1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google Misdirect Malware on Opera

Discussion in 'Virus & Other Malware Removal' started by perishknight, Oct 17, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. perishknight

    perishknight Thread Starter

    Joined:
    Oct 17, 2011
    Messages:
    5
    Got this virus two days ago when I lent my PC to a friend to finish his assignment. He was downloading 3d model files for his assignment and in the process of doing so he downloaded 2 files which ends with the exe extension. I realised this when I woke up the next morning and saw the download list.

    Immediately after that I checked my startups for any unwanted processes through msconfig and ccleaner. Nothing showed up. I then assumed that it was a false alarm and didnt take note of it. Yesterday night my opera started to act wierdly. I couldnt access the web-page through google but if I typed it in the address it works fine. Today it got worse and more of my searches bring me to random places. *On a side note when I click on a link it loads slower(doesnt matter if it loads correctly or wrong)

    I looked into the opera preferences and couldnt find anything related. The proxy and DNS should be fine(Assumption) The hosts file is normal. I unticked the automatic redirection from opera and it became more obvious that I was misdirected as opera asks me to comfirm redirection. Viewing the source of the random web pages reveal:

    <html><head><title>youtube</title></head><frameset><frame src="http://immensesearchsystem.com/?search=youtube&subid=170&key=08f409966e2fbd024289"></frameset></html>

    So i tried using internet explorer and chrome to try and replicate the problem. Both worked fine. The reason I wanted to stay on Opera would is that it would be too much a hassle to transfer my private data and also I like the features of opera. Next, i tried disabling all my extensions. Didnt work. Unstalling opera and reinstall also brings me the same result.

    So, yeah, I'm practically lost on what to do now.
    *Tried Malwarebytes but it did not work.
    *Tried TDSSKiller(the one from kaspersky), nothing detected.


    Attachments


    Hijakthis
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:24:30 PM, on 10/17/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16839)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\TaggedFrog\TaggedFrog.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Opera\Opera.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\FlashGet Network\FlashGet 3\flashget3.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: Show Xmlbar Toolbar - {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\IEBar\xbietb.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] C:\Malware\Malware\mbamgui.exe /starttray
    O4 - HKCU\..\Run: [TaggedFrog] C:\Program Files (x86)\TaggedFrog\TaggedFrog.exe /tray
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: RBTray - Shortcut.lnk = Mbhkoay\Desktop\Software\RB Tray\64bit\RBTray.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=English&ver=1.0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetUrl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Mbhkoay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mbhkoay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: &#20351;&#29992;&#24555;&#36710;3&#19979;&#36733; - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetUrl.htm
    O8 - Extra context menu item: &#20351;&#29992;&#24555;&#36710;3&#19979;&#36733;&#20840;&#37096;&#38142;&#25509; - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Run TudouDownloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
    O9 - Extra 'Tools' menuitem: Tudou Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
    O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O15 - Trusted Zone: http://*.pps.tv
    O15 - Trusted Zone: http://*.ppstream.com
    O15 - Trusted Zone: http://*.webscache.com
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O15 - ESC Trusted Zone: http://*.pps.tv
    O15 - ESC Trusted Zone: http://*.ppstream.com
    O15 - ESC Trusted Zone: http://*.webscache.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{40FFCAFA-121F-49CB-9DD7-C450DD22F3AE}: NameServer = 8.8.8.8,208.67.222.222
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe
    O23 - Service: lxdf_device - - C:\Windows\system32\lxdfcoms.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Malware\Malware\mbamservice.exe
    O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
    O23 - Service: mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit (mi-raysat_3dsmax2012_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Splashtop? Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XMouseButton Launcher - Highresolution Enterprises - C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
    --
    End of file - 13782 bytes





