Solved My email and passwords have been compromised

[ozmuse]

Hi - I have some kind of problem with security on my laptop as my ebay account and possibly email accounts have been compromised.

I have been running McAfee constantly and no alerts and have run virus scan and malware bytes and no alerts. I followed the steps in the revised 8 step virus/spyware removal and I include the info as required below so that hopefully someone can help me.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4488

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/08/2010 11:01:35 PM
mbam-log-2010-08-27 (23-01-35).txt

Scan type: Quick scan
Objects scanned: 130830
Time elapsed: 11 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)



DDS (Ver_10-03-17.01) - NTFSx86
Run by Jenni at 23:05:48.20 on Fri 27/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1790.1004 [GMT 10:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
C:\windows\SYSTEM32\Rezip.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\windows\System32\rundll32.exe
C:\windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\explorer.exe
C:\Users\Jenni\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100820235027.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 10\Snagit32.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jenni\appdata\roaming\mozilla\firefox\profiles\2hxks07h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\citrix\access gateway\npcagse.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jenni\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-22 385880]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-20 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-20 160720]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-22 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 cag;Citrix cag plugin for Access Gateway;c:\program files\common files\deterministic networks\common files\cag.sys [2009-8-10 78360]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-6-23 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-20 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-20 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-20 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-20 141792]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2009-9-22 44312]
R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-9-22 311296]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-20 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-22 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-22 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-20 312616]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2009-12-7 13824]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2009-12-7 35840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-9-22 538624]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-2-21 25704]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-6-15 313856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-5 29472]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-22 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-20 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-22 40552]
S3 NETGEARUCOMP;NETGEAR Network USB Composite Device;c:\windows\system32\drivers\NETGEARUCOMP.sys [2009-12-7 14336]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-7 1343400]

=============== Created Last 30 ================

2010-08-26 13:25:01 0 d-----w- c:\users\jenni\appdata\roaming\Malwarebytes
2010-08-26 13:24:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 13:24:38 0 d-----w- c:\programdata\Malwarebytes
2010-08-26 13:24:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 13:24:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 09:24:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-20 13:50:27 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-20 13:49:40 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-20 13:49:40 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-20 13:49:40 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-20 13:49:39 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-20 13:49:39 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-20 13:49:39 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-12 22:06:26 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-03 12:12:37 0 d-----w- c:\programdata\TechSmith
2010-08-01 05:39:38 0 d-----w- c:\program files\etax2010
2010-07-31 11:33:21 0 d-----w- C:\etax2009

==================== Find3M ====================

2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-21 18:36:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:08:06.54 ===============


I wasn't sure about adding the DDS attach ? should I also just cut and paste that into the thread ?

 

[Broni]

Yes, please.
GMER log is missing.

 

[ozmuse]

the dds attach log

Below is the DDS attach log. I don't have GMER as I am on Windows 7.
Thanks



DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/12/2009 1:00:51 PM
System Uptime: 27/08/2010 10:21:16 PM (1 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N510
Processor: Intel(R) Atom(TM) CPU N280 @ 1.66GHz | U2E1 | 1667/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 150 GiB total, 88.466 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 67.424 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB Video Device
Device ID: USB\VID_04F2&PID_B147&MI_00\6&245C1D47&0&0000
Manufacturer: Microsoft
Name: WebCam SCB-1600C
PNP Device ID: USB\VID_04F2&PID_B147&MI_00\6&245C1D47&0&0000
Service: usbvideo

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: BCM2046 Bluetooth Module
Device ID: USB\VID_0A5C&PID_2151\0C6076D4285E
Manufacturer: Broadcom
Name: BCM2046 Bluetooth Module
PNP Device ID: USB\VID_0A5C&PID_2151\0C6076D4285E
Service: BTHUSB

==== System Restore Points ===================

RP94: 24/07/2010 5:15:28 PM - Installed Java(TM) 6 Update 21
RP95: 1/08/2010 12:31:00 PM - Scheduled Checkpoint
RP96: 1/08/2010 3:38:50 PM - Installed e-tax 2010
RP97: 3/08/2010 10:11:20 PM - Installed Snagit 10
RP98: 4/08/2010 1:57:39 AM - Windows Update
RP99: 13/08/2010 11:18:23 PM - Windows Update
RP100: 22/08/2010 9:32:28 AM - Scheduled Checkpoint
RP102: 25/08/2010 8:16:54 AM - Removed Nero 9 Trial 4.4.9.0
RP103: 26/08/2010 2:59:12 AM - Windows Update

==== Installed Programs ======================

3 Mobile Broadband
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.2
Advertising Center
Alice Greenfingers
Any Video Converter 3.0.3
AnyPC Client
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Installation Program
Barnes & Noble Desktop Reader
BatteryLifeExtender
Bonjour
Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data
Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Canon MP990 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Easy-PhotoPrint Pro
Canon Utilities My Printer
Canon Utilities Solution Menu
CD-LabelPrint
ChargeableUSB
Citrix Access Gateway Plugin
CyberLink PowerDVD 8
CyberLink YouCam
Dairy Dash
Daniusoft Media Converter Ultimate(Build 2.5.1.4)
DolbyFiles
e-tax 2010
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
Elf Bowling Hawaiian Vacation
Farm Frenzy 2
FastStone Capture 6.5
Game Pack
Go-Go Gourmet
Google Toolbar for Internet Explorer
ImagXpress
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Malwarebytes' Anti-Malware
Marvell Miniport Driver
McAfee SecurityCenter
Media Player Classic - Home Cinema v. 1.3.1249.0
Menu Templates - Starter Kit
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Activation Assistant for Netbooks
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
Mozilla Firefox (3.5.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero Disc Copy Gadget
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NVIDIA Drivers
OpenVPN 2.1.1
Picasa 3
QuickTime
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Snagit 10
SoundTrax
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
User Guide
WebEx
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Xvid 1.2.2 final uninstall

==== Event Viewer Messages From Past Week ========

27/08/2010 10:41:03 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
27/08/2010 10:22:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
27/08/2010 10:22:31 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=23) while initializing logging resources for channel Microsoft-Windows-NetworkProfile/Operational.
26/08/2010 12:00:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
22/08/2010 11:59:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
22/08/2010 11:58:52 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831

==== End Of File ===========================

 

[Broni]

GMER will run on Windows 7 32-bit.

