brisk
Honorary Members-
Posts
21 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by brisk
-
aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software Run date: 2012-01-06 18:09:44 ----------------------------- 18:09:44.068 OS Version: Windows x64 6.1.7600 18:09:44.068 Number of processors: 2 586 0x170A 18:09:44.069 ComputerName: XIUJUAN-PC UserName: Jiahe 18:09:45.949 Initialize success 18:09:46.364 AVAST engine defs: 12010601 18:10:21.030 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:10:21.032 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8 18:10:21.051 Disk 0 MBR read successfully 18:10:21.054 Disk 0 MBR scan 18:10:21.057 Disk 0 Windows 7 default MBR code 18:10:21.061 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 597126 MB offset 63 18:10:21.089 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13350 MB offset 1222915995 18:10:21.094 Service scanning 18:10:22.658 Modules scanning 18:10:22.661 Disk 0 trace - called modules: 18:10:22.684 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006cf2334]<< 18:10:22.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006cd3060] 18:10:22.691 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005c30050] 18:10:22.696 \Driver\iaStorV[0xfffffa8005bf4410] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006cf2334 18:10:23.764 AVAST engine scan C:\Windows 18:10:26.847 AVAST engine scan C:\Windows\system32 18:11:45.237 AVAST engine scan C:\Windows\system32\drivers 18:11:52.444 AVAST engine scan C:\Users\Jiahe 18:21:58.230 AVAST engine scan C:\ProgramData 18:24:46.021 Scan finished successfully 19:40:39.261 Disk 0 MBR has been saved successfully to "C:\Users\Jiahe\Desktop\MBR.dat" 19:40:39.268 The log file has been saved successfully to "C:\Users\Jiahe\Desktop\aswMBR.txt" 19:41:08.277 Disk 0 MBR has been saved successfully to "C:\Users\Jiahe\Desktop\MBR.dat" 19:41:08.282 The log file has been saved successfully to "C:\Users\Jiahe\Desktop\aswMBR.txt" sorry for responding so late!
-
ill get right to it. remember you told me to check for a file called "T.exe" located in c:\windows\system32\T.exe ? I found it, but when I try to scan it with a virus website, I can't find it. So I denied all access through properties of the file. Should I delete it? I'm still getting redirects tho. And my G-mail account has been logged in from someone from Egypt. My facebook language has been changed to Swahili, a common language in Africa. I changed my passwords and everything. I just wanted to let you know.
-
same problem doesn't work.. i tried renaming the file too.
-
truly sorry. it doesn't let me open the .exe file..
-
ComboFix Scan: ComboFix 11-12-27.01 - Jiahe 7/2011 Tue 16:46:57.4.2 - x64 Microsoft Windows 7 Ultimate N 6.1.7600.0.936.86.1033.18.6143.3901 [GMT -8:00] 执行位置: c:\users\Jiahe\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * 成功创造新还原点 . Error: Cfiles.dat . ((((((((((((((((((((((((( 2011-11-28 至 2011-12-28 的新的档案 ))))))))))))))))))))))))))))))) . . 2011-12-28 01:38 . 2011-12-28 01:38 -------- d-----w- c:\users\Xiujuan\AppData\Local\temp 2011-12-28 01:38 . 2011-12-28 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-27 23:47 . 2011-12-27 23:49 -------- d-----w- C:\MGADiagToolOutput 2011-12-26 21:39 . 2011-12-26 21:39 -------- d-----w- c:\programdata\Office Genuine Advantage 2011-12-26 05:25 . 2011-12-26 05:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-12-26 05:25 . 2011-12-26 05:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-12-23 01:28 . 2011-12-23 01:28 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2011-12-21 02:14 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-12-21 02:14 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-12-21 02:14 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-12-21 02:14 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-12-21 02:14 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-12-21 02:14 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe 2011-12-21 02:14 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-12-21 02:14 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr 2011-12-21 02:14 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe 2011-12-21 02:13 . 2011-12-21 02:13 -------- d-----w- c:\programdata\AVAST Software 2011-12-21 02:13 . 2011-12-21 02:13 -------- d-----w- c:\program files\AVAST Software 2011-12-20 01:42 . 2011-12-20 01:42 -------- d-----w- c:\program files (x86)\ESET 2011-12-19 18:46 . 2011-12-27 21:01 4480 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2011-12-15 00:21 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-15 00:21 . 2011-11-05 05:26 1197568 ----a-w- c:\windows\system32\wininet.dll 2011-12-15 00:21 . 2011-11-05 04:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2011-12-15 00:21 . 2011-11-05 05:28 696600 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2011-12-15 00:21 . 2011-11-05 04:38 673048 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe 2011-12-15 00:21 . 