    DDS
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Mbhkoay at 19:39:03 on 2011-10-17
    Microsoft Windows 7 Enterprise 6.1.7600.0.936.86.1033.18.8172.4374 [GMT 8:00]
    .
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Windows\system32\lxdfcoms.exe
    C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
    C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
    C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files (x86)\TaggedFrog\TaggedFrog.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Mbhkoay\Desktop\Software\RB Tray\64bit\RBTray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Malware\Malware\mbamservice.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Opera\Opera.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\FlashGet Network\FlashGet 3\flashget3.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit=userinit.exe,
    uWinlogon: Shell=C:\Users\Mbhkoay\AppData\Local\b6aedd43\X
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    TB: Show Xmlbar Toolbar: {6b896adb-4a82-46e2-858c-13134782ce34} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\IEBar\xbietb.dll
    uRun: [AdobeBridge]
    uRun: [TaggedFrog] C:\Program Files (x86)\TaggedFrog\TaggedFrog.exe /tray
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Malwarebytes' Anti-Malware] C:\Malware\Malware\mbamgui.exe /starttray
    StartupFolder: C:\Users\Mbhkoay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RBTRAY~1.LNK - C:\Users\Mbhkoay\Desktop\Software\RB Tray\64bit\RBTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=English&ver=1.0
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: Download all by FlashGet3 - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - C:\Users\Mbhkoay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - C:\Users\Mbhkoay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: &#20351;&#29992;&#24555;&#36710;3&#19979;&#36733; - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: &#20351;&#29992;&#24555;&#36710;3&#19979;&#36733;&#20840;&#37096;&#38142;&#25509; - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: mswsock.dll
    Trusted Zone: pps.tv
    Trusted Zone: ppstream.com
    Trusted Zone: webscache.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{40FFCAFA-121F-49CB-9DD7-C450DD22F3AE} : NameServer = 8.8.8.8,208.67.222.222
    TCP: Interfaces\{40FFCAFA-121F-49CB-9DD7-C450DD22F3AE} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{40FFCAFA-121F-49CB-9DD7-C450DD22F3AE}\34F6E6E656364796F6E6 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{40FFCAFA-121F-49CB-9DD7-C450DD22F3AE}\67D3E2D396C6C7 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{40FFCAFA-121F-49CB-9DD7-C450DD22F3AE}\86F6D65677966696 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{40FFCAFA-121F-49CB-9DD7-C450DD22F3AE}\D3E2D396C6C7 : NameServer = 8.8.8.8,208.67.222.222
    TCP: Interfaces\{40FFCAFA-121F-49CB-9DD7-C450DD22F3AE}\D3E2D396C6C7 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{5CD6D8C5-744D-474F-AFB8-ADC528095314} : DhcpNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    BHO-X64: btorbit.com - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO-X64: IESpeakDoc - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    BHO-X64: FlashGetBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    TB-X64: Show Xmlbar Toolbar: {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\IEBar\xbietb.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Malwarebytes' Anti-Malware] C:\Malware\Malware\mbamgui.exe /starttray
    IE-X64: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
    AppInit_DLLs-X64: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-30 13336]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 375176]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
    R2 lxdf_device;lxdf_device;C:\Windows\system32\lxdfcoms.exe -service --> C:\Windows\system32\lxdfcoms.exe -service [?]
    R2 MBAMService;MBAMService;C:\Malware\Malware\mbamservice.exe [2011-10-17 366152]
    R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
    R2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
    R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
    R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-9-21 366408]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-25 2358656]
    R2 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2011-2-7 86016]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
    R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Nbdrv;NetBalancer;C:\Windows\system32\DRIVERS\nbdrv.sys --> C:\Windows\system32\DRIVERS\nbdrv.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-2 136176]
    S2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdfserv.exe [2007-5-29 33712]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
