Iexplorer process ,google redirect, &explorer crashes

[screen317]

Hi,

Do the following:

1. Click on the Start button and then choose Control Panel.
   
2. Click on the System and Security link.
   Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
   
3. In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
   
4. In the Administrative Tools window, double-click on the Computer Management icon.
   
5. When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.
   After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.
   Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

[Rolandz]

aye aye

im getting redirects on this website only when i click next page or so no redirects for google tho only way i can get to this thread is through my profile

[screen317]

Hi,

Okay that looks fine.

Update MBAM, run a Quick Scan, and post its log. Grab a fresh copy of ComboFix, run it, and post its log.

[Rolandz]

aye aye the combo fix log was too long for the post 2nd time now have to attach :/

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.30.01

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Roland :: ROLAND714 [administrator]

12/30/2011 12:24:43 AM

mbam-log-2011-12-30 (00-24-43).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 241988

Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ComboFIX_LOG.txt

[screen317]

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

[Rolandz]

ooo snap my bad here

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=eb7a94c27590d8428819fc08fc972c63

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-03 05:15:50

# local_time=2012-01-03 12:15:50 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5893 16776574 66 94 9345791 77126401 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=1042341

# found=0

# cleaned=0

# scan_time=27999

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=eb7a94c27590d8428819fc08fc972c63

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-04 11:29:28

# local_time=2012-01-04 06:29:28 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5893 16776574 66 94 9465421 77246031 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=1035369

# found=0

# cleaned=0

# scan_time=17186

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Java 6 Update 29

Java 7 Update 1

Java version out of date!

Adobe Reader X (10.1.1)

