TechSpot

My email and passwords have been compromised

By ozmuse
Aug 27, 2010
  1. Hi - I have some kind of problem with security on my laptop as my ebay account and possibly email accounts have been compromised.

    I have been running McAfee constantly and no alerts and have run virus scan and malware bytes and no alerts. I followed the steps in the revised 8 step virus/spyware removal and I include the info as required below so that hopefully someone can help me.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4488

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    27/08/2010 11:01:35 PM
    mbam-log-2010-08-27 (23-01-35).txt

    Scan type: Quick scan
    Objects scanned: 130830
    Time elapsed: 11 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Jenni at 23:05:48.20 on Fri 27/08/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1790.1004 [GMT 10:00]


    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\Dwm.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\windows\system32\rundll32.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
    C:\windows\SYSTEM32\Rezip.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\System32\rundll32.exe
    C:\windows\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\windows\System32\svchost.exe -k WerSvcGroup
    C:\windows\explorer.exe
    C:\Users\Jenni\Downloads\dds.scr
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100820235027.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jenni\appdata\roaming\mozilla\firefox\profiles\2hxks07h.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
    FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\citrix\access gateway\npcagse.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\jenni\appdata\roaming\mozilla\plugins\npatgpc.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-22 385880]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-20 64304]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-20 160720]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-22 10752]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 cag;Citrix cag plugin for Access Gateway;c:\program files\common files\deterministic networks\common files\cag.sys [2009-8-10 78360]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-6-23 93320]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 271480]
    R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-20 170144]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-20 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-20 141792]
    R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2009-9-22 44312]
    R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-9-22 311296]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-20 55456]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-22 152320]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-22 51688]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-20 312616]
    R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2009-12-7 13824]
    R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2009-12-7 35840]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
    R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-9-22 538624]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-21 25704]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-6-15 313856]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-5 29472]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-22 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-20 83496]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-22 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-22 40552]
    S3 NETGEARUCOMP;NETGEAR Network USB Composite Device;c:\windows\system32\drivers\NETGEARUCOMP.sys [2009-12-7 14336]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-7 1343400]

    =============== Created Last 30 ================

    2010-08-26 13:25:01 0 d-----w- c:\users\jenni\appdata\roaming\Malwarebytes
    2010-08-26 13:24:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-26 13:24:38 0 d-----w- c:\programdata\Malwarebytes
    2010-08-26 13:24:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-26 13:24:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-25 09:24:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2010-08-20 13:50:27 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-08-20 13:49:40 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-08-20 13:49:40 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2010-08-20 13:49:40 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2010-08-20 13:49:39 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-08-20 13:49:39 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-08-20 13:49:39 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-08-12 22:06:26 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-08-03 12:12:37 0 d-----w- c:\programdata\TechSmith
    2010-08-01 05:39:38 0 d-----w- c:\program files\etax2010
    2010-07-31 11:33:21 0 d-----w- C:\etax2009

    ==================== Find3M ====================

    2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-06-21 18:36:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
    2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 23:08:06.54 ===============


    I wasn't sure about adding the DDS attach ? should I also just cut and paste that into the thread ?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Yes, please.
    GMER log is missing.
     
  3. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    the dds attach log

    Below is the DDS attach log. I don't have GMER as I am on Windows 7.
    Thanks



    DDS (Ver_10-03-17.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/12/2009 1:00:51 PM
    System Uptime: 27/08/2010 10:21:16 PM (1 hours ago)

    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N510
    Processor: Intel(R) Atom(TM) CPU N280 @ 1.66GHz | U2E1 | 1667/166mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 150 GiB total, 88.466 GiB free.
    D: is FIXED (NTFS) - 68 GiB total, 67.424 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: USB Video Device
    Device ID: USB\VID_04F2&PID_B147&MI_00\6&245C1D47&0&0000
    Manufacturer: Microsoft
    Name: WebCam SCB-1600C
    PNP Device ID: USB\VID_04F2&PID_B147&MI_00\6&245C1D47&0&0000
    Service: usbvideo

    Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Description: BCM2046 Bluetooth Module
    Device ID: USB\VID_0A5C&PID_2151\0C6076D4285E
    Manufacturer: Broadcom
    Name: BCM2046 Bluetooth Module
    PNP Device ID: USB\VID_0A5C&PID_2151\0C6076D4285E
    Service: BTHUSB

    ==== System Restore Points ===================

    RP94: 24/07/2010 5:15:28 PM - Installed Java(TM) 6 Update 21
    RP95: 1/08/2010 12:31:00 PM - Scheduled Checkpoint
    RP96: 1/08/2010 3:38:50 PM - Installed e-tax 2010
    RP97: 3/08/2010 10:11:20 PM - Installed Snagit 10
    RP98: 4/08/2010 1:57:39 AM - Windows Update
    RP99: 13/08/2010 11:18:23 PM - Windows Update
    RP100: 22/08/2010 9:32:28 AM - Scheduled Checkpoint
    RP102: 25/08/2010 8:16:54 AM - Removed Nero 9 Trial 4.4.9.0
    RP103: 26/08/2010 2:59:12 AM - Windows Update

    ==== Installed Programs ======================

    3 Mobile Broadband
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 9.2
    Advertising Center
    Alice Greenfingers
    Any Video Converter 3.0.3
    AnyPC Client
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Client Installation Program
    Barnes & Noble Desktop Reader
    BatteryLifeExtender
    Bonjour
    Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
    Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 3.0
    Canon MP990 series MP Drivers
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Easy-PhotoPrint Pro
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CD-LabelPrint
    ChargeableUSB
    Citrix Access Gateway Plugin
    CyberLink PowerDVD 8
    CyberLink YouCam
    Dairy Dash
    Daniusoft Media Converter Ultimate(Build 2.5.1.4)
    DolbyFiles
    e-tax 2010
    Easy Display Manager
    Easy Network Manager
    Easy SpeedUp Manager
    EasyBatteryManager
    Elf Bowling Hawaiian Vacation
    Farm Frenzy 2
    FastStone Capture 6.5
    Game Pack
    Go-Go Gourmet
    Google Toolbar for Internet Explorer
    ImagXpress
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    Junk Mail filter update
    Malwarebytes' Anti-Malware
    Marvell Miniport Driver
    McAfee SecurityCenter
    Media Player Classic - Home Cinema v. 1.3.1249.0
    Menu Templates - Starter Kit
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Activation Assistant for Netbooks
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Movie Templates - Starter Kit
    Mozilla Firefox (3.5.11)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero Disc Copy Gadget
    Nero DiscSpeed
    Nero DriveSpeed
    Nero InfoTool
    Nero Installer
    Nero PhotoSnap
    Nero Recode
    Nero Rescue Agent
    Nero ShowTime
    Nero StartSmart
    Nero Vision
    Nero WaveEditor
    NeroBurningROM
    NeroExpress
    neroxml
    NVIDIA Drivers
    OpenVPN 2.1.1
    Picasa 3
    QuickTime
    Realtek High Definition Audio Driver
    REALTEK Wireless LAN Software
    Samsung Recovery Solution 4
    Samsung Support Center
    Samsung Update Plus
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB980376)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Snagit 10
    SoundTrax
    Spelling Dictionaries Support For Adobe Reader 9
    Synaptics Pointing Device Driver
    System Requirements Lab
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb2279264)
    User Guide
    WebEx
    WIDCOMM Bluetooth Software
    Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Xvid 1.2.2 final uninstall

    ==== Event Viewer Messages From Past Week ========

    27/08/2010 10:41:03 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    27/08/2010 10:22:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    27/08/2010 10:22:31 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=23) while initializing logging resources for channel Microsoft-Windows-NetworkProfile/Operational.
    26/08/2010 12:00:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    22/08/2010 11:59:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
    22/08/2010 11:58:52 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831

    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    GMER will run on Windows 7 32-bit.
     