    S3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-4-6 1431888]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-9-11 30192]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-2 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    S4 NetBalancer Windows Service;NetBalancer Windows Service;C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2011-7-27 9728]
    .
    =============== File Associations ===============
    .
    .scr=Ecotect Script
    .
    =============== Created Last 30 ================
    .
    2011-10-17 11:23:25 388096 ----a-r- C:\Users\Mbhkoay\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-10-17 10:25:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-10-17 05:00:34 -------- d-----w- C:\Malware
    2011-10-17 04:55:30 -------- d-----w- C:\Users\Mbhkoay\AppData\Roaming\Malwarebytes
    2011-10-17 04:55:13 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-17 04:55:10 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-10-17 04:55:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-10-14 02:39:56 -------- d-----we C:\Windows\system64
    2011-10-14 02:38:53 -------- d-sh--w- C:\Users\Mbhkoay\AppData\Local\b6aedd43
    2011-10-13 16:25:15 -------- d-----w- C:\ProgramData\boost_interprocess
    2011-10-13 16:06:02 -------- d-----w- C:\Autodesk
    2011-10-09 08:37:13 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Calendar Clock
    2011-10-09 08:37:06 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Tidbits_ Tech News
    2011-10-09 08:36:59 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Universal RSS Reader
    2011-10-09 08:36:43 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Agenda
    2011-10-09 08:35:14 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Unite Media Player
    2011-10-09 08:35:05 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\GuitarChords
    2011-10-09 08:34:44 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Lava Lamp
    2011-10-09 08:34:19 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\eBook Reader
    2011-10-09 08:33:59 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\dotoo
    2011-10-09 08:33:42 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Seesu
    2011-10-09 08:33:32 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Google Translator
    2011-10-09 08:33:25 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Artist's Sketchbook 1.65
    2011-10-05 03:31:32 -------- d-----w- C:\Program Files (x86)\AMD APP
    2011-09-29 23:15:52 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
    2011-09-29 23:15:52 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2011-09-29 23:15:52 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2011-09-29 23:15:52 630784 ----a-w- C:\Windows\SysWow64\vp7vfw.dll
    2011-09-29 23:15:52 39936 ----a-w- C:\Windows\SysWow64\huffyuv.dll
    2011-09-29 23:15:52 3164160 ----a-w- C:\Windows\SysWow64\x264vfw.dll
    2011-09-29 23:15:52 287744 ----a-w- C:\Windows\SysWow64\divxa32.acm
    2011-09-29 23:15:52 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2011-09-29 23:15:52 232448 ----a-w- C:\Windows\SysWow64\mp3fhg.acm
    2011-09-29 23:15:52 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
    2011-09-29 23:15:52 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
    2011-09-29 23:15:51 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
    2011-09-24 06:43:35 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Chromium
    .
    ==================== Find3M ====================
    .
    2011-10-16 10:04:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-07 06:13:17 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
    2011-10-07 06:13:17 80768 ----a-w- C:\Windows\System32\LMIinit.dll
    2011-10-07 06:13:17 34688 ----a-w- C:\Windows\System32\LMIport.dll
    2011-09-14 03:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
    2011-09-14 03:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-09-14 03:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-09-14 03:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
    2011-09-14 03:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
    2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-08-24 12:19:10 56320 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2011-08-24 12:18:30 13601280 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-08-07 15:21:04 4703088 ----a-w- C:\Windows\System32\SogouPY.ime
    2011-08-07 15:21:04 2690928 ----a-w- C:\Windows\SysWow64\SogouPY.ime
    2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-21 10:49:07 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak
    2011-04-26 14:26:00 1578056991 ----a-w- C:\Program Files (x86)\SilkroadOnline_GlobalOfficial_v1_298.exe
    .
    ============= FINISH: 19:39:53.42 ===============
     