Mozilla Firefox 8.0.1 Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

ESET ESET Online Scanner OnlineScannerApp.exe

``````````End of Log````````````

[screen317]

Hi,

My apologies for the delay. Not sure how your topic was lost.

Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.
  

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

ESET Online Scanner v3

Spybot - Search & Destroy (If you don't update and use it often)

Java™ 6 Update 29

Java™ 7 Update 1

Restart your computer.

Get the latest version of Java.

Also update Firefox-- ensure that you are using version 9.

Let me know what issues remain.

[Rolandz]

alright done though im still getting redirect inside websites even youtube its a rare occurance though and never happens on google

[screen317]

Can you post a screenshot of what it looks like when it happens?

[Rolandz]

oo alright here

[screen317]

Hi,

Do the redirects only occur from FacePunch?

Grab a fresh copy of ComboFix, run it, and post its log.

Download and run this tool; post its log:

http://security-x.fr/tools/download.php?f=MbrScan.exe

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

• Click the "Scan" button to start scan.
  
• Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  
• Please post the contents of that log in your next reply.
  

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

[Rolandz]

ooo na everywebsite except search websites i even got one off bleepingcomputer

ComboFix 12-01-23.02 - Roland 01/25/2012 2:04.11.8 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1378 [GMT -5:00]

Running from: c:\users\Roland\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))

.

.

2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\Parker\AppData\Local\temp

2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\Parker.Roland714\AppData\Local\temp

2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-25 07:23 . 2012-01-25 07:23 -------- d-----w- c:\users\AppData\AppData\Local\temp

2012-01-16 09:14 . 2012-01-24 20:04 25640 ----a-w- c:\windows\gdrv.sys

2012-01-16 02:53 . 2012-01-16 02:54 -------- d-----w- c:\programdata\WeCareReminder

2012-01-16 02:52 . 2012-01-16 02:52 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-01-16 02:51 . 2012-01-16 02:52 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2012-01-08 18:06 . 2012-01-08 18:06 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-08 18:06 . 2012-01-08 18:06 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-08 18:06 . 2012-01-08 18:06 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-08 18:06 . 2012-01-08 18:06 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2011-12-28 21:22 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-28 12:42 . 2011-12-28 12:42 -------- d-----w- c:\users\Parker.Roland714\AppData\Roaming\DAEMON Tools Lite

2011-12-28 05:03 . 2012-01-16 02:52 -------- d-----w- c:\users\Roland\AppData\Roaming\OpenCandy

2011-12-28 04:59 . 2011-12-28 05:03 530488 ----a-w- c:\windows\system32\drivers\sptd.sys

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

2011-12-27 10:22 . 2011-12-27 10:22 159744 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

2011-12-27 10:21 . 2011-12-27 10:22 -------- d-----w- c:\program files (x86)\QuickTime

2011-12-26 20:38 . 2011-12-26 20:38 -------- d-----w- C:\Down

2011-12-26 20:38 . 2011-12-26 20:38 -------- d-----w- C:\Perfect World Entertainment

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-24 20:04 . 2011-01-30 01:34 30528 ----a-w- c:\windows\GVTDrv64.sys

2012-01-02 19:43 . 2011-07-11 14:12 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-01-02 19:43 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-12-20 09:24 . 2011-12-10 07:03 627600 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-13 14:14 . 2011-12-11 19:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-11 19:40 . 2011-01-30 22:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-11-25 22:53 . 2011-07-11 13:56 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-11-24 05:00 . 2011-12-18 13:09 3141632 ----a-w- c:\windows\system32\win32k.sys

2011-11-05 05:17 . 2011-12-18 13:06 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:30 . 2011-12-18 13:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-04 01:53 . 2011-12-19 08:15 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-11-04 01:44 . 2011-12-19 08:15 1390080 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 01:44 . 2011-12-19 08:15 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 01:34 . 2011-12-19 08:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-03 22:47 . 2011-12-19 08:15 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-11-03 22:40 . 2011-12-19 08:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-11-03 22:39 . 2011-12-19 08:15 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-03 22:31 . 2011-12-19 08:15 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"Akamai NetSession Interface"="c:\users\Roland\AppData\Local\Akamai\netsession_win.exe" [2011-12-23 3334432]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2010-06-16 86016]

R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]

R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]