2011-11-05 04:33 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2011-12-07 05:00 . 2011-12-07 05:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-07 04:59 . 2011-12-07 04:59 -------- d-----w- c:\windows\system32\Macromed 2011-12-02 01:41 . 2011-12-02 01:41 -------- d-----w- c:\users\Jiahe\AppData\Local\Skyrim 2011-12-02 01:01 . 2011-12-02 01:42 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim 2011-11-30 04:42 . 2011-11-30 04:42 -------- d-----w- c:\users\Jiahe\AppData\Local\APN 2011-11-30 04:41 . 2011-11-30 04:46 -------- d-----w- c:\program files (x86)\The KMPlayer . . . (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-15 07:19 . 2009-12-16 05:36 54867776 ----a-w- c:\windows\system32\T.exe 2011-10-03 13:06 . 2011-02-12 01:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-29 16:24 . 2011-11-09 23:53 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-12-19_23.15.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:59 . 2011-12-27 20:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:59 . 2011-12-14 02:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:59 . 2011-12-14 02:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:59 . 2011-12-27 20:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:59 . 2011-12-14 02:00 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:59 . 2011-12-27 20:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-12-15 22:35 . 2011-12-27 21:12 70770 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:09 . 2011-12-27 21:12 44302 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-12-20 23:04 . 2011-12-27 21:12 30076 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2695929252-3145278133-2343186154-1003_UserData.bin + 2009-12-15 22:29 . 2011-12-26 18:06 18654 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2695929252-3145278133-2343186154-1000_UserData.bin - 2011-04-03 20:20 . 2009-03-19 00:35 33856 c:\windows\system32\hamachi.sys + 2011-04-03 20:20 . 2009-03-19 01:35 33856 c:\windows\system32\hamachi.sys + 2009-12-16 06:30 . 2011-12-27 20:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-16 06:30 . 2011-12-19 18:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:51 . 2011-12-26 21:39 95552 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2009-12-16 06:30 . 2011-12-19 18:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-12-16 06:30 . 2011-12-27 20:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-12-16 06:30 . 2011-12-19 18:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-12-16 06:30 . 2011-12-27 20:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-12-16 06:30 . 2011-12-19 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-16 06:30 . 2011-12-28 01:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-16 06:30 . 2011-12-19 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-12-16 06:30 . 2011-12-28 01:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-12-19 18:40 . 2011-12-19 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-12-27 20:54 . 2011-12-27 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-12-27 20:54 . 2011-12-27 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-12-19 18:40 . 2011-12-19 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-27 05:40 . 2011-12-27 06:50 671576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2011-12-19 18:24 362644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-12-27 06:49 362644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-12-23 01:27 . 2011-12-23 01:27 3819520 c:\windows\Installer\11c85.msi - 2009-07-14 02:34 . 2011-12-19 21:29 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-12-27 21:07 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2011-12-20 06:59 . 2011-12-07 20:26 54867776 c:\windows\system32\MRT.exe + 2011-04-14 05:38 . 2011-12-27 06:49 37892622 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2695929252-3145278133-2343186154-1003-8192.dat + 2011-04-15 05:38 . 2011-12-27 06:50 43465536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2695929252-3145278133-2343186154-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白与合法缺省登录将不会被显示 REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PPHIDPAD"="c:\winpenjr\Win32\pphidpad.exe" [2001-10-02 45056] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-16 1955208] . c:\users\Jiahe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] Pandora.lnk - c:\program files (x86)\Pandora\Pandora.exe [2010-4-14 95232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R3 ApolloProtect;ApolloProtect;c:\program files (x86)\FSSB\Apollo\Apollo.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\XLDoctor\7.1.4.2104_1\Program\tcphoc.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-16 2329480] S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 1039872] S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-17 29184] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . ‘计划任务’ 文件夹 里的内容 . 