    Attached Files:

  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,876
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  3. perishknight

    perishknight Thread Starter

    Joined:
    Oct 17, 2011
    Messages:
    5
    Closed all applications, shut down the Malwarebytes process from task manager, PC restarted during the fix.
    Seems to have fixed it, below is the fix log.

    Sorry for the Chinese wording, since my system locale is Chinese. I suspect you've seen a lot of this files so I wont translate unless you tell me to.. ^^

    I'll post back one day later to confirm if the problem persists.
    Thx for the help and time, and I hope you have a great day~



    ComboFix 11-10-17.02 - Mbhkoay 7/2011 Mon 23:29:27.1.8 - x64
    Microsoft Windows 7 Enterprise 6.1.7600.0.936.86.1033.18.8172.6116 [GMT 8:00]
    &#25191;&#34892;&#20301;&#32622;: c:\users\Mbhkoay\Desktop\perishknight123.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( &#34987;&#21024;&#38500;&#30340;&#26723;&#26696; )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\AUTORUN.INF
    c:\programdata\SPL619F.tmp
    C:\setup.exe
    c:\users\Mbhkoay\AppData\Roaming\completescan
    c:\users\Mbhkoay\AppData\Roaming\install
    c:\windows\assembly\tmp\U
    c:\windows\assembly\tmp\U\000000c0.@
    c:\windows\assembly\tmp\U\000000cb.@
    c:\windows\assembly\tmp\U\000000cf.@
    c:\windows\assembly\tmp\U\80000000.@
    c:\windows\assembly\tmp\U\800000c0.@
    c:\windows\assembly\tmp\U\800000cb.@
    c:\windows\assembly\tmp\U\800000cf.@
    c:\windows\system32\consrv.dll
    c:\windows\System64
    .
    .
    ((((((((((((((((((((((((( 2011-09-17 &#33267; 2011-10-17 &#30340;&#26032;&#30340;&#26723;&#26696; )))))))))))))))))))))))))))))))
    .
    .
    2011-10-17 11:23 . 2011-10-17 11:23 388096 ----a-r- c:\users\Mbhkoay\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-10-17 10:25 . 2011-10-17 10:25 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-10-17 05:00 . 2011-10-17 05:00 -------- d-----w- C:\Malware
    2011-10-17 04:55 . 2011-10-17 04:55 -------- d-----w- c:\users\Mbhkoay\AppData\Roaming\Malwarebytes
    2011-10-17 04:55 . 2011-10-17 04:55 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-17 04:55 . 2011-10-17 04:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-10-17 04:55 . 2011-08-31 09:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-14 02:38 . 2011-10-14 02:38 -------- d-sh--w- c:\users\Mbhkoay\AppData\Local\b6aedd43
    2011-10-13 16:25 . 2011-10-13 16:25 -------- d-----w- c:\programdata\boost_interprocess
    2011-10-13 16:06 . 2011-10-13 16:06 -------- d-----w- C:\Autodesk
    2011-10-09 08:37 . 2011-10-09 08:37 -------- d-----w- c:\users\Mbhkoay\AppData\Local\Calendar Clock
    2011-10-09 08:37 . 2011-10-09 08:37 -------- d-----w- c:\users\Mbhkoay\AppData\Local\Tidbits_ Tech News
    2011-10-09 08:36 . 2011-10-09 08:36 -------- d-----w- c:\users\Mbhkoay\AppData\Local\Universal RSS Reader
    2011-10-09 08:36 . 2011-10-09 08:36 -------- d-----w- c:\users\Mbhkoay\AppData\Local\Agenda
    2011-10-09 08:35 . 2011-10-09 08:35 -------- d-----w- c:\users\Mbhkoay\AppData\Local\Unite Media Player
    2011-10-09 08:35 . 2011-10-09 08:35 -------- d-----w- c:\users\Mbhkoay\AppData\Local\GuitarChords
    2011-10-09 08:34 . 2011-10-09 08:34 -------- d-----w- c:\users\Mbhkoay\AppData\Local\Lava Lamp
    2011-10-09 08:34 . 2011-10-09 08:34 -------- d-----w- c:\users\Mbhkoay\AppData\Local\eBook Reader
    2011-10-09 08:33 . 2011-10-09 08:33 -------- d-----w- c:\users\Mbhkoay\AppData\Local\dotoo
    2011-10-09 08:33 . 2011-10-09 08:33 -------- d-----w- c:\users\Mbhkoay\AppData\Local\Seesu
    2011-10-09 08:33 . 2011-10-09 08:33 -------- d-----w- c:\users\Mbhkoay\AppData\Local\Google Translator
    2011-10-09 08:33 . 2011-10-09 08:33 -------- d-----w- c:\users\Mbhkoay\AppData\Local\Artist's Sketchbook 1.65
    2011-10-05 03:31 . 2011-10-05 03:31 -------- d-----w- c:\programdata\ATI
    2011-10-05 03:31 . 2011-10-05 03:31 -------- d-----w- c:\program files (x86)\AMD APP
    2011-09-29 23:15 . 2011-08-29 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
    2011-09-29 23:15 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
    2011-09-29 23:15 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
    2011-09-29 23:15 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