R3 dump_wmimmc;dump_wmimmc;c:\gpotato\Rappelz\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-05-19 25640]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-19 1431888]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-01-24 30528]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 X6va005;X6va005;c:\users\Roland\AppData\Local\Temp\0058E19.tmp [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 3d-io License Server v2.0;3d-io License Server v2.0;c:\program files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [2009-12-15 34816]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-18 68136]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-14 114688]

S3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = 127.0.0.1:9421

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 10.1.10.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\Roland\AppData\Roaming\Mozilla\Firefox\Profiles\onhgmeao.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15784

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ytff-devicevm&type=IEBD&p=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Blender - c:\program files (x86)\Blender Foundation\Blender\uninstall.exe

AddRemove-L4D2SP - c:\users\Roland\Downloads\Left 4 Dead 2 V2.0.2.7 Full-Rip {blaze69}\Uninstall SP.exe

AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\3.1.1.6\InstWrap.exe

AddRemove-Oblivion mod manager_is1 - c:\program files (x86)\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

AddRemove-SystemRequirementsLab - c:\program files (x86)\SystemRequirementsLab\Uninstall.exe

AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}

AddRemove-{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1 - c:\gpotato\Rappelz\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Roland\AppData\Local\Temp\0058E19.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2750241520-802747955-1049020851-1000\Software\SecuROM\License information*]

"datasecu"=hex:5f,73,18,50,7e,57,0d,84,32,1e,ab,a2,a5,3d,18,4b,4a,2f,fc,a8,c8,

4d,9c,ba,c3,a1,ff,df,30,3e,9c,87,cc,74,5b,6a,20,04,91,a4,c9,37,d0,c9,af,f7,\

"rkeysecu"=hex:e0,1a,df,22,d1,cd,73,a1,ec,fa,ae,e8,67,d1,90,4d

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]

@=hex:b1,5d,8e,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]

@=hex:f3,d4,a9,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]

@=hex:ab,94,9c,5f,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]

@=hex:d5,9d,ba,62,5e,fa,cb,01

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-01-25 02:30:27

ComboFix-quarantined-files.txt 2012-01-25 07:30

ComboFix2.txt 2012-01-15 19:18

.

Pre-Run: 200,636,526,592 bytes free

Post-Run: 200,756,965,376 bytes free

.

- - End Of File - - F521345DED4013A20A855A1FFF881CF3

[Rolandz]

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software

Run date: 2012-01-25 02:59:23

-----------------------------

02:59:23.181 OS Version: Windows x64 6.1.7600

02:59:23.181 Number of processors: 8 586 0x1A05

02:59:23.181 ComputerName: ROLAND714 UserName: Roland

02:59:25.410 Initialize success

02:59:33.696 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

02:59:33.697 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3

02:59:33.709 Disk 0 MBR read successfully

02:59:33.710 Disk 0 MBR scan

02:59:33.712 Disk 0 Windows 7 default MBR code

02:59:33.715 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048

02:59:33.718 Service scanning

02:59:34.793 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

02:59:35.352 Modules scanning

02:59:35.354 Disk 0 trace - called modules:

02:59:35.373 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80044052c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

02:59:35.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004788060]

02:59:35.378 3 CLASSPNP.SYS[fffff88001a1a43f] -> nt!IofCallDriver -> [0xfffffa80044f99b0]

02:59:35.380 5 ACPI.sys[fffff88000efe781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004522060]

02:59:35.384 \Driver\atapi[0xfffffa80044f7cb0] -> IRP_MJ_CREATE -> 0xfffffa80044052c0

02:59:35.387 Scan finished successfully

02:59:48.537 Disk 0 MBR has been saved successfully to "C:\Users\Roland\Desktop\Avlogs\MBR.dat"

02:59:48.542 The log file has been saved successfully to "C:\Users\Roland\Desktop\Avlogs\aswMBR.txt"

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Gigabyte Technology Co., Ltd.

BIOS Manufacturer: Award Software International, Inc.

System Manufacturer: Gigabyte Technology Co., Ltd.

System Product Name: X58-USB3

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 194):

0x03012000 \SystemRoot\system32\ntoskrnl.exe

0x035EE000 \SystemRoot\system32\hal.dll

0x00BBE000 \SystemRoot\system32\kdcom.dll

0x00C65000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CA9000 \SystemRoot\system32\PSHED.dll

0x00CBD000 \SystemRoot\system32\CLFS.SYS

0x00D1B000 \SystemRoot\system32\CI.dll

0x00E40000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EE4000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x0104D000 \SystemRoot\System32\Drivers\sptd.sys

0x00EF3000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x011B4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x011BD000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x011C7000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x01000000 \SystemRoot\system32\DRIVERS\pci.sys