 

[ozmuse]

Hi - I followed the steps and ran GMER and it stopped working saying windows would close the program. I then had a blue screen and had to restart

 

[Broni]

Happens

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[ozmuse]

MBER report below
BRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: N510
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 194):
0x83418000 \SystemRoot\system32\ntoskrnl.exe
0x83818000 \SystemRoot\system32\halmacpi.dll
0x80BC9000 \SystemRoot\system32\kdcom.dll
0x8903B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x890B3000 \SystemRoot\system32\PSHED.dll
0x890C4000 \SystemRoot\system32\BOOTVID.dll
0x890CC000 \SystemRoot\system32\CLFS.SYS
0x8910E000 \SystemRoot\system32\CI.dll
0x891B9000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8922A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x89238000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x89280000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x89289000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x89291000 \SystemRoot\system32\DRIVERS\pci.sys
0x892BB000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x892C6000 \SystemRoot\System32\drivers\partmgr.sys
0x892D7000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x892DF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x892EA000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x892FA000 \SystemRoot\System32\drivers\volmgrx.sys
0x89345000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8934C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8935A000 \SystemRoot\System32\drivers\mountmgr.sys
0x89370000 \SystemRoot\system32\DRIVERS\atapi.sys
0x89379000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8939C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x893A5000 \SystemRoot\system32\drivers\fltmgr.sys
0x893D9000 \SystemRoot\system32\drivers\fileinfo.sys
0x8943B000 \SystemRoot\system32\drivers\mfehidk.sys
0x89498000 \SystemRoot\System32\Drivers\Ntfs.sys
0x895C7000 \SystemRoot\System32\Drivers\msrpc.sys
0x895F2000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89605000 \SystemRoot\System32\Drivers\cng.sys
0x89662000 \SystemRoot\System32\drivers\pcw.sys
0x89670000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x89679000 \SystemRoot\system32\drivers\ndis.sys
0x89730000 \SystemRoot\system32\drivers\NETIO.SYS
0x8976E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89793000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x897D2000 \SystemRoot\System32\Drivers\spldr.sys
0x89400000 \SystemRoot\System32\drivers\rdyboost.sys
0x897DA000 \SystemRoot\System32\Drivers\mup.sys
0x897EA000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89000000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x893EA000 \SystemRoot\system32\DRIVERS\disk.sys
0x89815000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8988B000 \SystemRoot\System32\Drivers\Null.SYS
0x89892000 \SystemRoot\System32\Drivers\Beep.SYS
0x89899000 \SystemRoot\System32\drivers\vga.sys
0x898A5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x898C6000 \SystemRoot\System32\drivers\watchdog.sys
0x898D3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x898DB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x898E3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x898EB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x898F6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89904000 \SystemRoot\System32\drivers\tcpip.sys
0x89A4D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89A7E000 \SystemRoot\system32\drivers\mfewfpk.sys
0x89AA4000 \SystemRoot\system32\drivers\TDI.SYS
0x89AAF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89AC6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89AF8000 \SystemRoot\system32\drivers\afd.sys
0x89B52000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x89B59000 \SystemRoot\system32\DRIVERS\pacer.sys
0x89B78000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x89B89000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x89B97000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89BA5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x89BB8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x89BC8000 \??\C:\windows\system32\Drivers\SABI.sys
0x90038000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90079000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90083000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9008D000 \SystemRoot\System32\drivers\discache.sys
0x90099000 \SystemRoot\System32\Drivers\dfsc.sys
0x900B1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x900BF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x900E0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x900F2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9010A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90141000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90143000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90150000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9015D000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x90166000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x90170000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x901BB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x901CA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91030000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9198F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x91991000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91A48000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91A81000 \SystemRoot\system32\DRIVERS\rtl819xp.sys
0x91B14000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x91B1E000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x91B6E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x91B77000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91B7B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91B88000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x91BA7000 \SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
0x91BB1000 \SystemRoot\system32\drivers\portcls.sys
0x91BE0000 \SystemRoot\system32\drivers\drmk.sys
0x901E9000 \SystemRoot\system32\drivers\ks.sys
0x91000000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91012000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9021D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90228000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9024A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90262000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90279000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91BF9000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x9102A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90290000 \SystemRoot\system32\DRIVERS\NETGEARUHOST.sys
0x90299000 \SystemRoot\system32\DRIVERS\umbus.sys
0x902A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x902EB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x902FC000 \SystemRoot\system32\DRIVERS\NETGEARUHUB.sys
0x9302B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x932CA000 \SystemRoot\system32\drivers\nvhda32v.sys
0x932DD000 \SystemRoot\system32\drivers\mfeavfk.sys
0x93301000 \SystemRoot\system32\drivers\mfefirek.sys
0x944B0000 \SystemRoot\System32\win32k.sys
0x9334C000 \SystemRoot\System32\drivers\Dxapi.sys
0x93356000 \SystemRoot\System32\Drivers\crashdmp.sys
0x93363000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9336E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x93377000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93388000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9339F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94710000 \SystemRoot\System32\TSDDD.dll
0x94740000 \SystemRoot\System32\cdd.dll
0x933AA000 \SystemRoot\system32\drivers\luafv.sys
0x933C5000 \SystemRoot\system32\drivers\WudfPf.sys
0x933DF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9030B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x933EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x93000000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x90351000 \SystemRoot\system32\drivers\HTTP.sys
0x903D6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x93013000 \SystemRoot\System32\drivers\mpsdrv.sys
0x90000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8983A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x89BD0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CC00000 \??\C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
0x9CC18000 \SystemRoot\system32\drivers\peauth.sys
0x9CCAF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CCB9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9CCDA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CCE7000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CD36000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CDAB000 \SystemRoot\system32\drivers\cfwids.sys
0x9CE04000 \SystemRoot\system32\drivers\mfeapfk.sys
0x9CE1A000 \SystemRoot\system32\drivers\mfebopk.sys
0x9CE8F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x774A0000 \Windows\System32\ntdll.dll
0x475F0000 \Windows\System32\smss.exe
0x776E0000 \Windows\System32\apisetschema.dll
0x007A0000 \Windows\System32\autochk.exe
0x776C0000 \Windows\System32\nsi.dll
0x77340000 \Windows\System32\ole32.dll
0x776A0000 \Windows\System32\imm32.dll
0x766F0000 \Windows\System32\shell32.dll
0x77690000 \Windows\System32\normaliz.dll
0x77630000 \Windows\System32\shlwapi.dll
0x76620000 \Windows\System32\msctf.dll
0x77620000 \Windows\System32\psapi.dll
0x765D0000 \Windows\System32\gdi32.dll
0x77610000 \Windows\System32\lpk.dll
0x76580000 \Windows\System32\Wldap32.dll
0x764B0000 \Windows\System32\user32.dll
0x76450000 \Windows\System32\difxapi.dll
0x76370000 \Windows\System32\kernel32.dll
0x76230000 \Windows\System32\urlmon.dll
0x761A0000 \Windows\System32\clbcatq.dll
0x76100000 \Windows\System32\usp10.dll
0x775E0000 \Windows\System32\imagehlp.dll
0x760C0000 \Windows\System32\ws2_32.dll
0x75FC0000 \Windows\System32\wininet.dll
0x75F10000 \Windows\System32\rpcrt4.dll
0x75E90000 \Windows\System32\comdlg32.dll
0x75CF0000 \Windows\System32\setupapi.dll
0x75CD0000 \Windows\System32\sechost.dll
0x75C30000 \Windows\System32\advapi32.dll
0x75A30000 \Windows\System32\iertutil.dll
0x75980000 \Windows\System32\msvcrt.dll
0x758F0000 \Windows\System32\oleaut32.dll
0x757D0000 \Windows\System32\crypt32.dll
0x75740000 \Windows\System32\comctl32.dll
0x75710000 \Windows\System32\cfgmgr32.dll
0x756E0000 \Windows\System32\wintrust.dll
0x75690000 \Windows\System32\KernelBase.dll
0x75670000 \Windows\System32\devobj.dll
0x75660000 \Windows\System32\msasn1.dll