    2011-09-29 23:15 . 2011-06-15 15:03 3164160 ----a-w- c:\windows\SysWow64\x264vfw.dll
    2011-09-29 23:15 . 2011-05-09 18:23 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
    2011-09-29 23:15 . 2008-09-24 18:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
    2011-09-29 23:15 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
    2011-09-29 23:15 . 2006-04-02 12:47 630784 ----a-w- c:\windows\SysWow64\vp7vfw.dll
    2011-09-29 23:15 . 2004-05-18 18:16 39936 ----a-w- c:\windows\SysWow64\huffyuv.dll
    2011-09-29 23:15 . 2001-02-25 01:19 287744 ----a-w- c:\windows\SysWow64\divxa32.acm
    2011-09-29 23:15 . 2011-09-29 23:16 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
    2011-09-24 06:43 . 2011-09-24 06:43 -------- d-----w- c:\users\Mbhkoay\AppData\Local\Chromium
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( &#22312;&#19977;&#20010;&#26376;&#20869;&#34987;&#20462;&#25913;&#30340;&#26723;&#26696; ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-16 10:04 . 2011-05-27 14:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-07 06:13 . 2011-04-06 19:28 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-10-07 06:13 . 2011-04-06 19:28 34688 ----a-w- c:\windows\system32\LMIport.dll
    2011-10-07 06:13 . 2011-04-06 19:28 80768 ----a-w- c:\windows\system32\LMIinit.dll
    2011-09-14 03:47 . 2011-09-14 03:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
    2011-09-14 03:47 . 2011-09-14 03:47 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2011-09-14 03:47 . 2011-09-14 03:47 16652288 ----a-w- c:\windows\system32\amdocl64.dll
    2011-09-14 03:38 . 2011-09-14 03:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
    2011-09-14 03:38 . 2011-09-14 03:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
    2011-09-08 18:27 . 2011-09-08 18:27 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-09-08 17:59 . 2011-09-08 17:59 24229376 ----a-w- c:\windows\system32\atio6axx.dll
    2011-09-08 17:39 . 2011-09-08 17:39 18534912 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-09-08 17:34 . 2011-09-08 17:34 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-09-08 17:34 . 2011-07-28 21:40 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-09-08 17:32 . 2010-09-29 01:54 862720 ----a-w- c:\windows\system32\aticfx64.dll
    2011-09-08 17:30 . 2011-09-08 17:30 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-09-08 17:30 . 2011-09-08 17:30 486912 ----a-w- c:\windows\system32\atieclxx.exe
    2011-09-08 17:29 . 2011-09-08 17:29 204288 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-09-08 17:28 . 2011-09-08 17:28 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-09-08 17:28 . 2011-09-08 17:28 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-09-08 17:28 . 2011-09-08 17:28 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-09-08 17:28 . 2011-09-08 17:28 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-09-08 17:28 . 2011-09-08 17:28 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2011-09-08 17:28 . 2011-09-08 17:28 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-09-08 17:28 . 2011-09-08 17:28 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-09-08 17:24 . 2011-09-08 17:24 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-09-08 17:18 . 2011-09-08 17:18 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-09-08 17:18 . 2011-09-08 17:18 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-09-08 17:18 . 2011-09-08 17:18 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-09-08 17:16 . 2010-09-29 01:37 4944896 ----a-w- c:\windows\system32\atidxx64.dll
    2011-09-08 17:09 . 2011-09-08 17:09 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-09-08 17:09 . 2011-09-08 17:09 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-09-08 17:09 . 2011-09-08 17:09 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-09-08 17:09 . 2011-09-08 17:09 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-09-08 17:09 . 2011-09-08 17:09 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-09-08 17:08 . 2011-07-28 21:03 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-09-08 17:05 . 2011-09-08 17:05 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-09-08 17:05 . 2011-07-28 21:09 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-09-08 17:00 . 2011-09-08 17:00 5428736 ----a-w- c:\windows\system32\atiumd64.dll