  5. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    Hi - I followed the steps and ran GMER and it stopped working saying windows would close the program. I then had a blue screen and had to restart
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Happens :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    MBER report below
    BRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    BIOS Manufacturer: Phoenix Technologies Ltd.
    System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    System Product Name: N510
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 194):
    0x83418000 \SystemRoot\system32\ntoskrnl.exe
    0x83818000 \SystemRoot\system32\halmacpi.dll
    0x80BC9000 \SystemRoot\system32\kdcom.dll
    0x8903B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x890B3000 \SystemRoot\system32\PSHED.dll
    0x890C4000 \SystemRoot\system32\BOOTVID.dll
    0x890CC000 \SystemRoot\system32\CLFS.SYS
    0x8910E000 \SystemRoot\system32\CI.dll
    0x891B9000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8922A000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x89238000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x89280000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x89289000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x89291000 \SystemRoot\system32\DRIVERS\pci.sys
    0x892BB000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x892C6000 \SystemRoot\System32\drivers\partmgr.sys
    0x892D7000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x892DF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x892EA000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x892FA000 \SystemRoot\System32\drivers\volmgrx.sys
    0x89345000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8934C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8935A000 \SystemRoot\System32\drivers\mountmgr.sys
    0x89370000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x89379000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8939C000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x893A5000 \SystemRoot\system32\drivers\fltmgr.sys
    0x893D9000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8943B000 \SystemRoot\system32\drivers\mfehidk.sys
    0x89498000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x895C7000 \SystemRoot\System32\Drivers\msrpc.sys
    0x895F2000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x89605000 \SystemRoot\System32\Drivers\cng.sys
    0x89662000 \SystemRoot\System32\drivers\pcw.sys
    0x89670000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x89679000 \SystemRoot\system32\drivers\ndis.sys
    0x89730000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8976E000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x89793000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x897D2000 \SystemRoot\System32\Drivers\spldr.sys
    0x89400000 \SystemRoot\System32\drivers\rdyboost.sys
    0x897DA000 \SystemRoot\System32\Drivers\mup.sys
    0x897EA000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x89000000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x893EA000 \SystemRoot\system32\DRIVERS\disk.sys
    0x89815000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8988B000 \SystemRoot\System32\Drivers\Null.SYS
    0x89892000 \SystemRoot\System32\Drivers\Beep.SYS
    0x89899000 \SystemRoot\System32\drivers\vga.sys
    0x898A5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x898C6000 \SystemRoot\System32\drivers\watchdog.sys
    0x898D3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x898DB000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x898E3000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x898EB000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x898F6000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x89904000 \SystemRoot\System32\drivers\tcpip.sys
    0x89A4D000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x89A7E000 \SystemRoot\system32\drivers\mfewfpk.sys
    0x89AA4000 \SystemRoot\system32\drivers\TDI.SYS
    0x89AAF000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x89AC6000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x89AF8000 \SystemRoot\system32\drivers\afd.sys
    0x89B52000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x89B59000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x89B78000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x89B89000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
    0x89B97000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x89BA5000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x89BB8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x89BC8000 \??\C:\windows\system32\Drivers\SABI.sys
    0x90038000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x90079000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x90083000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x9008D000 \SystemRoot\System32\drivers\discache.sys
    0x90099000 \SystemRoot\System32\Drivers\dfsc.sys
    0x900B1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x900BF000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x900E0000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x900F2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x9010A000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x90141000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x90143000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x90150000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x9015D000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x90166000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x90170000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x901BB000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x901CA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x91030000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x9198F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x91991000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x91A48000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x91A81000 \SystemRoot\system32\DRIVERS\rtl819xp.sys
    0x91B14000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x91B1E000 \SystemRoot\system32\DRIVERS\yk62x86.sys
    0x91B6E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x91B77000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x91B7B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x91B88000 \SystemRoot\system32\DRIVERS\dne2000.sys
    0x91BA7000 \SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
    0x91BB1000 \SystemRoot\system32\drivers\portcls.sys
    0x91BE0000 \SystemRoot\system32\drivers\drmk.sys
    0x901E9000 \SystemRoot\system32\drivers\ks.sys
    0x91000000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x91012000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x9021D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x90228000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x9024A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x90262000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x90279000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x91BF9000 \SystemRoot\system32\DRIVERS\tap0901.sys
    0x9102A000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x90290000 \SystemRoot\system32\DRIVERS\NETGEARUHOST.sys
    0x90299000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x902A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x902EB000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x902FC000 \SystemRoot\system32\DRIVERS\NETGEARUHUB.sys
    0x9302B000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x932CA000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x932DD000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x93301000 \SystemRoot\system32\drivers\mfefirek.sys
    0x944B0000 \SystemRoot\System32\win32k.sys
    0x9334C000 \SystemRoot\System32\drivers\Dxapi.sys
    0x93356000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x93363000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x9336E000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x93377000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x93388000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x9339F000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x94710000 \SystemRoot\System32\TSDDD.dll
    0x94740000 \SystemRoot\System32\cdd.dll
    0x933AA000 \SystemRoot\system32\drivers\luafv.sys
    0x933C5000 \SystemRoot\system32\drivers\WudfPf.sys
    0x933DF000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9030B000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x933EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x93000000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x90351000 \SystemRoot\system32\drivers\HTTP.sys
    0x903D6000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x93013000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x90000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x8983A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x89BD0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9CC00000 \??\C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
    0x9CC18000 \SystemRoot\system32\drivers\peauth.sys
    0x9CCAF000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9CCB9000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9CCDA000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9CCE7000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9CD36000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9CDAB000 \SystemRoot\system32\drivers\cfwids.sys
    0x9CE04000 \SystemRoot\system32\drivers\mfeapfk.sys
    0x9CE1A000 \SystemRoot\system32\drivers\mfebopk.sys
    0x9CE8F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x774A0000 \Windows\System32\ntdll.dll
    0x475F0000 \Windows\System32\smss.exe
    0x776E0000 \Windows\System32\apisetschema.dll
    0x007A0000 \Windows\System32\autochk.exe
    0x776C0000 \Windows\System32\nsi.dll
    0x77340000 \Windows\System32\ole32.dll
    0x776A0000 \Windows\System32\imm32.dll
    0x766F0000 \Windows\System32\shell32.dll
    0x77690000 \Windows\System32\normaliz.dll
    0x77630000 \Windows\System32\shlwapi.dll
    0x76620000 \Windows\System32\msctf.dll
    0x77620000 \Windows\System32\psapi.dll
    0x765D0000 \Windows\System32\gdi32.dll
    0x77610000 \Windows\System32\lpk.dll
    0x76580000 \Windows\System32\Wldap32.dll
    0x764B0000 \Windows\System32\user32.dll
    0x76450000 \Windows\System32\difxapi.dll
    0x76370000 \Windows\System32\kernel32.dll
    0x76230000 \Windows\System32\urlmon.dll
    0x761A0000 \Windows\System32\clbcatq.dll
    0x76100000 \Windows\System32\usp10.dll
    0x775E0000 \Windows\System32\imagehlp.dll
    0x760C0000 \Windows\System32\ws2_32.dll
    0x75FC0000 \Windows\System32\wininet.dll
    0x75F10000 \Windows\System32\rpcrt4.dll
    0x75E90000 \Windows\System32\comdlg32.dll
    0x75CF0000 \Windows\System32\setupapi.dll
    0x75CD0000 \Windows\System32\sechost.dll
    0x75C30000 \Windows\System32\advapi32.dll
    0x75A30000 \Windows\System32\iertutil.dll
    0x75980000 \Windows\System32\msvcrt.dll
    0x758F0000 \Windows\System32\oleaut32.dll
    0x757D0000 \Windows\System32\crypt32.dll
    0x75740000 \Windows\System32\comctl32.dll
    0x75710000 \Windows\System32\cfgmgr32.dll
    0x756E0000 \Windows\System32\wintrust.dll
    0x75690000 \Windows\System32\KernelBase.dll
    0x75670000 \Windows\System32\devobj.dll
    0x75660000 \Windows\System32\msasn1.dll