Processes (total 64):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
500 csrss.exe
560 C:\Windows\System32\wininit.exe
572 csrss.exe
608 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\nvvsvc.exe
868 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\winlogon.exe
968 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\nvvsvc.exe
1364 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\spoolsv.exe
1576 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\taskhost.exe
1744 C:\Windows\System32\dwm.exe
1784 C:\Windows\explorer.exe
1904 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1940 C:\Program Files\Bonjour\mDNSResponder.exe
1980 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2028 C:\Windows\System32\taskeng.exe
180 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
704 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
776 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
556 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
1036 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
1324 C:\Windows\System32\rundll32.exe
1348 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2040 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
1568 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2056 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2104 C:\Program Files\iTunes\iTunesHelper.exe
2112 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2200 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2220 C:\Program Files\McAfee.com\Agent\mcagent.exe
2256 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2276 C:\Windows\System32\Rezip.exe
2312 C:\Windows\System32\svchost.exe
2368 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2416 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2500 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2736 C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
2824 C:\Windows\System32\svchost.exe
2972 C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
3280 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3288 C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
3392 C:\Windows\System32\SearchIndexer.exe
3796 C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
3072 C:\Program Files\iPod\bin\iPodService.exe
1860 C:\Windows\System32\svchost.exe
1648 C:\Program Files\Mozilla Firefox\firefox.exe
1556 C:\Program Files\Windows Media Player\wmpnetwk.exe
5280 C:\Windows\System32\wuauclt.exe
5408 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
5484 C:\Users\Jenni\Desktop\MBRCheck.exe
6044 C:\Windows\System32\conhost.exe
3444 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000029`57a00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

[ozmuse]

Hi Broni I downloaded Combofix but got a mcAfee advice that Artemis! was detected

 

[Broni]

This is very common issue with McAfee. It gets triggered by widely used, safe tools like Combofix.
Did I tell you, I really dislike McAfee?
We'll get back to Combofix, but for now, we have MBR issue:

Found non-standard or infected MBR.

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Press the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 5 for Windows 7, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.

 

