 737280 ----a-w- c:\program files\geswall\gswshext.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"Google Update"="c:\users\Wendy\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-11 133104]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F6ACC71C-420B-4a95-905C-C7534706813C}"= "c:\program files\geswall\gswshext.dll" [2010-12-07 737280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-15 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 GeSWall;GeSWall; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 gswserv;GeSWall service;c:\program files\geswall\gswserv.exe [2010-12-06 970752]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 166912]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


--- Other Services/Drivers In Memory ---

*Deregistered* - AvgTdiX

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 22:50]

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-20 22:50]

2011-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239686510-729420797-886957577-1000Core.job
- c:\users\Wendy\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-11 14:16]

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239686510-729420797-886957577-1000UA.job
- c:\users\Wendy\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-11 14:16]

2011-01-23 c:\windows\Tasks\HPCeeScheduleForWendy.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-22 18:34]

2011-01-28 c:\windows\Tasks\Norton Security Scan for Wendy.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-11-21 19:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Download All By FlashGet3 - c:\users\Wendy\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\Wendy\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: juno.com
Name-Space Handler: http\https - {C3238BEC-FEFC-46B7-9C86-0CD8200B4496} - c:\windows\System32\RichTX32.dll
FF - ProfilePath - c:\users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\n3t6fd8l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Wendy\AppData\Roaming\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -

BHO-{0832FF2C-0867-48AC-A446-3EC50FB4CC3A} - c:\bbplayer\BobaBHO.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-CNXT_AUDIO_HDA - c:\program files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - c:\program files\SUPERAntiSpyware\Uninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5400)
c:\program files\geswall\gswshext.dll
.
Completion time: 2011-02-01 21:12:41
ComboFix-quarantined-files.txt 2011-02-02 02:12

Pre-Run: 224,395,694,080 bytes free
Post-Run: 224,221,274,112 bytes free

- - End Of File - - E6914FD0837016C373D21053EB116F4A
 
Thank you so much for your help! It is very much appreciated.

I still have a question for you though. My email and my father's email accounts have had their passwords reset without our knowledge. If nothing is malicious on my computer, what other possible explanations are there?
 
Not clear there.
Yahoo for you, Verizon for your dad, or....?
Both web based mail?
 
Webmail can be hacked without necessarily having something bad on your computer.
Webmail can be hacked from the outside.
As I said, I don't see anything malicious on your computer.
 
Status
Not open for further replies.

Similar threads

midian182
Massive data dump containing millions of passwords sparks security alert: Is your data...
Replies
8
Views
285
p51d007
p51d007
Dood123
Help login in Instagram account, says use 2FA code but have not set up 2FA for insta
Replies
0
Views
717
Dood123
Dood123
midian182
Spy app LetMeSpy gets spied on: hackers leak user data going back years
Replies
1
Views
437
ScottSoapbox
S

Latest posts

Back