    Processes (total 64):
    0 System Idle Process
    4 System
    280 C:\Windows\System32\smss.exe
    500 csrss.exe
    560 C:\Windows\System32\wininit.exe
    572 csrss.exe
    608 C:\Windows\System32\services.exe
    636 C:\Windows\System32\lsass.exe
    644 C:\Windows\System32\lsm.exe
    760 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\nvvsvc.exe
    868 C:\Windows\System32\svchost.exe
    932 C:\Windows\System32\winlogon.exe
    968 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\svchost.exe
    1240 C:\Windows\System32\nvvsvc.exe
    1364 C:\Windows\System32\svchost.exe
    1508 C:\Windows\System32\spoolsv.exe
    1576 C:\Windows\System32\svchost.exe
    1636 C:\Windows\System32\taskhost.exe
    1744 C:\Windows\System32\dwm.exe
    1784 C:\Windows\explorer.exe
    1904 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1940 C:\Program Files\Bonjour\mDNSResponder.exe
    1980 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    2028 C:\Windows\System32\taskeng.exe
    180 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    704 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    776 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    556 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    1036 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    1324 C:\Windows\System32\rundll32.exe
    1348 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2040 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
    1568 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2056 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2104 C:\Program Files\iTunes\iTunesHelper.exe
    2112 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2200 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    2220 C:\Program Files\McAfee.com\Agent\mcagent.exe
    2256 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2276 C:\Windows\System32\Rezip.exe
    2312 C:\Windows\System32\svchost.exe
    2368 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2416 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    2500 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    2736 C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
    2824 C:\Windows\System32\svchost.exe
    2972 C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
    3280 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3288 C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
    3392 C:\Windows\System32\SearchIndexer.exe
    3796 C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
    3072 C:\Program Files\iPod\bin\iPodService.exe
    1860 C:\Windows\System32\svchost.exe
    1648 C:\Program Files\Mozilla Firefox\firefox.exe
    1556 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5280 C:\Windows\System32\wuauclt.exe
    5408 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    5484 C:\Users\Jenni\Desktop\MBRCheck.exe
    6044 C:\Windows\System32\conhost.exe
    3444 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000029`57a00000 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
     
  8. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    Hi Broni I downloaded Combofix but got a mcAfee advice that Artemis! was detected
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    This is very common issue with McAfee. It gets triggered by widely used, safe tools like Combofix.
    Did I tell you, I really dislike McAfee? :)
    We'll get back to Combofix, but for now, we have MBR issue:

    Run MBRCheck again.

    When it's done you'll see the following line:
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Press the Y key and then press Enter

    When the program asks you to Enter your choice, enter 2 and press the Enter key.

    Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
    Enter 0 (zero) and press the Enter key.

    Next the program will show Available MBR codes:, followed by a list of operating systems.
    Please enter 5 for Windows 7, and then press Enter.

    Next the program will prompt for confirmation.
    Type YES and hit Enter.

    When it's done there should be a text file with the results on your desktop.
    Please copy and paste it back here.

    Then reboot, run MBRCheck again and post new log.
     