2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1000Core.job - c:\users\Xiujuan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 02:52] . 2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1000UA.job - c:\users\Xiujuan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 02:52] . 2011-12-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1003Core1cc062b7133d26b.job - c:\users\Jiahe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 00:25] . 2011-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1003UA1cc20193d23e37b.job - c:\users\Jiahe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 00:25] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2009-10-26 672424] "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2009-10-26 107176] . ------- 而外的扫描 ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.xunlei.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local LSP: c:\windows\system32\ikutm.dll DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} - hxxp://game-web.qq.com/client/QQGame2.cab DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab FF - ProfilePath - c:\users\Jiahe\AppData\Roaming\Mozilla\Firefox\Profiles\o83ynecc.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2695929252-3145278133-2343186154-1003\Software\SecuROM\License information*] "datasecu"=hex:a9,e7,38,0e,41,44,c3,4e,c5,82,46,07,e2,f0,b1,20,f0,0e,de,c8,4a, b4,7e,dc,64,f6,d9,16,63,b8,af,3e,91,b4,29,0e,a6,5a,f8,27,f0,dc,8c,17,fa,3b,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\O(uQ*Q*q_髼璬>e\command] @="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\"" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\O(uQ*Q*q_髼璬>e\command] @="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\"" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\3*D*Kb橯迯{媠] "DisplayName"="3D手写连笔王" "UninstallString"="c:\\WINPENJR\\UNWISE.EXE c:\\WINPENJR\\INSTALL.LOG" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb] "DisplayName"="QQ游戏" "UninstallString"="d:\\Program Files (x86)\\腾讯游戏\\QQGAME\\Uninstall.EXE" "Publisher"="腾讯公司" "DisplayIcon"="d:\\Program Files (x86)\\腾讯游戏\\QQGAME\\QQGame.EXE" "DisplayVersion"="2.5.102.31" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . 完成时间: 2011-12-27 17:58:06 ComboFix-quarantined-files.txt 2011-12-28 01:57 ComboFix2.txt 2011-12-20 23:40 ComboFix3.txt 2011-12-20 01:23 ComboFix4.txt 2011-12-19 23:33 . Pre-Run: 53,023,784,960 bytes free Post-Run: 52,952,182,784 bytes free . - - End Of File - - C104A0ADC403C01E14C22729F6DEABA5
-
well i can't help it, it redirects my search engine there =\
-
So, I did a full scan with malware bytes, super anti-spyware, and avast anti-virus. there were no detections, yet the redirect virus still have not gone away. What do I do now?
-
yes, i did. it found 2 viruses and im visiting http://dailyprize-winners.com/usa1008-/DailyWinner/?sub1=q3&sub2=9922&sub3=1221167754 http://infomash.org get-answers-fast.com @_@
-
ANDD its back!
-
well, I moved the infections to the "chest" -which is like a quarantine zone? and rebooted my computer the redirects have disappeared, but the browsers are still slow..
-
i went to the file location, it isn't there and I checked for hidden folders too
-
It founded 2 viruses http://imageshack.us/f/196/virusscan.jpg/ it shows an error when i click repair?
-
Yes, I have Super Anti-Spyware Free - I don't use this until I have to, so it's turned off most of the time. And Windows Defender - but I never use it. I don't know if it's an actual working anti-virus program, or just an expired free trial.
-
ComboFix 11-12-20.04 - Jiahe 0/2011 Tue 14:44:30.3.2 - x64 Microsoft Windows 7 Ultimate N 6.1.7600.0.936.86.1033.18.6143.3301 [GMT -8:00] 执行位置: c:\users\Jiahe\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( 2011-11-20 至 2011-12-20 的新的档案 ))))))))))))))))))))))))))))))) . . 2011-12-20 23:20 . 2011-12-20 23:20 -------- d-----w- c:\users\Xiujuan\AppData\Local\temp 2011-12-20 23:20 . 2011-12-20 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-20 01:42 . 2011-12-20 01:42 -------- d-----w- c:\program files (x86)\ESET 2011-12-19 18:46 . 2011-12-20 20:31 4480 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2011-12-15 00:21 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-15 00:21 . 2011-11-05 05:26 1197568 ----a-w- c:\windows\system32\wininet.dll 2011-12-15 00:21 . 2011-11-05 04:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2011-12-15 00:21 . 2011-11-05 05:28 696600 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2011-12-15 00:21 . 2011-11-05 04:38 673048 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe 2011-12-15 00:21 . 2011-11-05 04:33 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2011-12-07 05:00 . 2011-12-07 05:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-07 04:59 . 2011-12-07 04:59 -------- d-----w- c:\windows\system32\Macromed 2011-12-02 01:41 . 2011-12-02 01:41 -------- d-----w- c:\users\Jiahe\AppData\Local\Skyrim 2011-12-02 01:01 . 