[ozmuse]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: N510
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 194):
0x83418000 \SystemRoot\system32\ntoskrnl.exe
0x83818000 \SystemRoot\system32\halmacpi.dll
0x80BC9000 \SystemRoot\system32\kdcom.dll
0x8903B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x890B3000 \SystemRoot\system32\PSHED.dll
0x890C4000 \SystemRoot\system32\BOOTVID.dll
0x890CC000 \SystemRoot\system32\CLFS.SYS
0x8910E000 \SystemRoot\system32\CI.dll
0x891B9000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8922A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x89238000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x89280000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x89289000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x89291000 \SystemRoot\system32\DRIVERS\pci.sys
0x892BB000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x892C6000 \SystemRoot\System32\drivers\partmgr.sys
0x892D7000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x892DF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x892EA000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x892FA000 \SystemRoot\System32\drivers\volmgrx.sys
0x89345000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8934C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8935A000 \SystemRoot\System32\drivers\mountmgr.sys
0x89370000 \SystemRoot\system32\DRIVERS\atapi.sys
0x89379000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8939C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x893A5000 \SystemRoot\system32\drivers\fltmgr.sys
0x893D9000 \SystemRoot\system32\drivers\fileinfo.sys
0x8943B000 \SystemRoot\system32\drivers\mfehidk.sys
0x89498000 \SystemRoot\System32\Drivers\Ntfs.sys
0x895C7000 \SystemRoot\System32\Drivers\msrpc.sys
0x895F2000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89605000 \SystemRoot\System32\Drivers\cng.sys
0x89662000 \SystemRoot\System32\drivers\pcw.sys
0x89670000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x89679000 \SystemRoot\system32\drivers\ndis.sys
0x89730000 \SystemRoot\system32\drivers\NETIO.SYS
0x8976E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89793000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x897D2000 \SystemRoot\System32\Drivers\spldr.sys
0x89400000 \SystemRoot\System32\drivers\rdyboost.sys
0x897DA000 \SystemRoot\System32\Drivers\mup.sys
0x897EA000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89000000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x893EA000 \SystemRoot\system32\DRIVERS\disk.sys
0x89815000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8988B000 \SystemRoot\System32\Drivers\Null.SYS
0x89892000 \SystemRoot\System32\Drivers\Beep.SYS
0x89899000 \SystemRoot\System32\drivers\vga.sys
0x898A5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x898C6000 \SystemRoot\System32\drivers\watchdog.sys
0x898D3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x898DB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x898E3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x898EB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x898F6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89904000 \SystemRoot\System32\drivers\tcpip.sys
0x89A4D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89A7E000 \SystemRoot\system32\drivers\mfewfpk.sys
0x89AA4000 \SystemRoot\system32\drivers\TDI.SYS
0x89AAF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89AC6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89AF8000 \SystemRoot\system32\drivers\afd.sys
0x89B52000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x89B59000 \SystemRoot\system32\DRIVERS\pacer.sys
0x89B78000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x89B89000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x89B97000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89BA5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x89BB8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x89BC8000 \??\C:\windows\system32\Drivers\SABI.sys
0x90038000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90079000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90083000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9008D000 \SystemRoot\System32\drivers\discache.sys
0x90099000 \SystemRoot\System32\Drivers\dfsc.sys
0x900B1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x900BF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x900E0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x900F2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9010A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90141000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90143000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90150000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9015D000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x90166000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x90170000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x901BB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x901CA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91030000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9198F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x91991000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91A48000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91A81000 \SystemRoot\system32\DRIVERS\rtl819xp.sys
0x91B14000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x91B1E000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x91B6E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x91B77000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91B7B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91B88000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x91BA7000 \SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
0x91BB1000 \SystemRoot\system32\drivers\portcls.sys
0x91BE0000 \SystemRoot\system32\drivers\drmk.sys
0x901E9000 \SystemRoot\system32\drivers\ks.sys
0x91000000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91012000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9021D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90228000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9024A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90262000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90279000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91BF9000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x9102A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90290000 \SystemRoot\system32\DRIVERS\NETGEARUHOST.sys
0x90299000 \SystemRoot\system32\DRIVERS\umbus.sys
0x902A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x902EB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x902FC000 \SystemRoot\system32\DRIVERS\NETGEARUHUB.sys
0x9302B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x932CA000 \SystemRoot\system32\drivers\nvhda32v.sys
0x932DD000 \SystemRoot\system32\drivers\mfeavfk.sys
0x93301000 \SystemRoot\system32\drivers\mfefirek.sys
0x944B0000 \SystemRoot\System32\win32k.sys
0x9334C000 \SystemRoot\System32\drivers\Dxapi.sys
0x93356000 \SystemRoot\System32\Drivers\crashdmp.sys
0x93363000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9336E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x93377000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93388000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9339F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94710000 \SystemRoot\System32\TSDDD.dll
0x94740000 \SystemRoot\System32\cdd.dll
0x933AA000 \SystemRoot\system32\drivers\luafv.sys
0x933C5000 \SystemRoot\system32\drivers\WudfPf.sys
0x933DF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9030B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x933EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x93000000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x90351000 \SystemRoot\system32\drivers\HTTP.sys
0x903D6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x93013000 \SystemRoot\System32\drivers\mpsdrv.sys
0x90000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8983A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x89BD0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CC00000 \??\C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
0x9CC18000 \SystemRoot\system32\drivers\peauth.sys
0x9CCAF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CCB9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9CCDA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CCE7000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CD36000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CDAB000 \SystemRoot\system32\drivers\cfwids.sys
0x9CE04000 \SystemRoot\system32\drivers\mfeapfk.sys
0x9CE1A000 \SystemRoot\system32\drivers\mfebopk.sys
0x9CE8F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x774A0000 \Windows\System32\ntdll.dll
0x475F0000 \Windows\System32\smss.exe
0x776E0000 \Windows\System32\apisetschema.dll
0x007A0000 \Windows\System32\autochk.exe
0x776C0000 \Windows\System32\nsi.dll
0x77340000 \Windows\System32\ole32.dll
0x776A0000 \Windows\System32\imm32.dll
0x766F0000 \Windows\System32\shell32.dll
0x77690000 \Windows\System32\normaliz.dll
0x77630000 \Windows\System32\shlwapi.dll
0x76620000 \Windows\System32\msctf.dll
0x77620000 \Windows\System32\psapi.dll
0x765D0000 \Windows\System32\gdi32.dll
0x77610000 \Windows\System32\lpk.dll
0x76580000 \Windows\System32\Wldap32.dll
0x764B0000 \Windows\System32\user32.dll
0x76450000 \Windows\System32\difxapi.dll
0x76370000 \Windows\System32\kernel32.dll
0x76230000 \Windows\System32\urlmon.dll
0x761A0000 \Windows\System32\clbcatq.dll
0x76100000 \Windows\System32\usp10.dll
0x775E0000 \Windows\System32\imagehlp.dll
0x760C0000 \Windows\System32\ws2_32.dll
0x75FC0000 \Windows\System32\wininet.dll
0x75F10000 \Windows\System32\rpcrt4.dll
0x75E90000 \Windows\System32\comdlg32.dll
0x75CF0000 \Windows\System32\setupapi.dll
0x75CD0000 \Windows\System32\sechost.dll
0x75C30000 \Windows\System32\advapi32.dll
0x75A30000 \Windows\System32\iertutil.dll
0x75980000 \Windows\System32\msvcrt.dll
0x758F0000 \Windows\System32\oleaut32.dll
0x757D0000 \Windows\System32\crypt32.dll
0x75740000 \Windows\System32\comctl32.dll
0x75710000 \Windows\System32\cfgmgr32.dll
0x756E0000 \Windows\System32\wintrust.dll
0x75690000 \Windows\System32\KernelBase.dll
0x75670000 \Windows\System32\devobj.dll
0x75660000 \Windows\System32\msasn1.dll

Processes (total 70):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
500 csrss.exe
560 C:\Windows\System32\wininit.exe
572 csrss.exe
608 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\nvvsvc.exe
868 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\winlogon.exe
968 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\nvvsvc.exe
1364 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\spoolsv.exe
1576 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\taskhost.exe
1744 C:\Windows\System32\dwm.exe
1784 C:\Windows\explorer.exe
1904 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1940 C:\Program Files\Bonjour\mDNSResponder.exe
1980 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2028 C:\Windows\System32\taskeng.exe
180 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
704 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
776 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
556 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
1036 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
1324 C:\Windows\System32\rundll32.exe
1348 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2040 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
1568 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2056 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2104 C:\Program Files\iTunes\iTunesHelper.exe
2112 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2200 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2220 C:\Program Files\McAfee.com\Agent\mcagent.exe
2256 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2276 C:\Windows\System32\Rezip.exe
2312 C:\Windows\System32\svchost.exe
2368 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2416 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2500 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2736 C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
2824 C:\Windows\System32\svchost.exe
2972 C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
3280 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3288 C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
3392 C:\Windows\System32\SearchIndexer.exe
3796 C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
3072 C:\Program Files\iPod\bin\iPodService.exe
1860 C:\Windows\System32\svchost.exe
1648 C:\Program Files\Mozilla Firefox\firefox.exe
1556 C:\Program Files\Windows Media Player\wmpnetwk.exe
5280 C:\Windows\System32\wuauclt.exe
5408 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
5484 C:\Users\Jenni\Desktop\MBRCheck.exe
6044 C:\Windows\System32\conhost.exe
5816 C:\Windows\System32\notepad.exe
3716 C:\Program Files\Common Files\McAfee\Core\mchost.exe
5348 C:\PROGRA~1\McAfee\MSC\mcuihost.exe
4656 WmiPrvSE.exe
4236 C:\Users\Jenni\Desktop\MBRCheck.exe
3932 C:\Windows\System32\conhost.exe
2088 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000029`57a00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows 7)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 5
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

 

[Broni]

Then reboot, run MBRCheck again and post new log.