  10. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    BIOS Manufacturer: Phoenix Technologies Ltd.
    System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    System Product Name: N510
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 194):
    0x83418000 \SystemRoot\system32\ntoskrnl.exe
    0x83818000 \SystemRoot\system32\halmacpi.dll
    0x80BC9000 \SystemRoot\system32\kdcom.dll
    0x8903B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x890B3000 \SystemRoot\system32\PSHED.dll
    0x890C4000 \SystemRoot\system32\BOOTVID.dll
    0x890CC000 \SystemRoot\system32\CLFS.SYS
    0x8910E000 \SystemRoot\system32\CI.dll
    0x891B9000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8922A000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x89238000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x89280000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x89289000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x89291000 \SystemRoot\system32\DRIVERS\pci.sys
    0x892BB000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x892C6000 \SystemRoot\System32\drivers\partmgr.sys
    0x892D7000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x892DF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x892EA000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x892FA000 \SystemRoot\System32\drivers\volmgrx.sys
    0x89345000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8934C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8935A000 \SystemRoot\System32\drivers\mountmgr.sys
    0x89370000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x89379000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8939C000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x893A5000 \SystemRoot\system32\drivers\fltmgr.sys
    0x893D9000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8943B000 \SystemRoot\system32\drivers\mfehidk.sys
    0x89498000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x895C7000 \SystemRoot\System32\Drivers\msrpc.sys
    0x895F2000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x89605000 \SystemRoot\System32\Drivers\cng.sys
    0x89662000 \SystemRoot\System32\drivers\pcw.sys
    0x89670000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x89679000 \SystemRoot\system32\drivers\ndis.sys
    0x89730000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8976E000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x89793000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x897D2000 \SystemRoot\System32\Drivers\spldr.sys
    0x89400000 \SystemRoot\System32\drivers\rdyboost.sys
    0x897DA000 \SystemRoot\System32\Drivers\mup.sys
    0x897EA000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x89000000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x893EA000 \SystemRoot\system32\DRIVERS\disk.sys
    0x89815000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8988B000 \SystemRoot\System32\Drivers\Null.SYS
    0x89892000 \SystemRoot\System32\Drivers\Beep.SYS
    0x89899000 \SystemRoot\System32\drivers\vga.sys
    0x898A5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x898C6000 \SystemRoot\System32\drivers\watchdog.sys
    0x898D3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x898DB000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x898E3000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x898EB000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x898F6000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x89904000 \SystemRoot\System32\drivers\tcpip.sys
    0x89A4D000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x89A7E000 \SystemRoot\system32\drivers\mfewfpk.sys
    0x89AA4000 \SystemRoot\system32\drivers\TDI.SYS
    0x89AAF000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x89AC6000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x89AF8000 \SystemRoot\system32\drivers\afd.sys
    0x89B52000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x89B59000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x89B78000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x89B89000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
    0x89B97000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x89BA5000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x89BB8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x89BC8000 \??\C:\windows\system32\Drivers\SABI.sys
    0x90038000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x90079000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x90083000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x9008D000 \SystemRoot\System32\drivers\discache.sys
    0x90099000 \SystemRoot\System32\Drivers\dfsc.sys
    0x900B1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x900BF000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x900E0000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x900F2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x9010A000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x90141000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x90143000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x90150000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x9015D000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x90166000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x90170000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x901BB000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x901CA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x91030000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x9198F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x91991000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x91A48000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x91A81000 \SystemRoot\system32\DRIVERS\rtl819xp.sys
    0x91B14000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x91B1E000 \SystemRoot\system32\DRIVERS\yk62x86.sys
    0x91B6E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x91B77000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x91B7B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x91B88000 \SystemRoot\system32\DRIVERS\dne2000.sys
    0x91BA7000 \SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
    0x91BB1000 \SystemRoot\system32\drivers\portcls.sys
    0x91BE0000 \SystemRoot\system32\drivers\drmk.sys
    0x901E9000 \SystemRoot\system32\drivers\ks.sys
    0x91000000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x91012000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x9021D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x90228000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x9024A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x90262000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x90279000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x91BF9000 \SystemRoot\system32\DRIVERS\tap0901.sys
    0x9102A000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x90290000 \SystemRoot\system32\DRIVERS\NETGEARUHOST.sys
    0x90299000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x902A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x902EB000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x902FC000 \SystemRoot\system32\DRIVERS\NETGEARUHUB.sys
    0x9302B000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x932CA000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x932DD000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x93301000 \SystemRoot\system32\drivers\mfefirek.sys
    0x944B0000 \SystemRoot\System32\win32k.sys
    0x9334C000 \SystemRoot\System32\drivers\Dxapi.sys
    0x93356000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x93363000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x9336E000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x93377000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x93388000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x9339F000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x94710000 \SystemRoot\System32\TSDDD.dll
    0x94740000 \SystemRoot\System32\cdd.dll
    0x933AA000 \SystemRoot\system32\drivers\luafv.sys
    0x933C5000 \SystemRoot\system32\drivers\WudfPf.sys
    0x933DF000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9030B000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x933EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x93000000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x90351000 \SystemRoot\system32\drivers\HTTP.sys
    0x903D6000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x93013000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x90000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x8983A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x89BD0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9CC00000 \??\C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
    0x9CC18000 \SystemRoot\system32\drivers\peauth.sys
    0x9CCAF000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9CCB9000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9CCDA000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9CCE7000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9CD36000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9CDAB000 \SystemRoot\system32\drivers\cfwids.sys
    0x9CE04000 \SystemRoot\system32\drivers\mfeapfk.sys
    0x9CE1A000 \SystemRoot\system32\drivers\mfebopk.sys
    0x9CE8F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x774A0000 \Windows\System32\ntdll.dll
    0x475F0000 \Windows\System32\smss.exe
    0x776E0000 \Windows\System32\apisetschema.dll
    0x007A0000 \Windows\System32\autochk.exe
    0x776C0000 \Windows\System32\nsi.dll
    0x77340000 \Windows\System32\ole32.dll
    0x776A0000 \Windows\System32\imm32.dll
    0x766F0000 \Windows\System32\shell32.dll
    0x77690000 \Windows\System32\normaliz.dll
    0x77630000 \Windows\System32\shlwapi.dll
    0x76620000 \Windows\System32\msctf.dll
    0x77620000 \Windows\System32\psapi.dll
    0x765D0000 \Windows\System32\gdi32.dll
    0x77610000 \Windows\System32\lpk.dll
    0x76580000 \Windows\System32\Wldap32.dll
    0x764B0000 \Windows\System32\user32.dll
    0x76450000 \Windows\System32\difxapi.dll
    0x76370000 \Windows\System32\kernel32.dll
    0x76230000 \Windows\System32\urlmon.dll
    0x761A0000 \Windows\System32\clbcatq.dll
    0x76100000 \Windows\System32\usp10.dll
    0x775E0000 \Windows\System32\imagehlp.dll
    0x760C0000 \Windows\System32\ws2_32.dll
    0x75FC0000 \Windows\System32\wininet.dll
    0x75F10000 \Windows\System32\rpcrt4.dll
    0x75E90000 \Windows\System32\comdlg32.dll
    0x75CF0000 \Windows\System32\setupapi.dll
    0x75CD0000 \Windows\System32\sechost.dll
    0x75C30000 \Windows\System32\advapi32.dll
    0x75A30000 \Windows\System32\iertutil.dll
    0x75980000 \Windows\System32\msvcrt.dll
    0x758F0000 \Windows\System32\oleaut32.dll
    0x757D0000 \Windows\System32\crypt32.dll
    0x75740000 \Windows\System32\comctl32.dll
    0x75710000 \Windows\System32\cfgmgr32.dll
    0x756E0000 \Windows\System32\wintrust.dll
    0x75690000 \Windows\System32\KernelBase.dll
    0x75670000 \Windows\System32\devobj.dll
    0x75660000 \Windows\System32\msasn1.dll

    Processes (total 70):
    0 System Idle Process
    4 System
    280 C:\Windows\System32\smss.exe
    500 csrss.exe
    560 C:\Windows\System32\wininit.exe
    572 csrss.exe
    608 C:\Windows\System32\services.exe
    636 C:\Windows\System32\lsass.exe
    644 C:\Windows\System32\lsm.exe
    760 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\nvvsvc.exe
    868 C:\Windows\System32\svchost.exe
    932 C:\Windows\System32\winlogon.exe
    968 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\svchost.exe
    1240 C:\Windows\System32\nvvsvc.exe
    1364 C:\Windows\System32\svchost.exe
    1508 C:\Windows\System32\spoolsv.exe
    1576 C:\Windows\System32\svchost.exe
    1636 C:\Windows\System32\taskhost.exe
    1744 C:\Windows\System32\dwm.exe
    1784 C:\Windows\explorer.exe
    1904 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1940 C:\Program Files\Bonjour\mDNSResponder.exe
    1980 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    2028 C:\Windows\System32\taskeng.exe
    180 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    704 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    776 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    556 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    1036 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    1324 C:\Windows\System32\rundll32.exe
    1348 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2040 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
    1568 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2056 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2104 C:\Program Files\iTunes\iTunesHelper.exe
    2112 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2200 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    2220 C:\Program Files\McAfee.com\Agent\mcagent.exe
    2256 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2276 C:\Windows\System32\Rezip.exe
    2312 C:\Windows\System32\svchost.exe
    2368 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2416 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    2500 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    2736 C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
    2824 C:\Windows\System32\svchost.exe
    2972 C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
    3280 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3288 C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
    3392 C:\Windows\System32\SearchIndexer.exe
    3796 C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
    3072 C:\Program Files\iPod\bin\iPodService.exe
    1860 C:\Windows\System32\svchost.exe
    1648 C:\Program Files\Mozilla Firefox\firefox.exe
    1556 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5280 C:\Windows\System32\wuauclt.exe
    5408 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    5484 C:\Users\Jenni\Desktop\MBRCheck.exe
    6044 C:\Windows\System32\conhost.exe
    5816 C:\Windows\System32\notepad.exe
    3716 C:\Program Files\Common Files\McAfee\Core\mchost.exe
    5348 C:\PROGRA~1\McAfee\MSC\mcuihost.exe
    4656 WmiPrvSE.exe
    4236 C:\Users\Jenni\Desktop\MBRCheck.exe
    3932 C:\Windows\System32\conhost.exe
    2088 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000029`57a00000 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
    [ 0] Default (Windows 7)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 5
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
    Successfully wrote new MBR code!
    Please reboot your computer to complete the fix.