2011-12-02 01:42 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim 2011-11-30 04:42 . 2011-11-30 04:42 -------- d-----w- c:\users\Jiahe\AppData\Local\APN 2011-11-30 04:41 . 2011-11-30 04:46 -------- d-----w- c:\program files (x86)\The KMPlayer 2011-11-24 04:50 . 2011-11-24 04:50 -------- d-----w- c:\program files (x86)\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-15 07:19 . 2009-12-16 05:36 54867776 ----a-w- c:\windows\system32\T.exe 2011-10-03 13:06 . 2011-02-12 01:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-29 16:24 . 2011-11-09 23:53 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-12-19_23.15.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-15 22:35 . 2011-12-20 20:26 68020 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:09 . 2011-12-19 18:42 43006 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:09 . 2011-12-20 20:26 43006 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-12-20 23:04 . 2011-12-20 20:26 29228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2695929252-3145278133-2343186154-1003_UserData.bin - 2009-12-20 23:04 . 2011-12-19 18:42 29228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2695929252-3145278133-2343186154-1003_UserData.bin + 2009-12-16 06:30 . 2011-12-20 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-16 06:30 . 2011-12-19 18:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-16 06:30 . 2011-12-19 18:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-12-16 06:30 . 2011-12-20 20:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-12-16 06:30 . 2011-12-20 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-12-16 06:30 . 2011-12-19 18:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-12-16 06:30 . 2011-12-19 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-16 06:30 . 2011-12-20 23:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-16 06:30 . 2011-12-19 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-12-16 06:30 . 2011-12-20 23:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-12-19 18:40 . 2011-12-19 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-12-20 20:25 . 2011-12-20 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-12-20 20:25 . 2011-12-20 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-12-19 18:40 . 2011-12-19 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-27 05:40 . 2011-12-20 01:01 670616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 05:01 . 2011-12-20 07:02 362644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-12-19 18:24 362644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 02:34 . 2011-12-20 20:39 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:34 . 2011-12-19 21:29 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2011-12-20 06:59 . 2011-12-07 20:26 54867776 c:\windows\system32\MRT.exe + 2011-04-14 05:38 . 2011-12-20 07:02 37786092 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2695929252-3145278133-2343186154-1003-8192.dat + 2011-04-15 05:38 . 2011-12-20 07:02 42225116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2695929252-3145278133-2343186154-1000-8192.dat - 2011-04-15 05:38 . 2011-12-19 06:24 42225116 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2695929252-3145278133-2343186154-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白与合法缺省登录将不会被显示 REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-05-22 399736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PPHIDPAD"="c:\winpenjr\Win32\pphidpad.exe" [2001-10-02 45056] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\users\Jiahe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] Pandora.lnk - c:\program files (x86)\Pandora\Pandora.exe [2010-4-14 95232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R3 ApolloProtect;ApolloProtect;c:\program files (x86)\FSSB\Apollo\Apollo.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\XLDoctor\7.1.4.2104_1\Program\tcphoc.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480] S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 1039872] S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-17 29184] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . ‘计划任务’ 文件夹 里的内容 . 2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1000Core.job - c:\users\Xiujuan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 02:52] . 2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1000UA.job - c:\users\Xiujuan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 02:52] . 2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1003Core1cc062b7133d26b.job - c:\users\Jiahe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 00:25] . 2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1003UA1cc20193d23e37b.job - c:\users\Jiahe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 00:25] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2009-10-26 672424] "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2009-10-26 107176] . ------- 而外的扫描 ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.xunlei.