    2011-09-08 16:59 . 2011-03-29 18:42 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-09-08 16:53 . 2011-09-08 16:53 381952 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-09-08 16:53 . 2011-09-08 16:53 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-09-08 16:52 . 2011-09-08 16:52 15360 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-09-08 16:52 . 2011-09-08 16:52 13312 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-09-08 16:52 . 2011-09-08 16:52 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-09-08 16:52 . 2011-09-08 16:52 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-09-08 16:52 . 2011-09-08 16:52 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-09-08 16:52 . 2010-09-29 01:14 40960 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-09-08 16:51 . 2011-09-08 16:51 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-09-08 16:51 . 2011-09-08 16:51 38912 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-09-08 16:51 . 2011-07-28 20:53 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-09-08 16:51 . 2011-09-08 16:51 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2011-09-08 16:51 . 2011-09-08 16:51 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-09-08 16:50 . 2011-09-08 16:50 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2011-08-24 12:19 . 2011-08-24 12:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2011-08-24 12:18 . 2011-08-24 12:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll
    2011-08-18 15:52 . 2010-06-24 03:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-08-16 00:48 . 2011-08-19 13:33 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7604F79-F86F-4186-8703-6AFF7CE49D6E}\mpengine.dll
    2011-08-07 15:21 . 2011-08-07 15:21 2690928 ----a-w- c:\windows\SysWow64\SogouPY.ime
    2011-08-07 15:21 . 2011-03-12 03:18 4703088 ----a-w- c:\windows\system32\SogouPY.ime
    2011-07-22 05:35 . 2011-08-18 19:42 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-22 04:56 . 2011-08-18 19:42 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-07-21 10:49 . 2011-04-06 19:28 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
    2011-04-26 14:26 . 2011-04-26 13:23 1578056991 ----a-w- c:\program files (x86)\SilkroadOnline_GlobalOfficial_v1_298.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( &#37325;&#35201;&#30331;&#20837;&#28857; ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *&#27880;&#24847;* &#31354;&#30333;&#19982;&#21512;&#27861;&#32570;&#30465;&#30331;&#24405;&#23558;&#19981;&#20250;&#34987;&#26174;&#31034;
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{6B896ADB-4A82-46e2-858C-13134782CE34}"= "c:\program files (x86)\Xmlbar\Tudou Downloader\IEBar\xbietb.dll" [2009-12-15 413696]
    .
    [HKEY_CLASSES_ROOT\clsid\{6b896adb-4a82-46e2-858c-13134782ce34}]
    [HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{D4FB30ED-7DDB-4e2c-A7F2-C7B905D5D771}]
    [HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TaggedFrog"="c:\program files (x86)\TaggedFrog\TaggedFrog.exe" [2010-05-16 331776]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-09-26 17353352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
    .
    c:\users\Mbhkoay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    RBTray - Shortcut.lnk - c:\users\Mbhkoay\Desktop\Software\RB Tray\64bit\RBTray.exe [2011-5-16 48128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Shell"="c:\users\Mbhkoay\AppData\Local\b6aedd43\X"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
    Ime File REG_SZ SOGOUPY.IME
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 136176]
    R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [2007-05-28 33712]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
    R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
    R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-13 1431888]
    R3 GGSAFERDriver;GGSAFER Driver;c:\users\Mbhkoay\Desktop\Games\Garena\safedrv.sys [x]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-09-11 30192]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 X6va002;X6va002;c:\users\Mbhkoay\AppData\Local\Temp\0026981.tmp [x]
    R3 X6va003;X6va003;c:\users\Mbhkoay\AppData\Local\Temp\003167.tmp [x]