    Done!
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

     
  12. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    After reboot:
    BRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    BIOS Manufacturer: Phoenix Technologies Ltd.
    System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    System Product Name: N510
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 194):
    0x83454000 \SystemRoot\system32\ntoskrnl.exe
    0x8341D000 \SystemRoot\system32\halmacpi.dll
    0x80BC7000 \SystemRoot\system32\kdcom.dll
    0x89013000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8908B000 \SystemRoot\system32\PSHED.dll
    0x8909C000 \SystemRoot\system32\BOOTVID.dll
    0x890A4000 \SystemRoot\system32\CLFS.SYS
    0x890E6000 \SystemRoot\system32\CI.dll
    0x89191000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x89202000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x89210000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x89258000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x89261000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x89269000 \SystemRoot\system32\DRIVERS\pci.sys
    0x89293000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8929E000 \SystemRoot\System32\drivers\partmgr.sys
    0x892AF000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x892B7000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x892C2000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x892D2000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8931D000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x89324000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x89332000 \SystemRoot\System32\drivers\mountmgr.sys
    0x89348000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x89351000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x89374000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8937D000 \SystemRoot\system32\drivers\fltmgr.sys
    0x893B1000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8941D000 \SystemRoot\system32\drivers\mfehidk.sys
    0x8947A000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x895A9000 \SystemRoot\System32\Drivers\msrpc.sys
    0x895D4000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x895E7000 \SystemRoot\System32\Drivers\cng.sys
    0x89644000 \SystemRoot\System32\drivers\pcw.sys
    0x89652000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8965B000 \SystemRoot\system32\drivers\ndis.sys
    0x89712000 \SystemRoot\system32\drivers\NETIO.SYS
    0x89750000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x89775000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x897B4000 \SystemRoot\System32\Drivers\spldr.sys
    0x897BC000 \SystemRoot\System32\drivers\rdyboost.sys
    0x897E9000 \SystemRoot\System32\Drivers\mup.sys
    0x89400000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x893C2000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x89408000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8983E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x898B4000 \SystemRoot\System32\Drivers\Null.SYS
    0x898BB000 \SystemRoot\System32\Drivers\Beep.SYS
    0x898C2000 \SystemRoot\System32\drivers\vga.sys
    0x898CE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x898EF000 \SystemRoot\System32\drivers\watchdog.sys
    0x898FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x89904000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8990C000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x89914000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8991F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8992D000 \SystemRoot\System32\drivers\tcpip.sys
    0x89A76000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x89AA7000 \SystemRoot\system32\drivers\mfewfpk.sys
    0x89ACD000 \SystemRoot\system32\drivers\TDI.SYS
    0x89AD8000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x89AEF000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x89B21000 \SystemRoot\system32\drivers\afd.sys
    0x89B7B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x89B82000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x89BA1000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x89BB2000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
    0x89BC0000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x89BCE000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x89BE1000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x89BF1000 \??\C:\windows\system32\Drivers\SABI.sys
    0x8F821000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8F862000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8F86C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8F876000 \SystemRoot\System32\drivers\discache.sys
    0x8F882000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8F89A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x8F8A8000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8F8C9000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8F8DB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8F8F3000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8F92A000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8F92C000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8F939000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8F946000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x8F94F000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x8F959000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8F9A4000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8F9B3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x92423000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x92D82000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x92D84000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x92E3B000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x92E74000 \SystemRoot\system32\DRIVERS\rtl819xp.sys
    0x92F07000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x92F11000 \SystemRoot\system32\DRIVERS\yk62x86.sys
    0x92F61000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x92F6A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x92F6E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x92F7B000 \SystemRoot\system32\DRIVERS\dne2000.sys
    0x92F9A000 \SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
    0x92FA4000 \SystemRoot\system32\drivers\portcls.sys
    0x92FD3000 \SystemRoot\system32\drivers\drmk.sys
    0x8F9D2000 \SystemRoot\system32\drivers\ks.sys
    0x92FEC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x92400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x92418000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8FA06000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8FA28000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8FA40000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8FA57000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8FA6E000 \SystemRoot\system32\DRIVERS\tap0901.sys
    0x92FFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8FA75000 \SystemRoot\system32\DRIVERS\NETGEARUHOST.sys
    0x8FA7E000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8FA8C000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8FAD0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8FAE1000 \SystemRoot\system32\DRIVERS\NETGEARUHUB.sys
    0x95415000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x956B4000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x956C7000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x956EB000 \SystemRoot\system32\drivers\mfefirek.sys
    0x820A0000 \SystemRoot\System32\win32k.sys
    0x95736000 \SystemRoot\System32\drivers\Dxapi.sys
    0x95740000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x9574D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x95758000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x95761000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x95772000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x95789000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x82300000 \SystemRoot\System32\TSDDD.dll
    0x82330000 \SystemRoot\System32\cdd.dll
    0x95794000 \SystemRoot\system32\drivers\luafv.sys
    0x957AF000 \SystemRoot\system32\drivers\WudfPf.sys
    0x957C9000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8FAF0000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x957D9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x957E9000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x8FB36000 \SystemRoot\system32\drivers\HTTP.sys
    0x8FBBB000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x95400000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x8FBD4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x89800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x8F800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x8987B000 \??\C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
    0x9F42A000 \SystemRoot\system32\drivers\peauth.sys
    0x9F4C1000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9F4CB000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9F4EC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9F51D000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9F56C000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9F5BD000 \SystemRoot\system32\drivers\cfwids.sys
    0x9F5C9000 \SystemRoot\system32\drivers\mfeapfk.sys
    0x9F5DF000 \SystemRoot\system32\drivers\mfebopk.sys
    0x9F5EA000 \SystemRoot\system32\drivers\spsys.sys
    0x779E0000 \Windows\System32\ntdll.dll
    0x48050000 \Windows\System32\smss.exe
    0x77C20000 \Windows\System32\apisetschema.dll
    0x001A0000 \Windows\System32\autochk.exe
    0x77B90000 \Windows\System32\comdlg32.dll
    0x77940000 \Windows\System32\usp10.dll
    0x778B0000 \Windows\System32\clbcatq.dll
    0x77770000 \Windows\System32\urlmon.dll
    0x776E0000 \Windows\System32\oleaut32.dll
    0x77B70000 \Windows\System32\imm32.dll
    0x77630000 \Windows\System32\msvcrt.dll
    0x77B50000 \Windows\System32\sechost.dll
    0x77530000 \Windows\System32\wininet.dll
    0x77B40000 \Windows\System32\nsi.dll
    0x77390000 \Windows\System32\setupapi.dll
    0x772F0000 \Windows\System32\advapi32.dll
    0x772A0000 \Windows\System32\gdi32.dll
    0x77250000 \Windows\System32\Wldap32.dll
    0x77B30000 \Windows\System32\normaliz.dll
    0x77B20000 \Windows\System32\lpk.dll
    0x771A0000 \Windows\System32\rpcrt4.dll
    0x76550000 \Windows\System32\shell32.dll
    0x763F0000 \Windows\System32\ole32.dll
    0x763B0000 \Windows\System32\ws2_32.dll
    0x762E0000 \Windows\System32\msctf.dll
    0x76210000 \Windows\System32\user32.dll
    0x76010000 \Windows\System32\iertutil.dll
    0x76000000 \Windows\System32\psapi.dll
    0x75FA0000 \Windows\System32\shlwapi.dll
    0x75F40000 \Windows\System32\difxapi.dll
    0x75E60000 \Windows\System32\kernel32.dll
    0x75E30000 \Windows\System32\imagehlp.dll
    0x75E00000 \Windows\System32\cfgmgr32.dll
    0x75D70000 \Windows\System32\comctl32.dll
    0x75D20000 \Windows\System32\KernelBase.dll
    0x75CF0000 \Windows\System32\wintrust.dll
    0x75CD0000 \Windows\System32\devobj.dll
    0x75BB0000 \Windows\System32\crypt32.dll
    0x75BA0000 \Windows\System32\msasn1.dll