0x01033000 \SystemRoot\System32\drivers\partmgr.sys

0x011D4000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00F4A000 \SystemRoot\System32\drivers\volmgrx.sys

0x011E9000 \SystemRoot\system32\DRIVERS\pciide.sys

0x011F0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00FA6000 \SystemRoot\System32\drivers\mountmgr.sys

0x00FC0000 \SystemRoot\system32\DRIVERS\atapi.sys

0x00FC9000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x00FF3000 \SystemRoot\system32\drivers\amdxata.sys

0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys

0x00E00000 \SystemRoot\system32\drivers\fileinfo.sys

0x0122F000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01492000 \SystemRoot\System32\Drivers\msrpc.sys

0x014F0000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0150A000 \SystemRoot\System32\Drivers\cng.sys

0x0157D000 \SystemRoot\System32\drivers\pcw.sys

0x0158E000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x016D0000 \SystemRoot\system32\drivers\ndis.sys

0x01600000 \SystemRoot\system32\drivers\NETIO.SYS

0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01802000 \SystemRoot\System32\drivers\tcpip.sys

0x01598000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x0168B000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x0169B000 \SystemRoot\System32\Drivers\spldr.sys

0x017C2000 \SystemRoot\System32\drivers\rdyboost.sys

0x016A3000 \SystemRoot\System32\Drivers\mup.sys

0x016B5000 \SystemRoot\System32\drivers\hwpolicy.sys

0x0144C000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x015E2000 \SystemRoot\system32\DRIVERS\disk.sys

0x01A19000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01A7F000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys

0x01AC7000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x01AF1000 \SystemRoot\System32\Drivers\Null.SYS

0x01AFA000 \SystemRoot\System32\Drivers\Beep.SYS

0x01B01000 \SystemRoot\System32\drivers\vga.sys

0x01B0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x01B34000 \SystemRoot\System32\drivers\watchdog.sys

0x01B44000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x01B4D000 \SystemRoot\system32\drivers\rdpencdd.sys

0x01B56000 \SystemRoot\system32\drivers\rdprefmp.sys

0x01B5F000 \SystemRoot\System32\Drivers\Msfs.SYS

0x01B6A000 \SystemRoot\System32\Drivers\Npfs.SYS

0x01B7B000 \SystemRoot\system32\DRIVERS\tdx.sys

0x01B99000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x01BA6000 \SystemRoot\System32\DRIVERS\netbt.sys

0x06AF5000 \SystemRoot\system32\drivers\afd.sys

0x06B7E000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x06B89000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x06B92000 \SystemRoot\system32\DRIVERS\pacer.sys

0x06BB8000 \SystemRoot\system32\DRIVERS\netbios.sys

0x06BC7000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x06BE2000 \SystemRoot\system32\DRIVERS\termdd.sys

0x06A00000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x06A51000 \SystemRoot\system32\drivers\nsiproxy.sys

0x06A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x06A68000 \SystemRoot\System32\drivers\discache.sys

0x06CAC000 \SystemRoot\system32\drivers\csc.sys

0x06D2F000 \SystemRoot\System32\Drivers\dfsc.sys

0x06D4D000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x06D5E000 \SystemRoot\system32\DRIVERS\AppleCharger.sys

0x06D66000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x06D8C000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x06DA2000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys

0x06DD3000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x100B4000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x10D18000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x06E1E000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x06F12000 \SystemRoot\System32\drivers\dxgmms1.sys

0x06F58000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x06F65000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x06FBB000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x06FCC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x10D1A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x06FF0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x10D9E000 \SystemRoot\System32\Drivers\ajhqqxm9.SYS

0x10000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS

0x06E00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x06E09000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x1002F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x10045000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x10069000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x10075000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x06DD5000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x06C00000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x06C21000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x100A4000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x10DED000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x06C3B000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x06E19000 \SystemRoot\system32\DRIVERS\swenum.sys

0x06C4A000 \SystemRoot\system32\DRIVERS\ks.sys