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local LSP: c:\windows\system32\ikutm.dll DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} - hxxp://game-web.qq.com/client/QQGame2.cab DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab FF - ProfilePath - c:\users\Jiahe\AppData\Roaming\Mozilla\Firefox\Profiles\o83ynecc.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2695929252-3145278133-2343186154-1003\Software\SecuROM\License information*] "datasecu"=hex:a9,e7,38,0e,41,44,c3,4e,c5,82,46,07,e2,f0,b1,20,f0,0e,de,c8,4a, b4,7e,dc,64,f6,d9,16,63,b8,af,3e,91,b4,29,0e,a6,5a,f8,27,f0,dc,8c,17,fa,3b,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\O(uQ*Q*q_髼璬>e\command] @="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\"" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\O(uQ*Q*q_髼璬>e\command] @="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\"" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\3*D*Kb橯迯{媠] "DisplayName"="3D手写连笔王" "UninstallString"="c:\\WINPENJR\\UNWISE.EXE c:\\WINPENJR\\INSTALL.LOG" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb] "DisplayName"="QQ游戏" "UninstallString"="d:\\Program Files (x86)\\腾讯游戏\\QQGAME\\Uninstall.EXE" "Publisher"="腾讯公司" "DisplayIcon"="d:\\Program Files (x86)\\腾讯游戏\\QQGAME\\QQGame.EXE" "DisplayVersion"="2.5.102.31" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . 完成时间: 2011-12-20 15:40:26 ComboFix-quarantined-files.txt 2011-12-20 23:40 ComboFix2.txt 2011-12-20 01:23 ComboFix3.txt 2011-12-19 23:33 . Pre-Run: 63,452,282,880 bytes free Post-Run: 62,778,150,912 bytes free . - - End Of File - - E912406FEB15378FAF1FD1AD2A383C89 when i open my browser, it takes a while before it actually opens
-
OMG..It's back again..I was seemed fine last night..-_____-
-
C:\Program Files\EsetOnlineScanner\log.txt I don't have this directory..but I scanned it and it says I have 4 infections. They all have been quarantined. Here's the image http://imageshack.us/photo/my-images/814/capturekzt.jpg
-
ComboFix 11-12-19.03 - Jiahe 9/2011 Mon 16:25:08.2.2 - x64 Microsoft Windows 7 Ultimate N 6.1.7600.0.936.86.1033.18.6143.3237 [GMT -8:00] 执行位置: c:\users\Jiahe\Desktop\ComboFix.exe Command switches used :: c:\users\Jiahe\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( 被删除的档案 ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jiahe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk c:\users\Jiahe\AppData\Roaming\Mozilla\Firefox\Profiles\o83ynecc.default\searchplugins\bing-zugo.xml . . ((((((((((((((((((((((((( 2011-11-20 至 2011-12-20 的新的档案 ))))))))))))))))))))))))))))))) . . 2011-12-20 00:59 . 2011-12-20 00:59 -------- d-----w- c:\users\Xiujuan\AppData\Local\temp 2011-12-20 00:59 . 2011-12-20 00:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-19 18:46 . 2011-12-19 18:46 4480 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2011-12-15 00:21 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-15 00:21 . 2011-11-05 05:26 1197568 ----a-w- c:\windows\system32\wininet.dll 2011-12-15 00:21 . 2011-11-05 04:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2011-12-15 00:21 . 2011-11-05 05:28 696600 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2011-12-15 00:21 . 2011-11-05 04:38 673048 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe 2011-12-15 00:21 . 2011-11-05 04:33 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2011-12-07 05:00 . 2011-12-07 05:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-07 04:59 . 2011-12-07 04:59 -------- d-----w- c:\windows\system32\Macromed 2011-12-02 01:41 . 2011-12-02 01:41 -------- d-----w- c:\users\Jiahe\AppData\Local\Skyrim 2011-12-02 01:01 . 2011-12-02 01:42 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim 2011-11-30 04:42 . 2011-11-30 04:42 -------- d-----w- c:\users\Jiahe\AppData\Local\APN 2011-11-30 04:41 . 2011-11-30 04:46 -------- d-----w- c:\program files (x86)\The KMPlayer 2011-11-24 04:50 . 2011-11-24 04:50 -------- d-----w- c:\program files (x86)\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-15 07:19 . 2009-12-16 05:36 54867776 ----a-w- c:\windows\system32\T.exe 2011-10-03 13:06 . 2011-02-12 01:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-29 16:24 . 2011-11-09 23:53 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-12-19_23.15.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-15 22:35 . 2011-12-20 01:03 67988 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:09 . 2011-12-19 18:42 43006 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:09 . 2011-12-20 01:03 43006 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-12-20 23:04 . 2011-12-20 01:03 29228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2695929252-3145278133-2343186154-1003_UserData.bin - 2009-12-20 23:04 . 2011-12-19 18:42 29228 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2695929252-3145278133-2343186154-1003_UserData.bin + 2009-12-16 06:30 . 