    Processes (total 67):
    0 System Idle Process
    4 System
    280 C:\Windows\System32\smss.exe
    504 csrss.exe
    564 C:\Windows\System32\wininit.exe
    576 csrss.exe
    612 C:\Windows\System32\services.exe
    628 C:\Windows\System32\lsass.exe
    636 C:\Windows\System32\lsm.exe
    748 C:\Windows\System32\svchost.exe
    820 C:\Windows\System32\winlogon.exe
    856 C:\Windows\System32\nvvsvc.exe
    896 C:\Windows\System32\svchost.exe
    948 C:\Windows\System32\svchost.exe
    1020 C:\Windows\System32\svchost.exe
    1072 C:\Windows\System32\svchost.exe
    1208 C:\Windows\System32\svchost.exe
    1252 C:\Windows\System32\nvvsvc.exe
    1364 C:\Windows\System32\svchost.exe
    1492 C:\Windows\System32\spoolsv.exe
    1556 C:\Windows\System32\svchost.exe
    1612 C:\Windows\System32\taskhost.exe
    1728 C:\Windows\System32\dwm.exe
    1756 C:\Windows\explorer.exe
    1840 C:\Windows\System32\taskeng.exe
    1960 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
    1976 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    1992 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    2008 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    308 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    340 C:\Program Files\Bonjour\mDNSResponder.exe
    512 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    996 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    1268 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    1296 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1924 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    1856 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2040 C:\Windows\System32\rundll32.exe
    1500 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2064 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
    2236 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    2268 C:\Program Files\McAfee.com\Agent\mcagent.exe
    2284 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2316 C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
    2356 C:\Windows\System32\Rezip.exe
    2400 C:\Windows\System32\svchost.exe
    2440 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2508 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    2604 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    2792 WmiPrvSE.exe
    3120 C:\Windows\System32\svchost.exe
    3388 C:\Windows\System32\SearchIndexer.exe
    3532 C:\Windows\System32\svchost.exe
    3684 C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
    3796 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4052 C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
    2364 C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
    3900 C:\Windows\System32\SearchProtocolHost.exe
    2616 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4148 C:\Program Files\iPod\bin\iPodService.exe
    4788 WmiPrvSE.exe
    2812 C:\Windows\System32\sppsvc.exe
    3284 C:\Windows\System32\wuauclt.exe
    3208 C:\Windows\System32\SearchFilterHost.exe
    3920 C:\Users\Jenni\Desktop\MBRCheck.exe
    3212 C:\Windows\System32\conhost.exe
    1512 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000029`57a00000 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
     
  13. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Our fix didn't work.
    We need to use different way....

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted run MBRCheck one more time and let me have the log produced.
     
  14. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    Thanks - unfortunatley my netbook hasn't got a CD drive.
     
  15. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    Just trying an external cd drive
     
  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    OK :)......
     