0x100AF000 \SystemRoot\system32\drivers\WmBEnum.sys

0x06C8D000 \SystemRoot\system32\drivers\WmXlCore.sys

0x06A77000 \SystemRoot\system32\DRIVERS\umbus.sys

0x06A89000 \SystemRoot\system32\DRIVERS\nusb3hub.sys

0x074A2000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x074FC000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x08656000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x08942000 \SystemRoot\system32\drivers\portcls.sys

0x0897F000 \SystemRoot\system32\drivers\drmk.sys

0x089A1000 \SystemRoot\system32\drivers\ksthunk.sys

0x000D0000 \SystemRoot\System32\win32k.sys

0x089A7000 \SystemRoot\System32\drivers\Dxapi.sys

0x089B3000 \SystemRoot\System32\Drivers\crashdmp.sys

0x089C1000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x089CD000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x089D6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x0862B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x08644000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x089E9000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x07511000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x00520000 \SystemRoot\System32\TSDDD.dll

0x007D0000 \SystemRoot\System32\cdd.dll

0x0752C000 \SystemRoot\system32\drivers\luafv.sys

0x0754F000 \SystemRoot\system32\drivers\WudfPf.sys

0x07570000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x07585000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x02886000 \SystemRoot\system32\drivers\HTTP.sys

0x0294E000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0296C000 \SystemRoot\System32\drivers\mpsdrv.sys

0x02984000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x029B1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x02800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x048B3000 \SystemRoot\system32\drivers\peauth.sys

0x04959000 \SystemRoot\System32\Drivers\secdrv.SYS

0x04964000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x04991000 \SystemRoot\System32\drivers\tcpipreg.sys

0x04800000 \SystemRoot\System32\DRIVERS\srv2.sys

0x07400000 \SystemRoot\System32\DRIVERS\srv.sys

0x04867000 \??\C:\Windows\gdrv.sys

0x04870000 \SystemRoot\system32\drivers\WmVirHid.sys

0x049A3000 \SystemRoot\system32\DRIVERS\udfs.sys

0x0487D000 \??\C:\Windows\system32\drivers\mbam.sys

0x04887000 \SystemRoot\system32\DRIVERS\monitor.sys

0x04895000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x02823000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x02831000 \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys

0x049F7000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

0x0283C000 \??\C:\Users\Roland\AppData\Local\Temp\aswMBR.sys

0x773F0000 \Windows\System32\ntdll.dll

0x47E60000 \Windows\System32\smss.exe

0xFF710000 \Windows\System32\apisetschema.dll

0xFF7D0000 \Windows\System32\autochk.exe

0xFF6B0000 \Windows\System32\Wldap32.dll

0xFF610000 \Windows\System32\clbcatq.dll

0xFF4E0000 \Windows\System32\rpcrt4.dll

0x775C0000 \Windows\System32\psapi.dll

0xFF410000 \Windows\System32\usp10.dll

0xFE680000 \Windows\System32\shell32.dll

0xFE5E0000 \Windows\System32\msvcrt.dll

0xFE570000 \Windows\System32\gdi32.dll

0x775B0000 \Windows\System32\normaliz.dll

0xFE4D0000 \Windows\System32\comdlg32.dll

0xFE2C0000 \Windows\System32\ole32.dll

0x771E0000 \Windows\System32\iertutil.dll

0xFE240000 \Windows\System32\shlwapi.dll

0xFE1C0000 \Windows\System32\difxapi.dll

0xFE0B0000 \Windows\System32\msctf.dll

0xFDFD0000 \Windows\System32\advapi32.dll

0x77080000 \Windows\System32\wininet.dll

0xFDEF0000 \Windows\System32\oleaut32.dll

0xFDD10000 \Windows\System32\setupapi.dll

0xFDCF0000 \Windows\System32\imagehlp.dll

0x76F60000 \Windows\System32\kernel32.dll

0x76E10000 \Windows\System32\urlmon.dll

0xFDCC0000 \Windows\System32\imm32.dll

0xFDC70000 \Windows\System32\ws2_32.dll

0xFDC50000 \Windows\System32\sechost.dll

0xFDC40000 \Windows\System32\lpk.dll

0x76D10000 \Windows\System32\user32.dll

0xFDC30000 \Windows\System32\nsi.dll

0xFDC10000 \Windows\System32\devobj.dll

0xFDAA0000 \Windows\System32\crypt32.dll

0xFDA30000 \Windows\System32\KernelBase.dll

0xFD9F0000 \Windows\System32\cfgmgr32.dll

0xFD950000 \Windows\System32\comctl32.dll

0xFD910000 \Windows\System32\wintrust.dll

0xFD900000 \Windows\System32\msasn1.dll

0x765E0000 \Windows\SysWOW64\normaliz.dll

Processes (total 66):

0 System Idle Process

4 System

320 C:\Windows\System32\smss.exe

456 csrss.exe

532 C:\Windows\System32\wininit.exe

556 csrss.exe

596 C:\Windows\System32\services.exe

616 C:\Windows\System32\lsass.exe

624 C:\Windows\System32\lsm.exe

736 C:\Windows\System32\winlogon.exe

768 C:\Windows\System32\svchost.exe

828 C:\Windows\System32\nvvsvc.exe

868 C:\Windows\System32\svchost.exe

952 C:\Windows\System32\svchost.exe

1000 C:\Windows\System32\svchost.exe

152 C:\Windows\System32\svchost.exe

1032 C:\Windows\System32\svchost.exe

1144 C:\Windows\System32\svchost.exe

1312 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

1324 C:\Windows\System32\nvvsvc.exe

1392 C:\Windows\System32\spoolsv.exe

1460 C:\Windows\System32\svchost.exe

1572 C:\Program Files (x86)\3d-io plugins\licensing_v2\ActiveLockServerV2.exe