2011-12-20 01:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-12-16 06:30 . 2011-12-19 18:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-12-16 06:30 . 2011-12-20 01:02 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-12-16 06:30 . 2011-12-19 18:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-12-16 06:30 . 2011-12-20 01:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-12-16 06:30 . 2011-12-19 18:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-12-20 01:02 . 2011-12-20 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-12-19 18:40 . 2011-12-19 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-12-19 18:40 . 2011-12-19 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-12-20 01:02 . 2011-12-20 01:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-27 05:40 . 2011-12-20 01:01 670616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2011-12-19 18:24 362644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-12-20 01:01 362644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-04-14 05:38 . 2011-12-20 01:01 37253618 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2695929252-3145278133-2343186154-1003-8192.dat . ((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白与合法缺省登录将不会被显示 REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-05-22 399736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PPHIDPAD"="c:\winpenjr\Win32\pphidpad.exe" [2001-10-02 45056] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\users\Jiahe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] Pandora.lnk - c:\program files (x86)\Pandora\Pandora.exe [2010-4-14 95232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R3 ApolloProtect;ApolloProtect;c:\program files (x86)\FSSB\Apollo\Apollo.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\XLDoctor\7.1.4.2104_1\Program\tcphoc.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480] S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 1039872] S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-17 29184] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . ‘计划任务’ 文件夹 里的内容 . 2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1000Core.job - c:\users\Xiujuan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 02:52] . 2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1000UA.job - c:\users\Xiujuan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 02:52] . 2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1003Core1cc062b7133d26b.job - c:\users\Jiahe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 00:25] . 2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1003UA1cc20193d23e37b.job - c:\users\Jiahe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 00:25] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2009-10-26 672424] "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2009-10-26 107176] . ------- 而外的扫描 ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.xunlei.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local LSP: c:\windows\system32\ikutm.dll DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} - hxxp://game-web.qq.com/client/QQGame2.cab DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab FF - ProfilePath - c:\users\Jiahe\AppData\Roaming\Mozilla\Firefox\Profiles\o83ynecc.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2695929252-3145278133-2343186154-1003\Software\SecuROM\License information*] "datasecu"=hex:a9,e7,38,0e,41,44,c3,4e,c5,82,46,07,e2,f0,b1,20,f0,0e,de,c8,4a, b4,7e,dc,64,f6,d9,16,63,b8,af,3e,91,b4,29,0e,a6,5a,f8,27,f0,dc,8c,17,fa,3b,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\O(uQ*Q*q_髼璬>e\command] @="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\"" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\O(uQ*Q*q_髼璬>e\command] @="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\"" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\3*D*Kb橯迯{媠] "DisplayName"="3D手写连笔王" "UninstallString"="c:\\WINPENJR\\UNWISE.EXE c:\\WINPENJR\\INSTALL.LOG" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb] "DisplayName"="QQ游戏" "UninstallString"="d:\\Program Files (x86)\\腾讯游戏\\QQGAME\\Uninstall.EXE" "Publisher"="腾讯公司" "DisplayIcon"="d:\\Program Files (x86)\\腾讯游戏\\QQGAME\\QQGame.EXE" "DisplayVersion"="2.5.102.31" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ 其他运行进程 ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Motive\McciCMService.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.exe c:\program files (x86)\OpenOffice.org 3\program\soffice.bin . ************************************************************************** . 完成时间: 2011-12-19 17:23:19 - 电脑已重新启动 ComboFix-quarantined-files.txt 2011-12-20 01:23 ComboFix2.txt 2011-12-19 23:33 . Pre-Run: 66,866,573,312 bytes free Before the computer reboot, there was a microsoft message saying PEV.exe has stopped working. Is this a good sign? Anyways, the hi-jacking has stopped. What should I do now? Again, I really appreciate you help. Thank you for your time.