 

[ozmuse]

After reboot:
BRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: N510
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 194):
0x83454000 \SystemRoot\system32\ntoskrnl.exe
0x8341D000 \SystemRoot\system32\halmacpi.dll
0x80BC7000 \SystemRoot\system32\kdcom.dll
0x89013000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8908B000 \SystemRoot\system32\PSHED.dll
0x8909C000 \SystemRoot\system32\BOOTVID.dll
0x890A4000 \SystemRoot\system32\CLFS.SYS
0x890E6000 \SystemRoot\system32\CI.dll
0x89191000 \SystemRoot\system32\drivers\Wdf01000.sys
0x89202000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x89210000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x89258000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x89261000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x89269000 \SystemRoot\system32\DRIVERS\pci.sys
0x89293000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8929E000 \SystemRoot\System32\drivers\partmgr.sys
0x892AF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x892B7000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x892C2000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x892D2000 \SystemRoot\System32\drivers\volmgrx.sys
0x8931D000 \SystemRoot\system32\DRIVERS\pciide.sys
0x89324000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x89332000 \SystemRoot\System32\drivers\mountmgr.sys
0x89348000 \SystemRoot\system32\DRIVERS\atapi.sys
0x89351000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x89374000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8937D000 \SystemRoot\system32\drivers\fltmgr.sys
0x893B1000 \SystemRoot\system32\drivers\fileinfo.sys
0x8941D000 \SystemRoot\system32\drivers\mfehidk.sys
0x8947A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x895A9000 \SystemRoot\System32\Drivers\msrpc.sys
0x895D4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x895E7000 \SystemRoot\System32\Drivers\cng.sys
0x89644000 \SystemRoot\System32\drivers\pcw.sys
0x89652000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8965B000 \SystemRoot\system32\drivers\ndis.sys
0x89712000 \SystemRoot\system32\drivers\NETIO.SYS
0x89750000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89775000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x897B4000 \SystemRoot\System32\Drivers\spldr.sys
0x897BC000 \SystemRoot\System32\drivers\rdyboost.sys
0x897E9000 \SystemRoot\System32\Drivers\mup.sys
0x89400000 \SystemRoot\System32\drivers\hwpolicy.sys
0x893C2000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89408000 \SystemRoot\system32\DRIVERS\disk.sys
0x8983E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x898B4000 \SystemRoot\System32\Drivers\Null.SYS
0x898BB000 \SystemRoot\System32\Drivers\Beep.SYS
0x898C2000 \SystemRoot\System32\drivers\vga.sys
0x898CE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x898EF000 \SystemRoot\System32\drivers\watchdog.sys
0x898FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x89904000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8990C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x89914000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8991F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8992D000 \SystemRoot\System32\drivers\tcpip.sys
0x89A76000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89AA7000 \SystemRoot\system32\drivers\mfewfpk.sys
0x89ACD000 \SystemRoot\system32\drivers\TDI.SYS
0x89AD8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89AEF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89B21000 \SystemRoot\system32\drivers\afd.sys
0x89B7B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x89B82000 \SystemRoot\system32\DRIVERS\pacer.sys
0x89BA1000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x89BB2000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x89BC0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89BCE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x89BE1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x89BF1000 \??\C:\windows\system32\Drivers\SABI.sys
0x8F821000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F862000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F86C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F876000 \SystemRoot\System32\drivers\discache.sys
0x8F882000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F89A000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8F8A8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F8C9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F8DB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F8F3000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F92A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F92C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F939000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F946000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8F94F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8F959000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F9A4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F9B3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92423000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x92D82000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x92D84000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92E3B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92E74000 \SystemRoot\system32\DRIVERS\rtl819xp.sys
0x92F07000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x92F11000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x92F61000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x92F6A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x92F6E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x92F7B000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x92F9A000 \SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
0x92FA4000 \SystemRoot\system32\drivers\portcls.sys
0x92FD3000 \SystemRoot\system32\drivers\drmk.sys
0x8F9D2000 \SystemRoot\system32\drivers\ks.sys
0x92FEC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92418000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FA06000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FA28000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FA40000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FA57000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FA6E000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x92FFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FA75000 \SystemRoot\system32\DRIVERS\NETGEARUHOST.sys
0x8FA7E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FA8C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FAD0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FAE1000 \SystemRoot\system32\DRIVERS\NETGEARUHUB.sys
0x95415000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x956B4000 \SystemRoot\system32\drivers\nvhda32v.sys
0x956C7000 \SystemRoot\system32\drivers\mfeavfk.sys
0x956EB000 \SystemRoot\system32\drivers\mfefirek.sys
0x820A0000 \SystemRoot\System32\win32k.sys
0x95736000 \SystemRoot\System32\drivers\Dxapi.sys
0x95740000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9574D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x95758000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95761000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x95772000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95789000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82300000 \SystemRoot\System32\TSDDD.dll
0x82330000 \SystemRoot\System32\cdd.dll
0x95794000 \SystemRoot\system32\drivers\luafv.sys
0x957AF000 \SystemRoot\system32\drivers\WudfPf.sys
0x957C9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8FAF0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x957D9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x957E9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8FB36000 \SystemRoot\system32\drivers\HTTP.sys
0x8FBBB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x95400000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8FBD4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x89800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8F800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8987B000 \??\C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
0x9F42A000 \SystemRoot\system32\drivers\peauth.sys
0x9F4C1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F4CB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9F4EC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F51D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F56C000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F5BD000 \SystemRoot\system32\drivers\cfwids.sys
0x9F5C9000 \SystemRoot\system32\drivers\mfeapfk.sys
0x9F5DF000 \SystemRoot\system32\drivers\mfebopk.sys
0x9F5EA000 \SystemRoot\system32\drivers\spsys.sys
0x779E0000 \Windows\System32\ntdll.dll
0x48050000 \Windows\System32\smss.exe
0x77C20000 \Windows\System32\apisetschema.dll
0x001A0000 \Windows\System32\autochk.exe
0x77B90000 \Windows\System32\comdlg32.dll
0x77940000 \Windows\System32\usp10.dll
0x778B0000 \Windows\System32\clbcatq.dll
0x77770000 \Windows\System32\urlmon.dll
0x776E0000 \Windows\System32\oleaut32.dll
0x77B70000 \Windows\System32\imm32.dll
0x77630000 \Windows\System32\msvcrt.dll
0x77B50000 \Windows\System32\sechost.dll
0x77530000 \Windows\System32\wininet.dll
0x77B40000 \Windows\System32\nsi.dll
0x77390000 \Windows\System32\setupapi.dll
0x772F0000 \Windows\System32\advapi32.dll
0x772A0000 \Windows\System32\gdi32.dll
0x77250000 \Windows\System32\Wldap32.dll
0x77B30000 \Windows\System32\normaliz.dll
0x77B20000 \Windows\System32\lpk.dll
0x771A0000 \Windows\System32\rpcrt4.dll
0x76550000 \Windows\System32\shell32.dll
0x763F0000 \Windows\System32\ole32.dll
0x763B0000 \Windows\System32\ws2_32.dll
0x762E0000 \Windows\System32\msctf.dll
0x76210000 \Windows\System32\user32.dll
0x76010000 \Windows\System32\iertutil.dll
0x76000000 \Windows\System32\psapi.dll
0x75FA0000 \Windows\System32\shlwapi.dll
0x75F40000 \Windows\System32\difxapi.dll
0x75E60000 \Windows\System32\kernel32.dll
0x75E30000 \Windows\System32\imagehlp.dll
0x75E00000 \Windows\System32\cfgmgr32.dll
0x75D70000 \Windows\System32\comctl32.dll
0x75D20000 \Windows\System32\KernelBase.dll
0x75CF0000 \Windows\System32\wintrust.dll
0x75CD0000 \Windows\System32\devobj.dll
0x75BB0000 \Windows\System32\crypt32.dll
0x75BA0000 \Windows\System32\msasn1.dll