1692 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1736 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1788 C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

1824 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

1844 C:\Program Files\Bonjour\mDNSResponder.exe

1880 C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

1976 C:\Windows\System32\taskhost.exe

2028 C:\Windows\System32\dwm.exe

1112 C:\Windows\explorer.exe

1504 C:\Windows\SysWOW64\PnkBstrA.exe

1508 C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe

2072 C:\Windows\System32\svchost.exe

2220 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2372 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

3020 C:\Windows\System32\svchost.exe

2188 C:\Program Files\Logitech\Gaming Software\LWEMon.exe

3060 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

2204 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

3236 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

3440 C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

3448 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

3484 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

3716 C:\Windows\System32\svchost.exe

3892 C:\Program Files\iPod\bin\iPodService.exe

3356 WmiPrvSE.exe

3376 C:\Windows\System32\SearchIndexer.exe

3520 C:\Program Files (x86)\Steam\Steam.exe

3160 C:\Windows\System32\SearchProtocolHost.exe

1964 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

3360 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

3792 C:\Windows\System32\wuauclt.exe

2228 C:\Windows\System32\audiodg.exe

4680 C:\Windows\SysWOW64\svchost.exe

3804 C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe

2760 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

2576 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

3860 C:\Windows\System32\SearchFilterHost.exe

4280 C:\Windows\System32\taskeng.exe

4056 C:\Windows\System32\VSSVC.exe

3888 C:\Windows\System32\svchost.exe

1856 C:\Users\Roland\Desktop\MBRCheck.exe

348 C:\Windows\System32\conhost.exe

3760 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST31000528AS, Rev: CC3E

Size Device Name MBR Status

--------------------------------------------

931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

MBRScan v1.0.7

OS			 : Windows 7  (64 bit)
PROCESSOR	  : Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
BOOT		   : Normal Boot
DATE		   : 2012/01/25 (ISO 8601) at 02:58:58
________________________________________________________________________________

DISK		   : Device\Harddisk0\DR0 __ST31000528AS (CC3E)
BUS_TYPE	   : (0x03)  P-ATA
USE_PIO	    : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0    931.5 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : 3052532B4C38CBAF3FF716E7245E46D6
MBR_SHA1  : 545BE0FEA527CD2B8F103EE0F220F46DA1D3EE1E

Device\Harddisk0\Partition1    931.5 Go      0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________


_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..Ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².Ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2Ä.V.Í.]Ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°ñÆd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßÆ`è|.°.Ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.Ë..¶.Ë..µ.2Ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....Ь<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ËòôËý+ÉÄdË.$.ÀØ
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 72 81 D3 0B 00 00 80 20   em...c{.r.ó....
0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 58 70 74 00 00   !..þ.......Xpt..
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

[Rolandz]

oo forgot zip

MBR.rar

[Rolandz]

oo hey screen ive notice i been getting this error im not sure if its related to using combofix but i remember it did disable my autorun too i cant seem to uninstall certain programs or install a program

here a pic of me trying to uninstall smart6 and trying to install oblivion i get the same error in the detail

[screen317]

Hi,

I apologize for the delay.

I see a lot of corruption present, and you are seeing it with the things you are trying to (un)install. ComboFix wouldn't cause anything like that.

Do you have your Windows CD?

[Rolandz]

oo ya

[screen317]

At this point I suggest backing up your data, then formatting your hard drive and reinstalling Windows. Is this something you think you can do?

[Rolandz]

mmm i guess i have no choice but after all these months lol alright thanks again for everything and helping me for so long

[screen317]

Thanks for letting me know.

Here is my standard speech to prevent these issues in the future, after you format:

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) It is imperative that you have an antivirus. You are basically asking for infection without one.

All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials

AntiVir

avast!.

2) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

3) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

6) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
  
• Yellow for caution
  
• Red to stop
  

WOT has an addon available for both Firefox and IE.

7) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!