  17. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    BIOS Manufacturer: Phoenix Technologies Ltd.
    System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
    System Product Name: N510
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 196):
    0x83440000 \SystemRoot\system32\ntoskrnl.exe
    0x83409000 \SystemRoot\system32\halmacpi.dll
    0x80BCC000 \SystemRoot\system32\kdcom.dll
    0x89020000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x89098000 \SystemRoot\system32\PSHED.dll
    0x890A9000 \SystemRoot\system32\BOOTVID.dll
    0x890B1000 \SystemRoot\system32\CLFS.SYS
    0x890F3000 \SystemRoot\system32\CI.dll
    0x8919E000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8920F000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8921D000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x89265000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x8926E000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x89276000 \SystemRoot\system32\DRIVERS\pci.sys
    0x892A0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x892AB000 \SystemRoot\System32\drivers\partmgr.sys
    0x892BC000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x892C4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x892CF000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x892DF000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8932A000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x89331000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8933F000 \SystemRoot\System32\drivers\mountmgr.sys
    0x89355000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8935E000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x89381000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8938A000 \SystemRoot\system32\drivers\fltmgr.sys
    0x893BE000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8942F000 \SystemRoot\system32\drivers\mfehidk.sys
    0x8948C000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x895BB000 \SystemRoot\System32\Drivers\msrpc.sys
    0x895E6000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x895F9000 \SystemRoot\System32\Drivers\cng.sys
    0x89656000 \SystemRoot\System32\drivers\pcw.sys
    0x89664000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8966D000 \SystemRoot\system32\drivers\ndis.sys
    0x89724000 \SystemRoot\system32\drivers\NETIO.SYS
    0x89762000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x89787000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x897C6000 \SystemRoot\System32\Drivers\spldr.sys
    0x897CE000 \SystemRoot\System32\drivers\rdyboost.sys
    0x89400000 \SystemRoot\System32\Drivers\mup.sys
    0x89410000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x89813000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x89845000 \SystemRoot\system32\DRIVERS\disk.sys
    0x89856000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x898CC000 \SystemRoot\System32\Drivers\Null.SYS
    0x898D3000 \SystemRoot\System32\Drivers\Beep.SYS
    0x898DA000 \SystemRoot\System32\drivers\vga.sys
    0x898E6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x89907000 \SystemRoot\System32\drivers\watchdog.sys
    0x89914000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8991C000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x89924000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x8992C000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x89937000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x89945000 \SystemRoot\System32\drivers\tcpip.sys
    0x89A8E000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x89ABF000 \SystemRoot\system32\drivers\mfewfpk.sys
    0x89AE5000 \SystemRoot\system32\drivers\TDI.SYS
    0x89AF0000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x89B07000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x89B39000 \SystemRoot\system32\drivers\afd.sys
    0x89B93000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x89B9A000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x89BB9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x89BCA000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
    0x89BD8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x89BE6000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x89800000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x898AD000 \??\C:\windows\system32\Drivers\SABI.sys
    0x8F806000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8F847000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8F851000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8F85B000 \SystemRoot\System32\drivers\discache.sys
    0x8F867000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8F87F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x8F88D000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8F8AE000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8F8C0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8F8D8000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x8F90F000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8F911000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8F91E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8F92B000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x8F934000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x8F93E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8F989000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8F998000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x9102E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x9198D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x9198F000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x91A46000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x91A7F000 \SystemRoot\system32\DRIVERS\rtl819xp.sys
    0x91B12000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x91B1C000 \SystemRoot\system32\DRIVERS\yk62x86.sys
    0x91B6C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x91B75000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x91B79000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x91B86000 \SystemRoot\system32\DRIVERS\dne2000.sys
    0x91BA5000 \SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
    0x91BAF000 \SystemRoot\system32\drivers\portcls.sys
    0x91BDE000 \SystemRoot\system32\drivers\drmk.sys
    0x8F9B7000 \SystemRoot\system32\drivers\ks.sys
    0x91000000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x91012000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8F9EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8F9F6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8FA18000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8FA30000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8FA47000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x91BF7000 \SystemRoot\system32\DRIVERS\tap0901.sys
    0x91BFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8FA5E000 \SystemRoot\system32\DRIVERS\NETGEARUHOST.sys
    0x8FA67000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8FA75000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8FAB9000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8FACA000 \SystemRoot\system32\DRIVERS\NETGEARUHUB.sys
    0x93411000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x936B0000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x936C3000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x936E7000 \SystemRoot\system32\drivers\mfefirek.sys
    0x93732000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x9373F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x9374A000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x93753000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x93C00000 \SystemRoot\System32\win32k.sys
    0x93764000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9376E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x93785000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x937A4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x937AA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x937C1000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x93E60000 \SystemRoot\System32\TSDDD.dll
    0x93E90000 \SystemRoot\System32\cdd.dll
    0x937CC000 \SystemRoot\system32\drivers\luafv.sys
    0x8FAD9000 \SystemRoot\system32\drivers\WudfPf.sys
    0x937E7000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8FAF3000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x93400000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8FB39000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x8FB4C000 \SystemRoot\system32\drivers\HTTP.sys
    0x8FBD1000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x8FBEA000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x8987B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9C438000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9C473000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9C4A6000 \??\C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
    0x9C4BE000 \SystemRoot\system32\drivers\peauth.sys
    0x9C555000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9C55F000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9C580000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9C58D000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9C5DC000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9C651000 \SystemRoot\system32\drivers\cfwids.sys
    0x9C65D000 \SystemRoot\system32\drivers\mfeapfk.sys
    0x9C673000 \SystemRoot\system32\drivers\mfebopk.sys
    0x77A40000 \Windows\System32\ntdll.dll
    0x47FF0000 \Windows\System32\smss.exe
    0x77C80000 \Windows\System32\apisetschema.dll
    0x00B00000 \Windows\System32\autochk.exe
    0x77C60000 \Windows\System32\normaliz.dll
    0x77B90000 \Windows\System32\msctf.dll
    0x77900000 \Windows\System32\urlmon.dll
    0x778A0000 \Windows\System32\difxapi.dll
    0x77840000 \Windows\System32\shlwapi.dll
    0x776E0000 \Windows\System32\ole32.dll
    0x776C0000 \Windows\System32\sechost.dll
    0x77620000 \Windows\System32\advapi32.dll
    0x775F0000 \Windows\System32\imagehlp.dll
    0x77510000 \Windows\System32\kernel32.dll
    0x77460000 \Windows\System32\msvcrt.dll
    0x77B80000 \Windows\System32\nsi.dll
    0x77360000 \Windows\System32\wininet.dll
    0x77350000 \Windows\System32\lpk.dll
    0x772B0000 \Windows\System32\usp10.dll
    0x77260000 \Windows\System32\gdi32.dll
    0x771B0000 \Windows\System32\rpcrt4.dll
    0x77160000 \Windows\System32\Wldap32.dll
    0x76F60000 \Windows\System32\iertutil.dll
    0x76F20000 \Windows\System32\ws2_32.dll
    0x76F10000 \Windows\System32\psapi.dll
    0x76D70000 \Windows\System32\setupapi.dll
    0x76CA0000 \Windows\System32\user32.dll
    0x76050000 \Windows\System32\shell32.dll
    0x76030000 \Windows\System32\imm32.dll
    0x75FA0000 \Windows\System32\oleaut32.dll
    0x75F10000 \Windows\System32\clbcatq.dll
    0x75E90000 \Windows\System32\comdlg32.dll
    0x75E60000 \Windows\System32\wintrust.dll
    0x75E30000 \Windows\System32\cfgmgr32.dll
    0x75E10000 \Windows\System32\devobj.dll
    0x75CF0000 \Windows\System32\crypt32.dll
    0x75C60000 \Windows\System32\comctl32.dll
    0x75C10000 \Windows\System32\KernelBase.dll
    0x75C00000 \Windows\System32\msasn1.dll

    Processes (total 67):
    0 System Idle Process
    4 System
    280 C:\Windows\System32\smss.exe
    508 csrss.exe
    560 C:\Windows\System32\wininit.exe
    576 csrss.exe
    620 C:\Windows\System32\services.exe
    628 C:\Windows\System32\lsass.exe
    640 C:\Windows\System32\lsm.exe
    748 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\winlogon.exe
    836 C:\Windows\System32\nvvsvc.exe
    888 C:\Windows\System32\svchost.exe
    956 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1088 C:\Windows\System32\svchost.exe
    1164 C:\Windows\System32\audiodg.exe
    1204 C:\Windows\System32\svchost.exe
    1280 C:\Windows\System32\nvvsvc.exe
    1352 C:\Windows\System32\svchost.exe
    1524 C:\Windows\System32\spoolsv.exe
    1560 C:\Windows\System32\svchost.exe
    1596 C:\Windows\System32\taskhost.exe
    1748 C:\Windows\System32\dwm.exe
    1788 C:\Windows\explorer.exe
    1848 C:\Windows\System32\taskeng.exe
    1944 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
    1964 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    1976 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    2000 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    260 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    324 C:\Program Files\Bonjour\mDNSResponder.exe
    344 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    976 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    1492 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    1760 C:\Windows\System32\rundll32.exe
    1840 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    1992 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    1460 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
    316 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2124 C:\Program Files\iTunes\iTunesHelper.exe
    2148 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2256 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    2280 C:\Program Files\McAfee.com\Agent\mcagent.exe
    2296 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2332 C:\Windows\System32\Rezip.exe
    2360 C:\Windows\System32\svchost.exe
    2420 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2456 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    2524 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    2744 WmiPrvSE.exe
    2756 C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
    3084 C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
    3104 C:\Windows\System32\svchost.exe
    3288 C:\Windows\System32\svchost.exe
    3388 C:\Windows\System32\svchost.exe
    3648 C:\Program Files\iPod\bin\iPodService.exe
    3864 C:\Windows\System32\SearchIndexer.exe
    4012 C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
    4076 C:\Windows\System32\SearchProtocolHost.exe
    2072 C:\Windows\System32\SearchFilterHost.exe
    692 C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
    856 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2268 WmiPrvSE.exe
    4272 C:\Users\Jenni\Desktop\MBRCheck.exe
    4288 C:\Windows\System32\conhost.exe
    4320 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000029`57a00000 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good :)
    Good job :)

    Now, disable McAfee before even attempting to download Combofix and go for Combofix scan.
     
  19. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    Hi did Combofix scan - during the process a window popped up said PEV.exe has stopped working - but the scan completed and below is the log:

    ComboFix 10-08-27.03 - Jenni 29/08/2010 10:19:01.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1790.1041 [GMT 10:00]
    Running from: c:\users\Jenni\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\FullRemove.exe
    c:\windows\SEC
    c:\windows\SEC\172100logo.bmp
    c:\windows\SEC\banner.png
    c:\windows\SEC\Computer.png
    c:\windows\SEC\Media _S_ Logo.png
    c:\windows\SEC\Samsung.png
    c:\windows\SEC\Samsung2.png
    c:\windows\SEC\SamsungLogo.png
    c:\windows\SEC\Thumbs.db
    c:\windows\SEC\Wallpapers\Thumbs.db
    c:\windows\SEC\Wallpapers\wallpaper.jpg
    c:\windows\SEC\Wallpapers\wallpaper1.jpg
    c:\windows\SEC\Wallpapers\Wallpaper2.jpg

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
    .