Processes (total 67):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
504 csrss.exe
564 C:\Windows\System32\wininit.exe
576 csrss.exe
612 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\nvvsvc.exe
896 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\nvvsvc.exe
1364 C:\Windows\System32\svchost.exe
1492 C:\Windows\System32\spoolsv.exe
1556 C:\Windows\System32\svchost.exe
1612 C:\Windows\System32\taskhost.exe
1728 C:\Windows\System32\dwm.exe
1756 C:\Windows\explorer.exe
1840 C:\Windows\System32\taskeng.exe
1960 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
1976 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
1992 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
2008 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
308 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
340 C:\Program Files\Bonjour\mDNSResponder.exe
512 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
996 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1268 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
1296 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1924 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1856 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2040 C:\Windows\System32\rundll32.exe
1500 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2064 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
2236 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2268 C:\Program Files\McAfee.com\Agent\mcagent.exe
2284 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2316 C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
2356 C:\Windows\System32\Rezip.exe
2400 C:\Windows\System32\svchost.exe
2440 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2508 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2604 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2792 WmiPrvSE.exe
3120 C:\Windows\System32\svchost.exe
3388 C:\Windows\System32\SearchIndexer.exe
3532 C:\Windows\System32\svchost.exe
3684 C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
3796 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4052 C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
2364 C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
3900 C:\Windows\System32\SearchProtocolHost.exe
2616 C:\Program Files\Windows Media Player\wmpnetwk.exe
4148 C:\Program Files\iPod\bin\iPodService.exe
4788 WmiPrvSE.exe
2812 C:\Windows\System32\sppsvc.exe
3284 C:\Windows\System32\wuauclt.exe
3208 C:\Windows\System32\SearchFilterHost.exe
3920 C:\Users\Jenni\Desktop\MBRCheck.exe
3212 C:\Windows\System32\conhost.exe
1512 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000029`57a00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

[Broni]

Our fix didn't work.
We need to use different way....

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted run MBRCheck one more time and let me have the log produced.

 

[ozmuse]

Thanks - unfortunatley my netbook hasn't got a CD drive.

 

[ozmuse]

Just trying an external cd drive

 

[Broni]

OK ......

 