-
It says the file cannot be located for "T.exe".. And for the dll file, Here is the scan from the website: File name: ikutm.dll Submission date: 2011-12-20 00:01:56 (UTC) Current status: finished Result: 0/ 43 (0.0%)
-
ComboFix 11-12-19.03 - Jiahe 9/2011 Mon 14:37:45.1.2 - x64 Microsoft Windows 7 Ultimate N 6.1.7600.0.936.86.1033.18.6143.3485 [GMT -8:00] 执行位置: c:\users\Jiahe\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * 成功创造新还原点 . . ((((((((((((((((((((((((((((((((((((((( 被删除的档案 ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\program files (x86)\Common Files\Tencent\Paycenter c:\program files (x86)\Common Files\Tencent\Paycenter\qqcert.dll c:\program files (x86)\Common Files\Tencent\Paycenter\qqedit.dll c:\users\Xiujuan\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_16070hhb.jpg c:\users\Xiujuan\AppData\Local\Microsoft\Windows\Temporary Internet Files\xlfx_video_16573hhb.jpg c:\users\Xiujuan\videos\pptvsetup_2.4.2.0013.exe c:\windows\Downloaded Program Files\Install.inf . . ((((((((((((((((((((((((( 2011-11-19 至 2011-12-19 的新的档案 ))))))))))))))))))))))))))))))) . . 2011-12-19 23:12 . 2011-12-19 23:12 -------- d-----w- c:\users\Xiujuan\AppData\Local\temp 2011-12-19 23:12 . 2011-12-19 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-19 18:46 . 2011-12-19 18:46 4480 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2011-12-15 00:21 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-15 00:21 . 2011-11-05 05:26 1197568 ----a-w- c:\windows\system32\wininet.dll 2011-12-15 00:21 . 2011-11-05 04:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2011-12-15 00:21 . 2011-11-05 05:28 696600 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2011-12-15 00:21 . 2011-11-05 04:38 673048 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe 2011-12-15 00:21 . 2011-11-05 04:33 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2011-12-07 05:00 . 2011-12-07 05:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-07 04:59 . 2011-12-07 04:59 -------- d-----w- c:\windows\system32\Macromed 2011-12-02 01:41 . 2011-12-02 01:41 -------- d-----w- c:\users\Jiahe\AppData\Local\Skyrim 2011-12-02 01:01 . 2011-12-02 01:42 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim 2011-11-30 04:42 . 2011-11-30 04:42 -------- d-----w- c:\users\Jiahe\AppData\Local\APN 2011-11-30 04:41 . 2011-11-30 04:46 -------- d-----w- c:\program files (x86)\The KMPlayer 2011-11-24 04:50 . 2011-11-24 04:50 -------- d-----w- c:\program files (x86)\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-15 07:19 . 2009-12-16 05:36 54867776 ----a-w- c:\windows\system32\T.exe 2011-10-03 13:06 . 2011-02-12 01:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-29 16:24 . 2011-11-09 23:53 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( 重要登入点 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白与合法缺省登录将不会被显示 REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-05-22 399736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PPHIDPAD"="c:\winpenjr\Win32\pphidpad.exe" [2001-10-02 45056] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\users\Jiahe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000] Pandora.lnk - c:\program files (x86)\Pandora\Pandora.exe [2010-4-14 95232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R3 ApolloProtect;ApolloProtect;c:\program files (x86)\FSSB\Apollo\Apollo.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\XLDoctor\7.1.4.2104_1\Program\tcphoc.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480] S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 1039872] S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-17 29184] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x] S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . ‘计划任务’ 文件夹 里的内容 . 2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1000Core.job - c:\users\Xiujuan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 02:52] . 2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1000UA.job - c:\users\Xiujuan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 02:52] . 2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1003Core1cc062b7133d26b.job - c:\users\Jiahe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 00:25] . 2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695929252-3145278133-2343186154-1003UA1cc20193d23e37b.job - c:\users\Jiahe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 00:25] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2009-10-26 672424] "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2009-10-26 107176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- 而外的扫描 ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.xunlei.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local LSP: c:\windows\system32\ikutm.dll DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} - hxxp://game-web.qq.com/client/QQGame2.cab DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab FF - ProfilePath - c:\users\Jiahe\AppData\Roaming\Mozilla\Firefox\Profiles\o83ynecc.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2695929252-3145278133-2343186154-1003\Software\SecuROM\License information*] "datasecu"=hex:a9,e7,38,0e,41,44,c3,4e,c5,82,46,07,e2,f0,b1,20,f0,0e,de,c8,4a, b4,7e,dc,64,f6,d9,16,63,b8,af,3e,91,b4,29,0e,a6,5a,f8,27,f0,dc,8c,17,fa,3b,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AudioCD\shell\O(uQ*Q*q_髼璬>e\command] @="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\"" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DVD\shell\O(uQ*Q*q_髼璬>e\command] @="\"c:\\Program Files (x86)\\Tencent\\QQPlayer\\QQPlayer.exe\" /disk \"%1\"" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\3*D*Kb橯迯{媠] "DisplayName"="3D手写连笔王" "UninstallString"="c:\\WINPENJR\\UNWISE.EXE c:\\WINPENJR\\INSTALL.LOG" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*8nb] "DisplayName"="QQ游戏" "UninstallString"="d:\\Program Files (x86)\\腾讯游戏\\QQGAME\\Uninstall.EXE" "Publisher"="腾讯公司" "DisplayIcon"="d:\\Program Files (x86)\\腾讯游戏\\QQGAME\\QQGame.EXE" "DisplayVersion"="2.5.102.31" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . 完成时间: 2011-12-19 15:33:24 ComboFix-quarantined-files.txt 2011-12-19 23:33 . Pre-Run: 63,651,602,432 bytes free Post-Run: 66,839,986,176 bytes free . - - End Of File - - 6C747FF221424A4B1C08DC97182F42CC For some reason, it's chinese.. My computer seems alright. The hi-jacking seems to have momentarily stopped. Thanks for your help and time!