    R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    R4 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2011-07-18 9728]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-10-07 375176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
    S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe [2007-05-28 1053104]
    S2 MBAMService;MBAMService;c:\malware\Malware\mbamservice.exe [2011-08-31 366152]
    S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-09 86016]
    S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
    S2 SplashtopRemoteService;Splashtop? Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-08-17 518472]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
    S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-09-21 366408]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
    S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2011-02-07 86016]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    ‘&#35745;&#21010;&#20219;&#21153;’ &#25991;&#20214;&#22841; &#37324;&#30340;&#20869;&#23481;
    .
    2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 17:09]
    .
    2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 17:09]
    .
    2011-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059343724-861031093-4189790222-1000Core.job
    - c:\users\Mbhkoay\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 17:19]
    .
    2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059343724-861031093-4189790222-1000UA.job
    - c:\users\Mbhkoay\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 17:19]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
    "combofix"="c:\perishknight123\CF29809.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- &#32780;&#22806;&#30340;&#25195;&#25551; -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=English&ver=1.0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: Download all by FlashGet3 - c:\users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\Mbhkoay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\Mbhkoay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: &#20351;&#29992;&#24555;&#36710;3&#19979;&#36733; - c:\users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: &#20351;&#29992;&#24555;&#36710;3&#19979;&#36733;&#20840;&#37096;&#38142;&#25509; - c:\users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
    Trusted Zone: pps.tv
    Trusted Zone: ppstream.com
    Trusted Zone: webscache.com
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{40FFCAFA-121F-49CB-9DD7-C450DD22F3AE}: NameServer = 8.8.8.8,208.67.222.222
    TCP: Interfaces\{40FFCAFA-121F-49CB-9DD7-C450DD22F3AE}\D3E2D396C6C7: NameServer = 8.8.8.8,208.67.222.222
    .
    .
    ------- &#25991;&#20214;&#31867;&#22411; -------
    .
    .scr=Ecotect Script
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{6B896ADB-4A82-46E2-858C-13134782CE34} - (no file)
    ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
    "ImagePath"="\??\c:\users\Mbhkoay\AppData\Local\Temp\0026981.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
    "ImagePath"="\??\c:\users\Mbhkoay\AppData\Local\Temp\003167.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3059343724-861031093-4189790222-1000\Software\Microsoft\Internet Explorer\MenuExt\O(u&#38583;f?*N}&#24300;
    @="c:\\Users\\Mbhkoay\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
    "contexts"=dword:00000022
    .
    [HKEY_USERS\S-1-5-21-3059343724-861031093-4189790222-1000\Software\Microsoft\Internet Explorer\MenuExt\O(u&#38583;f?*N}&#24315;Q&#38016;&#59480;&#58985;]
    @="c:\\Users\\Mbhkoay\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
    "contexts"=dword:000000f3
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:b9,0b,c0,7a,20,35,f5,d4,aa,e1,be,01,10,74,66,b9,91,9a,37,30,e4,
    29,24,6b,12,9e,11,8a,41,e6,2c,46,c4,ae,01,6c,d7,0f,d9,a6,ef,41,0f,67,ba,9f,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:b9,0b,c0,7a,20,35,f5,d4,aa,e1,be,01,10,74,66,b9,91,9a,37,30,e4,
    29,24,6b,12,9e,11,8a,41,e6,2c,46,c4,ae,01,6c,d7,0f,d9,a6,ef,41,0f,67,ba,9f,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    &#23436;&#25104;&#26102;&#38388;: 2011-10-18 00:07:54 - &#30005;&#33041;&#24050;&#37325;&#26032;&#21551;&#21160;
    ComboFix-quarantined-files.txt 2011-10-17 16:07
    .
    Pre-Run: 232,950,657,024 bytes free
    Post-Run: 232,076,513,280 bytes free
    .
    - - End Of File - - 2FCB3F865E8AE82D7122CF70C200666E




