Get-Answers-Fast Virus..

[brisk]

yes, i did. it found 2 viruses

and im visiting http://dailyprize-winners.com/usa1008-/DailyWinner/?sub1=q3&sub2=9922&sub3=1221167754

http://infomash.org

get-answers-fast.com

@_@

[LDTate]

My MBAM Pro blocks IP's to this site: http://dailyprize-wi...sub3=1221167754

[LDTate]

178.238.233.51

Germany Giga-hosting

City: Amsterdam

StateProv:

PostalCode: 1001EB

Country: NL

[brisk]

So, I did a full scan with malware bytes, super anti-spyware, and avast anti-virus.

there were no detections, yet the redirect virus still have not gone away.

What do I do now?

[LDTate]

Report the issue to that website or don't visit that site again

[brisk]

well i can't help it, it redirects my search engine there =\

[LDTate]

well i can't help it, it redirects my search engine there =\

Once we fix it again, don't go to that website.

Run a new MBAM scan followed by a new Combofix scan

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[LDTate]

Logs will be closed if you haven't replied within 3 days

[brisk]

ComboFix Scan:

ComboFix 11-12-27.01 - Jiahe 7/2011 Tue 16:46:57.4.2 - x64

Microsoft Windows 7 Ultimate N 6.1.7600.0.936.86.1033.18.6143.3901 [GMT -8:00]

执行位置: c:\users\Jiahe\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* 成功创造新还原点

.

Error: Cfiles.dat

.

((((((((((((((((((((((((( 2011-11-28 至 2011-12-28 的新的档案 )))))))))))))))))))))))))))))))

.

.

2011-12-28 01:38 . 2011-12-28 01:38 -------- d-----w- c:\users\Xiujuan\AppData\Local\temp

2011-12-28 01:38 . 2011-12-28 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-27 23:47 . 2011-12-27 23:49 -------- d-----w- C:\MGADiagToolOutput

2011-12-26 21:39 . 2011-12-26 21:39 -------- d-----w- c:\programdata\Office Genuine Advantage

2011-12-26 05:25 . 2011-12-26 05:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-12-26 05:25 . 2011-12-26 05:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-12-23 01:28 . 2011-12-23 01:28 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2011-12-21 02:14 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-12-21 02:14 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-12-21 02:14 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-12-21 02:14 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-12-21 02:14 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-12-21 02:14 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-12-21 02:14 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-12-21 02:14 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2011-12-21 02:14 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-12-21 02:13 . 2011-12-21 02:13 -------- d-----w- c:\programdata\AVAST Software

2011-12-21 02:13 . 2011-12-21 02:13 -------- d-----w- c:\program files\AVAST Software

2011-12-20 01:42 . 2011-12-20 01:42 -------- d-----w- c:\program files (x86)\ESET

2011-12-19 18:46 . 2011-12-27 21:01 4480 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2011-12-15 00:21 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 00:21 . 2011-11-05 05:26 1197568 ----a-w- c:\windows\system32\wininet.dll

2011-12-15 00:21 . 2011-11-05 04:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-12-15 00:21 . 2011-11-05 05:28 696600 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2011-12-15 00:21 . 2011-11-05 04:38 673048 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe

2011-12-15 00:21 . 2011-11-05 04:33 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2011-12-07 05:00 . 2011-12-07 05:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-07 04:59 . 2011-12-07 04:59 -------- d-----w- c:\windows\system32\Macromed

2011-12-02 01:41 . 2011-12-02 01:41 -------- d-----w- c:\users\Jiahe\AppData\Local\Skyrim

2011-12-02 01:01 . 2011-12-02 01:42 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim

2011-11-30 04:42 . 2011-11-30 04:42 -------- d-----w- c:\users\Jiahe\AppData\Local\APN

2011-11-30 04:41 . 2011-11-30 04:46 -------- d-----w- c:\program files (x86)\The KMPlayer

.

.