[ozmuse]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies Ltd.
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: N510
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 196):
0x83440000 \SystemRoot\system32\ntoskrnl.exe
0x83409000 \SystemRoot\system32\halmacpi.dll
0x80BCC000 \SystemRoot\system32\kdcom.dll
0x89020000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x89098000 \SystemRoot\system32\PSHED.dll
0x890A9000 \SystemRoot\system32\BOOTVID.dll
0x890B1000 \SystemRoot\system32\CLFS.SYS
0x890F3000 \SystemRoot\system32\CI.dll
0x8919E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8920F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8921D000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x89265000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8926E000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x89276000 \SystemRoot\system32\DRIVERS\pci.sys
0x892A0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x892AB000 \SystemRoot\System32\drivers\partmgr.sys
0x892BC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x892C4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x892CF000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x892DF000 \SystemRoot\System32\drivers\volmgrx.sys
0x8932A000 \SystemRoot\system32\DRIVERS\pciide.sys
0x89331000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8933F000 \SystemRoot\System32\drivers\mountmgr.sys
0x89355000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8935E000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x89381000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8938A000 \SystemRoot\system32\drivers\fltmgr.sys
0x893BE000 \SystemRoot\system32\drivers\fileinfo.sys
0x8942F000 \SystemRoot\system32\drivers\mfehidk.sys
0x8948C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x895BB000 \SystemRoot\System32\Drivers\msrpc.sys
0x895E6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x895F9000 \SystemRoot\System32\Drivers\cng.sys
0x89656000 \SystemRoot\System32\drivers\pcw.sys
0x89664000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8966D000 \SystemRoot\system32\drivers\ndis.sys
0x89724000 \SystemRoot\system32\drivers\NETIO.SYS
0x89762000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89787000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x897C6000 \SystemRoot\System32\Drivers\spldr.sys
0x897CE000 \SystemRoot\System32\drivers\rdyboost.sys
0x89400000 \SystemRoot\System32\Drivers\mup.sys
0x89410000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89813000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89845000 \SystemRoot\system32\DRIVERS\disk.sys
0x89856000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x898CC000 \SystemRoot\System32\Drivers\Null.SYS
0x898D3000 \SystemRoot\System32\Drivers\Beep.SYS
0x898DA000 \SystemRoot\System32\drivers\vga.sys
0x898E6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x89907000 \SystemRoot\System32\drivers\watchdog.sys
0x89914000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8991C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x89924000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8992C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x89937000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89945000 \SystemRoot\System32\drivers\tcpip.sys
0x89A8E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89ABF000 \SystemRoot\system32\drivers\mfewfpk.sys
0x89AE5000 \SystemRoot\system32\drivers\TDI.SYS
0x89AF0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89B07000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89B39000 \SystemRoot\system32\drivers\afd.sys
0x89B93000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x89B9A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x89BB9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x89BCA000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x89BD8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89BE6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x89800000 \SystemRoot\system32\DRIVERS\termdd.sys
0x898AD000 \??\C:\windows\system32\Drivers\SABI.sys
0x8F806000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F847000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F851000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F85B000 \SystemRoot\System32\drivers\discache.sys
0x8F867000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F87F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8F88D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F8AE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F8C0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F8D8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F90F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F911000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F91E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F92B000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8F934000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8F93E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F989000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F998000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9102E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9198D000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9198F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91A46000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91A7F000 \SystemRoot\system32\DRIVERS\rtl819xp.sys
0x91B12000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x91B1C000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x91B6C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x91B75000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91B79000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91B86000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x91BA5000 \SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
0x91BAF000 \SystemRoot\system32\drivers\portcls.sys
0x91BDE000 \SystemRoot\system32\drivers\drmk.sys
0x8F9B7000 \SystemRoot\system32\drivers\ks.sys
0x91000000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91012000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F9EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F9F6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FA18000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FA30000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FA47000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91BF7000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x91BFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FA5E000 \SystemRoot\system32\DRIVERS\NETGEARUHOST.sys
0x8FA67000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FA75000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FAB9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FACA000 \SystemRoot\system32\DRIVERS\NETGEARUHUB.sys
0x93411000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x936B0000 \SystemRoot\system32\drivers\nvhda32v.sys
0x936C3000 \SystemRoot\system32\drivers\mfeavfk.sys
0x936E7000 \SystemRoot\system32\drivers\mfefirek.sys
0x93732000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9373F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9374A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x93753000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93C00000 \SystemRoot\System32\win32k.sys
0x93764000 \SystemRoot\System32\drivers\Dxapi.sys
0x9376E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x93785000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x937A4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x937AA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x937C1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93E60000 \SystemRoot\System32\TSDDD.dll
0x93E90000 \SystemRoot\System32\cdd.dll
0x937CC000 \SystemRoot\system32\drivers\luafv.sys
0x8FAD9000 \SystemRoot\system32\drivers\WudfPf.sys
0x937E7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8FAF3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x93400000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8FB39000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8FB4C000 \SystemRoot\system32\drivers\HTTP.sys
0x8FBD1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8FBEA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8987B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C438000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C473000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C4A6000 \??\C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
0x9C4BE000 \SystemRoot\system32\drivers\peauth.sys
0x9C555000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9C55F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C580000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C58D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C5DC000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C651000 \SystemRoot\system32\drivers\cfwids.sys
0x9C65D000 \SystemRoot\system32\drivers\mfeapfk.sys
0x9C673000 \SystemRoot\system32\drivers\mfebopk.sys
0x77A40000 \Windows\System32\ntdll.dll
0x47FF0000 \Windows\System32\smss.exe
0x77C80000 \Windows\System32\apisetschema.dll
0x00B00000 \Windows\System32\autochk.exe
0x77C60000 \Windows\System32\normaliz.dll
0x77B90000 \Windows\System32\msctf.dll
0x77900000 \Windows\System32\urlmon.dll
0x778A0000 \Windows\System32\difxapi.dll
0x77840000 \Windows\System32\shlwapi.dll
0x776E0000 \Windows\System32\ole32.dll
0x776C0000 \Windows\System32\sechost.dll
0x77620000 \Windows\System32\advapi32.dll
0x775F0000 \Windows\System32\imagehlp.dll
0x77510000 \Windows\System32\kernel32.dll
0x77460000 \Windows\System32\msvcrt.dll
0x77B80000 \Windows\System32\nsi.dll
0x77360000 \Windows\System32\wininet.dll
0x77350000 \Windows\System32\lpk.dll
0x772B0000 \Windows\System32\usp10.dll
0x77260000 \Windows\System32\gdi32.dll
0x771B0000 \Windows\System32\rpcrt4.dll
0x77160000 \Windows\System32\Wldap32.dll
0x76F60000 \Windows\System32\iertutil.dll
0x76F20000 \Windows\System32\ws2_32.dll
0x76F10000 \Windows\System32\psapi.dll
0x76D70000 \Windows\System32\setupapi.dll
0x76CA0000 \Windows\System32\user32.dll
0x76050000 \Windows\System32\shell32.dll
0x76030000 \Windows\System32\imm32.dll
0x75FA0000 \Windows\System32\oleaut32.dll
0x75F10000 \Windows\System32\clbcatq.dll
0x75E90000 \Windows\System32\comdlg32.dll
0x75E60000 \Windows\System32\wintrust.dll
0x75E30000 \Windows\System32\cfgmgr32.dll
0x75E10000 \Windows\System32\devobj.dll
0x75CF0000 \Windows\System32\crypt32.dll
0x75C60000 \Windows\System32\comctl32.dll
0x75C10000 \Windows\System32\KernelBase.dll
0x75C00000 \Windows\System32\msasn1.dll

Processes (total 67):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
508 csrss.exe
560 C:\Windows\System32\wininit.exe
576 csrss.exe
620 C:\Windows\System32\services.exe
628 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\winlogon.exe
836 C:\Windows\System32\nvvsvc.exe
888 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\audiodg.exe
1204 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\nvvsvc.exe
1352 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\spoolsv.exe
1560 C:\Windows\System32\svchost.exe
1596 C:\Windows\System32\taskhost.exe
1748 C:\Windows\System32\dwm.exe
1788 C:\Windows\explorer.exe
1848 C:\Windows\System32\taskeng.exe
1944 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
1964 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
1976 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
2000 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
260 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
324 C:\Program Files\Bonjour\mDNSResponder.exe
344 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
976 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1492 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1760 C:\Windows\System32\rundll32.exe
1840 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
1992 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
1460 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
316 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2124 C:\Program Files\iTunes\iTunesHelper.exe
2148 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2256 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2280 C:\Program Files\McAfee.com\Agent\mcagent.exe
2296 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2332 C:\Windows\System32\Rezip.exe
2360 C:\Windows\System32\svchost.exe
2420 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2456 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
2524 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2744 WmiPrvSE.exe
2756 C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
3084 C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
3104 C:\Windows\System32\svchost.exe
3288 C:\Windows\System32\svchost.exe
3388 C:\Windows\System32\svchost.exe
3648 C:\Program Files\iPod\bin\iPodService.exe
3864 C:\Windows\System32\SearchIndexer.exe
4012 C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
4076 C:\Windows\System32\SearchProtocolHost.exe
2072 C:\Windows\System32\SearchFilterHost.exe
692 C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
856 C:\Program Files\Windows Media Player\wmpnetwk.exe
2268 WmiPrvSE.exe
4272 C:\Users\Jenni\Desktop\MBRCheck.exe
4288 C:\Windows\System32\conhost.exe
4320 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000029`57a00000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

 

[Broni]

Looks good
Good job

Now, disable McAfee before even attempting to download Combofix and go for Combofix scan.