-
Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8377 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/19/2011 12:18:42 PM mbam-log-2011-12-19 (12-18-42).txt Scan type: Quick scan Objects scanned: 208813 Time elapsed: 7 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
Hello, I would appreciate any help to cure my hijacked browser!! :/ Nothing I'm doing is fixing or detecting the problem.. DDS LOG: __________________________________________________ . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29 Run by Jiahe at 18:13:09 on 2011-12-15 Microsoft Windows 7 Ultimate N 6.1.7600.0.936.86.1033.18.6143.4115 [GMT -8:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\system32\spool\DRIVERS\x64\3\lxdxserv.exe C:\Windows\system32\lxdxcoms.exe C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\atieclxx.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe C:\Users\Jiahe\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe D:\PPS.tv\PPStream\PPSAP.exe C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\Pandora\Pandora.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\WINPENJR\win32\Pphidpad.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\wuauclt.exe C:\Users\Jiahe\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jiahe\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jiahe\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jiahe\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jiahe\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jiahe\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jiahe\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jiahe\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Jiahe\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jiahe\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\REGSVR32.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.xunlei.com uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll uRun: [Google Update] "C:\Users\Jiahe\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [PPLiveVA] C:\Program Files (x86)\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0 uRun: [PPAP] "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.EXE" -background uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent uRun: [PPS Accelerator] D:\PPS.tv\PPStream\ppsap.exe mRun: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Jiahe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\Users\Jiahe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Pandora.lnk - C:\Program Files (x86)\Pandora\Pandora.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: C:\Windows\system32\ikutm.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} - hxxp://game-web.qq.com/client/QQGame2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - hxxp://plato.ousd.k12.ca.us/pathways/pway_iis.dll/PWLN/02050119/fullcab/pwlninst.cab DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab TCP: Interfaces\{2D58E29F-66A9-4CD1-8B42-887EAC930D96} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{2D58E29F-66A9-4CD1-8B42-887EAC930D96}\74F6C6F6 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{7A97DFAE-1868-4272-B75A-8DE1BCD5EF17} : DhcpNameServer = 192.168.1.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File BHO-X64: XunleiBHO - No File BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll mRun-x64: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jiahe\AppData\Roaming\Mozilla\Firefox\Profiles\o83ynecc.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(474).dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Media Player\np-mswmp.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Jiahe\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-4 2329480] R2 lxdx_device;lxdx_device;C:\Windows\system32\lxdxcoms.exe -service --> C:\Windows\system32\lxdxcoms.exe -service [?] R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdxserv.exe [2009-12-15 29184] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-4-24 517632] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-12-15 00:21:25 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2011-12-15 00:21:05 1197568 ----a-w- C:\Windows\System32\wininet.dll 2011-12-15 00:21:03 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-12-15 00:21:00 860672 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll 2011-12-15 00:21:00 696600 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe 2011-12-15 00:21:00 673048 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe 2011-12-13 00:27:09 357000 ----a-w- C:\ProgramData\i6qcOlkU2jbAqX.exe 2011-12-13 00:13:18 357000 ----a-w- C:\ProgramData\fg.exe 2011-12-07 05:00:45 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-02 01:41:45 -------- d-----w- C:\Users\Jiahe\AppData\Local\Skyrim 2011-12-02 01:01:35 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim 2011-11-30 04:42:07 -------- d-----w- C:\Users\Jiahe\AppData\Local\APN 2011-11-30 04:41:47 -------- d-----w- C:\Program Files (x86)\The KMPlayer . ==================== Find3M ==================== . 2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys 2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec 2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec 2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-15 06:25:12 723456 ----a-w- C:\Windows\System32\EncDec.dll 2011-10-15 05:48:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2011-10-03 13:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 18:21:05.39 =============== Thank you for your time!! Hope to get help soon! please help me soon..i'm really frustrated trying to find other methods of getting rid of it