.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-15 07:19 . 2009-12-16 05:36 54867776 ----a-w- c:\windows\system32\T.exe

2011-10-03 13:06 . 2011-02-12 01:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-29 16:24 . 2011-11-09 23:53 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-19_23.15.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:59 . 2011-12-27 20:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:59 . 2011-12-14 02:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:59 . 2011-12-14 02:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:59 . 2011-12-27 20:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:59 . 2011-12-14 02:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:59 . 2011-12-27 20:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-12-15 22:35 . 2011-12-27 21:12 70770 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:09 . 2011-12-27 21:12 44302 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-12-20 23:04 . 2011-12-27 21:12 30076 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2695929252-3145278133-2343186154-1003_UserData.bin

+ 2009-12-15 22:29 . 2011-12-26 18:06 18654 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2695929252-3145278133-2343186154-1000_UserData.bin

- 2011-04-03 20:20 . 2009-03-19 00:35 33856 c:\windows\system32\hamachi.sys

+ 2011-04-03 20:20 . 2009-03-19 01:35 33856 c:\windows\system32\hamachi.sys

+ 2009-12-16 06:30 . 2011-12-27 20:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-16 06:30 . 2011-12-19 18:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:51 . 2011-12-26 21:39 95552 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2009-12-16 06:30 . 2011-12-19 18:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-16 06:30 . 2011-12-27 20:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-16 06:30 . 2011-12-19 18:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-12-16 06:30 . 2011-12-27 20:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-12-16 06:30 . 2011-12-19 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-16 06:30 . 2011-12-28 01:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-16 06:30 . 2011-12-19 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-12-16 06:30 . 2011-12-28 01:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-12-19 18:40 . 2011-12-19 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-12-27 20:54 . 2011-12-27 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-12-27 20:54 . 2011-12-27 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-12-19 18:40 . 2011-12-19 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-09-27 05:40 . 2011-12-27 06:50 671576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2011-12-19 18:24 362644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-12-27 06:49 362644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-12-23 01:27 . 2011-12-23 01:27 3819520 c:\windows\Installer\11c85.msi

- 2009-07-14 02:34 . 2011-12-19 21:29 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2011-12-27 21:07 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2011-12-20 06:59 . 2011-12-07 20:26 54867776 c:\windows\system32\MRT.exe

+ 2011-04-14 05:38 . 2011-12-27 06:49 37892622 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2695929252-3145278133-2343186154-1003-8192.dat

+ 2011-04-15 05:38 . 2011-12-27 06:50 43465536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2695929252-3145278133-2343186154-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白与合法缺省登录将不会被显示

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PPHIDPAD"="c:\winpenjr\Win32\pphidpad.exe" [2001-10-02 45056]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-16 1955208]

.

c:\users\Jiahe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

Pandora.lnk - c:\program files (x86)\Pandora\Pandora.exe [2010-4-14 95232]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R3 ApolloProtect;ApolloProtect;c:\program files (x86)\FSSB\Apollo\Apollo.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\XLDoctor\7.1.4.2104_1\Program\tcphoc.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-16 2329480]

S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 1039872]

S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-17 29184]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

‘计划任务’ 文件夹 里的内容

.

2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1000Core.job

- c:\users\Xiujuan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 02:52]

.

2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1000UA.job

- c:\users\Xiujuan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 02:52]

.

2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1003Core1cc062b7133d26b.job

- c:\users\Jiahe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 00:25]

.

2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1003UA1cc20193d23e37b.job

- c:\users\Jiahe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 00:25]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2009-10-26 672424]

"EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2009-10-26 107176]

.

------- 而外的扫描 -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.xunlei.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

LSP: c:\windows\system32\ikutm.dll

DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} - hxxp://game-web.qq.com/client/QQGame2.cab

DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab

FF - ProfilePath - c:\users\Jiahe\AppData\Roaming\Mozilla\Firefox\Profiles\o83ynecc.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2695929252-3145278133-2343186154-1003\Software\SecuROM\License information*]

"datasecu"=hex:a9,e7,38,0e,41,44,c3,4e,c5,82,46,07,e2,f0,b1,20,f0,0e,de,c8,4a,

b4,7e,dc,64,f6,d9,16,63,b8,af,3e,91,b4,29,0e,a6,5a,f8,27,f0,dc,8c,17,fa,3b,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\O(uQ*Q*q_髼璬>e\command]

@="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\O(uQ*Q*q_髼璬>e\command]

@="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\3*D*Kb橯迯{媠]

"DisplayName"="3D手写连笔王"

"UninstallString"="c:\\WINPENJR\\UNWISE.EXE c:\\WINPENJR\\INSTALL.LOG"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb]

"DisplayName"="QQ游戏"

"UninstallString"="d:\\Program Files (x86)\\腾讯游戏\\QQGAME\\Uninstall.EXE"

"Publisher"="腾讯公司"

"DisplayIcon"="d:\\Program Files (x86)\\腾讯游戏\\QQGAME\\QQGame.EXE"

"DisplayVersion"="2.5.102.31"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

完成时间: 2011-12-27 17:58:06

ComboFix-quarantined-files.txt 2011-12-28 01:57

ComboFix2.txt 2011-12-20 23:40

ComboFix3.txt 2011-12-20 01:23

ComboFix4.txt 2011-12-19 23:33

.