 

[ozmuse]

Hi did Combofix scan - during the process a window popped up said PEV.exe has stopped working - but the scan completed and below is the log:

ComboFix 10-08-27.03 - Jenni 29/08/2010 10:19:01.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1790.1041 [GMT 10:00]
Running from: c:\users\Jenni\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\FullRemove.exe
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Thumbs.db
c:\windows\SEC\Wallpapers\Thumbs.db
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-29 00:40 . 2010-08-29 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-29 00:14 . 2010-08-29 00:15 -------- d-----w- C:\32788R22FWJFW
2010-08-26 13:25 . 2010-08-26 13:25 -------- d-----w- c:\users\Jenni\AppData\Roaming\Malwarebytes
2010-08-26 13:24 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 13:24 . 2010-08-26 13:24 -------- d-----w- c:\programdata\Malwarebytes
2010-08-26 13:24 . 2010-08-26 13:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-26 13:24 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 09:24 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-20 13:50 . 2010-05-31 10:32 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-20 13:49 . 2010-05-31 10:32 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-20 13:49 . 2010-05-31 10:32 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-20 13:49 . 2010-05-31 10:32 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-20 13:49 . 2010-05-31 10:32 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-20 13:49 . 2010-05-31 10:32 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-20 13:49 . 2010-05-31 10:32 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-12 22:06 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-03 12:16 . 2010-08-03 12:16 -------- d-----w- c:\users\Jenni\AppData\Local\assembly
2010-08-03 12:12 . 2010-08-03 12:12 -------- d-----w- c:\programdata\TechSmith
2010-08-03 12:12 . 2010-08-03 12:12 -------- d-----w- c:\users\Jenni\AppData\Local\TechSmith
2010-08-03 12:12 . 2010-08-03 12:12 -------- d-----w- c:\program files\TechSmith
2010-08-01 05:39 . 2010-08-01 05:40 -------- d-----w- c:\program files\etax2010
2010-07-31 11:33 . 2010-07-31 11:33 -------- d-----w- C:\etax2009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 13:41 . 2010-02-20 11:16 -------- d-----w- c:\program files\Nero
2010-08-21 22:16 . 2009-09-22 09:53 -------- d-----w- c:\program files\McAfee.com
2010-08-20 22:08 . 2009-09-22 09:53 -------- d-----w- c:\program files\McAfee
2010-08-20 22:07 . 2009-09-22 09:55 -------- d-----w- c:\program files\Common Files\McAfee
2010-08-13 13:28 . 2009-09-22 10:17 -------- d-----w- c:\programdata\Microsoft Help
2010-08-10 16:31 . 2009-09-22 09:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-29 06:30 . 2010-08-12 22:05 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 22:05 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-24 07:20 . 2010-07-24 07:20 -------- d-----w- c:\program files\Common Files\Java
2010-07-24 07:17 . 2009-12-08 12:52 -------- d-----w- c:\program files\Java
2010-07-10 05:39 . 2010-07-10 00:25 -------- d-----w- c:\program files\iTunes
2010-07-10 05:39 . 2010-07-10 00:04 -------- d-----w- c:\program files\iPod
2010-07-10 05:39 . 2010-02-03 11:39 -------- d-----w- c:\program files\Common Files\Apple
2010-07-10 00:14 . 2010-02-03 11:49 -------- d-----w- c:\users\Jenni\AppData\Roaming\Apple Computer
2010-07-10 00:04 . 2010-07-10 00:04 -------- d-----w- c:\program files\CD Configuration
2010-07-09 23:59 . 2010-07-09 23:57 -------- d-----w- c:\program files\QuickTime
2010-07-09 23:54 . 2010-07-09 23:54 -------- d-----w- c:\program files\Apple Software Update
2010-07-09 23:51 . 2010-07-09 23:51 -------- d-----w- c:\program files\Bonjour
2010-07-09 23:50 . 2009-09-22 10:20 -------- d-----w- c:\program files\Microsoft.NET
2010-06-30 06:25 . 2010-08-12 22:05 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-12 22:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 22:05 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 22:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-21 18:36 . 2010-04-28 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-19 06:33 . 2010-08-12 22:05 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 22:05 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 22:05 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 22:05 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-12 22:05 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-15 10:01 . 2010-06-15 10:01 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe
2010-06-08 06:02 . 2010-08-12 22:05 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-31 10:32 . 2009-09-22 09:58 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-05-31 10:32 . 2009-09-22 09:58 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-05-31 10:32 . 2009-09-22 09:58 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-31 10:32 . 2010-08-20 13:50 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-09 13797920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Jenni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-02 18:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-23 17:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-17 16:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2009-05-19 07:39 136544 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 06:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2009-04-15 14:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 12:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2009-04-15 14:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-22 10:46 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-02-25 03:40 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
R3 NETGEARUCOMP;NETGEAR Network USB Composite Device;c:\windows\system32\DRIVERS\NETGEARUCOMP.sys [2007-03-08 14336]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-07 1343400]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [2009-08-10 78360]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-05-31 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
S3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\DRIVERS\NETGEARUHOST.sys [2007-03-08 13824]
S3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\DRIVERS\NETGEARUHUB.sys [2007-03-08 35840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
S3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-06-23 538624]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-08-31 25704]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-06-15 313856]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/ig?hl=en&source=iglk
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jenni\AppData\Roaming\Mozilla\Firefox\Profiles\2hxks07h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Citrix\Access Gateway\npcagse.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Jenni\AppData\Roaming\Mozilla\plugins\npatgpc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-08-29 10:47:56
ComboFix-quarantined-files.txt 2010-08-29 00:47

Pre-Run: 94,771,027,968 bytes free
Post-Run: 95,405,305,856 bytes free

- - End Of File - - 275C184F1BFD1668973D8F520D6D66C9

 

[Broni]

Looks good

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[ozmuse]

hi - olt txt file is too big and I can't see an attach option

 

[ozmuse]

OLT attachments

Changed from quick reply adn found the attachments option - sorry - still finding my way

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  @Alternate Data Stream - 143 bytes -> C:\Users\Jenni\AppData\Roaming\default.rss:OECustomProperty
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

========================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

• Disable your active antivirus program.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[ozmuse]

Results of OTL:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\Users\Jenni\AppData\Roaming\default.rss:OECustomProperty deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jenni
->Temp folder emptied: 20120 bytes
->Temporary Internet Files folder emptied: 269716 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49263180 bytes
->Flash cache emptied: 1048 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1941439 bytes

Total Files Cleaned = 49.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jenni
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 08292010_121345

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

Go on...........