    2010-08-29 00:40 . 2010-08-29 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-08-29 00:14 . 2010-08-29 00:15 -------- d-----w- C:\32788R22FWJFW
    2010-08-26 13:25 . 2010-08-26 13:25 -------- d-----w- c:\users\Jenni\AppData\Roaming\Malwarebytes
    2010-08-26 13:24 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-26 13:24 . 2010-08-26 13:24 -------- d-----w- c:\programdata\Malwarebytes
    2010-08-26 13:24 . 2010-08-26 13:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-26 13:24 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-25 09:24 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2010-08-20 13:50 . 2010-05-31 10:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-08-20 13:49 . 2010-05-31 10:32 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-08-20 13:49 . 2010-05-31 10:32 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2010-08-20 13:49 . 2010-05-31 10:32 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2010-08-20 13:49 . 2010-05-31 10:32 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-08-20 13:49 . 2010-05-31 10:32 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-08-20 13:49 . 2010-05-31 10:32 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-08-12 22:06 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-08-03 12:16 . 2010-08-03 12:16 -------- d-----w- c:\users\Jenni\AppData\Local\assembly
    2010-08-03 12:12 . 2010-08-03 12:12 -------- d-----w- c:\programdata\TechSmith
    2010-08-03 12:12 . 2010-08-03 12:12 -------- d-----w- c:\users\Jenni\AppData\Local\TechSmith
    2010-08-03 12:12 . 2010-08-03 12:12 -------- d-----w- c:\program files\TechSmith
    2010-08-01 05:39 . 2010-08-01 05:40 -------- d-----w- c:\program files\etax2010
    2010-07-31 11:33 . 2010-07-31 11:33 -------- d-----w- C:\etax2009

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-25 13:41 . 2010-02-20 11:16 -------- d-----w- c:\program files\Nero
    2010-08-21 22:16 . 2009-09-22 09:53 -------- d-----w- c:\program files\McAfee.com
    2010-08-20 22:08 . 2009-09-22 09:53 -------- d-----w- c:\program files\McAfee
    2010-08-20 22:07 . 2009-09-22 09:55 -------- d-----w- c:\program files\Common Files\McAfee
    2010-08-13 13:28 . 2009-09-22 10:17 -------- d-----w- c:\programdata\Microsoft Help
    2010-08-10 16:31 . 2009-09-22 09:41 -------- d-----w- c:\program files\Common Files\Adobe
    2010-07-29 06:30 . 2010-08-12 22:05 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30 . 2010-08-12 22:05 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-07-24 07:20 . 2010-07-24 07:20 -------- d-----w- c:\program files\Common Files\Java
    2010-07-24 07:17 . 2009-12-08 12:52 -------- d-----w- c:\program files\Java
    2010-07-10 05:39 . 2010-07-10 00:25 -------- d-----w- c:\program files\iTunes
    2010-07-10 05:39 . 2010-07-10 00:04 -------- d-----w- c:\program files\iPod
    2010-07-10 05:39 . 2010-02-03 11:39 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-10 00:14 . 2010-02-03 11:49 -------- d-----w- c:\users\Jenni\AppData\Roaming\Apple Computer
    2010-07-10 00:04 . 2010-07-10 00:04 -------- d-----w- c:\program files\CD Configuration
    2010-07-09 23:59 . 2010-07-09 23:57 -------- d-----w- c:\program files\QuickTime
    2010-07-09 23:54 . 2010-07-09 23:54 -------- d-----w- c:\program files\Apple Software Update
    2010-07-09 23:51 . 2010-07-09 23:51 -------- d-----w- c:\program files\Bonjour
    2010-07-09 23:50 . 2009-09-22 10:20 -------- d-----w- c:\program files\Microsoft.NET
    2010-06-30 06:25 . 2010-08-12 22:05 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-06-22 02:47 . 2010-08-12 22:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-22 02:47 . 2010-08-12 22:05 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-06-22 02:47 . 2010-08-12 22:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-06-21 18:36 . 2010-04-28 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-19 06:33 . 2010-08-12 22:05 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-06-19 06:33 . 2010-08-12 22:05 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-06-19 06:23 . 2010-08-12 22:05 37376 ----a-w- c:\windows\system32\rtutils.dll
    2010-06-19 04:07 . 2010-08-12 22:05 2326016 ----a-w- c:\windows\system32\win32k.sys
    2010-06-16 05:48 . 2010-08-12 22:05 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-06-15 10:01 . 2010-06-15 10:01 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
    2010-06-08 06:02 . 2010-08-12 22:05 1233920 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
    2010-05-31 10:32 . 2009-09-22 09:58 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-05-31 10:32 . 2009-09-22 09:58 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-05-31 10:32 . 2009-09-22 09:58 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-05-31 10:32 . 2010-08-20 13:50 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-22 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-09 13797920]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Jenni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-02 18:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-03-23 17:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2009-03-17 16:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
    2009-05-19 07:39 136544 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-06-15 06:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
    2009-04-15 14:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 12:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
    2009-04-15 14:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-09-22 10:46 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
    2009-02-25 03:40 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
    R3 NETGEARUCOMP;NETGEAR Network USB Composite Device;c:\windows\system32\DRIVERS\NETGEARUCOMP.sys [2007-03-08 14336]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [2009-08-10 78360]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
    S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
    S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-05-31 55456]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
    S3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\DRIVERS\NETGEARUHOST.sys [2007-03-08 13824]
    S3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\DRIVERS\NETGEARUHUB.sys [2007-03-08 35840]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
    S3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-06-23 538624]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-08-31 25704]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-06-15 313856]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    FF - ProfilePath - c:\users\Jenni\AppData\Roaming\Mozilla\Firefox\Profiles\2hxks07h.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
    FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
    FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: c:\program files\Citrix\Access Gateway\npcagse.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Jenni\AppData\Roaming\Mozilla\plugins\npatgpc.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-08-29 10:47:56
    ComboFix-quarantined-files.txt 2010-08-29 00:47

    Pre-Run: 94,771,027,968 bytes free
    Post-Run: 95,405,305,856 bytes free

    - - End Of File - - 275C184F1BFD1668973D8F520D6D66C9
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good :)

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    hi - olt txt file is too big and I can't see an attach option
     
  22. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    OLT attachments

    Changed from quick reply adn found the attachments option - sorry - still finding my way
     

    Attached Files:

  23. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 143 bytes -> C:\Users\Jenni\AppData\Roaming\default.rss:OECustomProperty
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  24. ozmuse

    ozmuse TS Rookie Topic Starter Posts: 40

    Results of OTL:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ADS C:\Users\Jenni\AppData\Roaming\default.rss:OECustomProperty deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jenni
    ->Temp folder emptied: 20120 bytes
    ->Temporary Internet Files folder emptied: 269716 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 49263180 bytes
    ->Flash cache emptied: 1048 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 1941439 bytes

    Total Files Cleaned = 49.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Jenni
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.11.0 log created on 08292010_121345

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  25. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Go on...........
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...