Pre-Run: 53,023,784,960 bytes free

Post-Run: 52,952,182,784 bytes free

.

- - End Of File - - C104A0ADC403C01E14C22729F6DEABA5

[LDTate]

http://forums.spybot.info/showthread.php?t=64723

Why are you posting for help at two forums?

posting to multiple forums is self defeating.

1) It increases the post load to each forum, decreasing the number of replies that can physically get answered as we only have so many helpers, who are all volunteers and do this in their spare time.

2) It decreases the ability of helpers to assist as many users as possible.

4) Following the advise of more than one helper can be detrimental to your computer, we each have different methods to attain the same outcome - mixing the two methods can have a negative effect.

5) If you insist on posting to more than one forum - be gracious enough to inform the other forums when you get a response from one, so you don't waste a helpers time.

6) There are very few helpers and many people seeking help, to waste the time of a helper is very inconsiderate.

[LDTate]

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[brisk]

truly sorry.

it doesn't let me open the .exe file..

[LDTate]

Rename it to: TDSSKiller.com

[brisk]

same problem doesn't work..

i tried renaming the file too.

[LDTate]

Download aswMBR.exe ( 511KB ) to your desktop.

•Double clickaswMBR.exe to run it.

•Click Yes to the prompt to download Avast! virus definitions.

(Please be patient whilst the virus definitions download)

•With the AVscan set to Quick Scan, click the Scan button.

(Please be patient whilst your computer is scanned.)

•When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.

•Click OK

•Two files will be created, aswMBR.txt & a file named MBR.dat

•Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.

•NOTE: Do not click to fix anything at this stage!

•Click EXIT.

•Copy & Paste the contents of aswMBR.txt into your next reply.

[brisk]

ill get right to it.

remember you told me to check for a file called "T.exe" located in c:\windows\system32\T.exe ?

I found it, but when I try to scan it with a virus website, I can't find it.

So I denied all access through properties of the file.

Should I delete it? I'm still getting redirects tho.

And my G-mail account has been logged in from someone from Egypt. My facebook language has been changed to Swahili, a common language in Africa.

I changed my passwords and everything. I just wanted to let you know.

[LDTate]

And my G-mail account has been logged in from someone from Egypt. My facebook language has been changed to Swahili, a common language in Africa.

You'll need to contact Google and FaceBook for those issues.

Yes, I would delete the t.exe file.

Also run my last scan I asked for.

[brisk]

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software

Run date: 2012-01-06 18:09:44

-----------------------------

18:09:44.068 OS Version: Windows x64 6.1.7600

18:09:44.068 Number of processors: 2 586 0x170A

18:09:44.069 ComputerName: XIUJUAN-PC UserName: Jiahe

18:09:45.949 Initialize success

18:09:46.364 AVAST engine defs: 12010601

18:10:21.030 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

18:10:21.032 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8

18:10:21.051 Disk 0 MBR read successfully

18:10:21.054 Disk 0 MBR scan

18:10:21.057 Disk 0 Windows 7 default MBR code

18:10:21.061 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 597126 MB offset 63

18:10:21.089 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13350 MB offset 1222915995

18:10:21.094 Service scanning

18:10:22.658 Modules scanning

18:10:22.661 Disk 0 trace - called modules:

18:10:22.684 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006cf2334]<<

18:10:22.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006cd3060]

18:10:22.691 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005c30050]

18:10:22.696 \Driver\iaStorV[0xfffffa8005bf4410] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006cf2334

18:10:23.764 AVAST engine scan C:\Windows

18:10:26.847 AVAST engine scan C:\Windows\system32

18:11:45.237 AVAST engine scan C:\Windows\system32\drivers

18:11:52.444 AVAST engine scan C:\Users\Jiahe

18:21:58.230 AVAST engine scan C:\ProgramData

18:24:46.021 Scan finished successfully

19:40:39.261 Disk 0 MBR has been saved successfully to "C:\Users\Jiahe\Desktop\MBR.dat"

19:40:39.268 The log file has been saved successfully to "C:\Users\Jiahe\Desktop\aswMBR.txt"

19:41:08.277 Disk 0 MBR has been saved successfully to "C:\Users\Jiahe\Desktop\MBR.dat"

19:41:08.282 The log file has been saved successfully to "C:\Users\Jiahe\Desktop\aswMBR.txt"

sorry for responding so late!

[LDTate]

Nothing bad there.

Looks good to me.

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!