    _________________________________(You can ignore this)
    Btw, is there any other methods to detect this type of virus? Seems to me like it detects the recent changes in the PC and filters out the normal files? (Not sure if I'm correct here)

    2nd question, does combofix solve other problems as well?
    _____________________________________________________
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,876
    a bit more to do

    this nasty has replaced windows explorer as youir shell log on with a trojan so we need to restore that as part of the clean up

    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

    This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

    at the end it will pop up an alert & open your browser and ask you to send the zip file

    please follow those instructions. We need to see the zip file before we can carry on with the fix

    If there is no pop up alert or open browser then

    please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

    Files to submit:
    the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

    or to
    http://www.bleepingcomputer.com/submit-malware.php?channel=38
     

    Attached Files:

  5. perishknight

    perishknight Thread Starter

    Joined:
    Oct 17, 2011
    Messages:
    5
    http://thespykiller.co.uk/index.php/topic,9821.msg38962.html#msg38962

    Submitted, not sure if the procedure is correct though. Tell me if anything is missing.
    Thx a lot dvk01, your help is much appreciated.

    ComboFix 11-10-17.02 - Mbhkoay 8/2011 Tue 6:33:47.2.8 - x64
    Microsoft Windows 7 Enterprise 6.1.7600.0.936.86.1033.18.8172.6062 [GMT 8:00]
    Ö´ÐÐλÖÃ: C:\Users\Mbhkoay\Desktop\perishknight123.exe
    Command switches used :: C:\Users\Mbhkoay\Desktop\CFScript.txt
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



    ((((((((((((((((((((((((((((((((((((((( ±»É¾³ýµÄµµ°¸ )))))))))))))))))))))))))))))))))))))))))))))))))


    c:\users\Mbhkoay\AppData\Local\b6aedd43
    c:\users\Mbhkoay\AppData\Local\b6aedd43\@
    c:\users\Mbhkoay\AppData\Local\b6aedd43\U\80000000.@
    c:\users\Mbhkoay\AppData\Local\b6aedd43\U\800000cb.@
    c:\users\Mbhkoay\AppData\Local\b6aedd43\X


    ((((((((((((((((((((((((( 2011-09-17 ÖÁ 2011-10-17 µÄеĵµ°¸ )))))))))))))))))))))))))))))))


    2011-10-17 22:37:40 . 2011-10-17 22:37:40 -------- d-----w- C:\Users\Teik\AppData\Local\temp
    2011-10-17 22:37:40 . 2011-10-17 22:37:40 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2011-10-17 15:28:10 . 2011-10-17 16:07:57 -------- d-----w- C:\perishknight123
    2011-10-17 11:23:25 . 2011-10-17 11:23:25 388096 ----a-r- C:\Users\Mbhkoay\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-10-17 10:25:33 . 2011-10-17 10:25:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-10-17 05:00:34 . 2011-10-17 05:00:34 -------- d-----w- C:\Malware
    2011-10-17 04:55:30 . 2011-10-17 04:55:30 -------- d-----w- C:\Users\Mbhkoay\AppData\Roaming\Malwarebytes
    2011-10-17 04:55:13 . 2011-10-17 04:55:13 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-17 04:55:10 . 2011-10-17 04:55:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-10-17 04:55:10 . 2011-08-31 09:00:50 25416 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2011-10-13 16:25:15 . 2011-10-13 16:25:15 -------- d-----w- C:\ProgramData\boost_interprocess
    2011-10-13 16:06:02 . 2011-10-13 16:06:02 -------- d-----w- C:\Autodesk
    2011-10-09 08:37:13 . 2011-10-09 08:37:13 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Calendar Clock
    2011-10-09 08:37:06 . 2011-10-09 08:37:06 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Tidbits_ Tech News
    2011-10-09 08:36:59 . 2011-10-09 08:36:59 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Universal RSS Reader
    2011-10-09 08:36:43 . 2011-10-09 08:36:43 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Agenda
    2011-10-09 08:35:14 . 2011-10-09 08:35:14 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Unite Media Player
    2011-10-09 08:35:05 . 2011-10-09 08:35:05 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\GuitarChords
    2011-10-09 08:34:44 . 2011-10-09 08:34:44 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Lava Lamp
    2011-10-09 08:34:19 . 2011-10-09 08:34:19 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\eBook Reader
    2011-10-09 08:33:59 . 2011-10-09 08:33:59 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\dotoo
    2011-10-09 08:33:42 . 2011-10-09 08:33:43 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Seesu
    2011-10-09 08:33:32 . 2011-10-09 08:33:32 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Google Translator
    2011-10-09 08:33:25 . 2011-10-09 08:33:25 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Artist's Sketchbook 1.65
    2011-10-05 03:31:33 . 2011-10-05 03:31:33 -------- d-----w- C:\ProgramData\ATI
    2011-10-05 03:31:32 . 2011-10-05 03:31:32 -------- d-----w- C:\Program Files (x86)\AMD APP
    2011-09-29 23:15:52 . 2011-08-29 08:00:00 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2011-09-29 23:15:52 . 2011-07-16 14:17:06 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
    2011-09-29 23:15:52 . 2011-06-24 14:44:30 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2011-09-29 23:15:52 . 2011-06-24 14:28:22 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
    2011-09-29 23:15:52 . 2011-06-15 15:03:10 3164160 ----a-w- C:\Windows\SysWow64\x264vfw.dll
    2011-09-29 23:15:52 . 2011-05-09 18:23:34 216064 ----a-w- C:\Windows\SysWow64\lagarith.dll
    2011-09-29 23:15:52 . 2008-09-24 18:41:12 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm
    2011-09-29 23:15:52 . 2006-10-18 18:05:16 232448 ----a-w- C:\Windows\SysWow64\mp3fhg.acm
    2011-09-29 23:15:52 . 2006-04-02 12:47:06 630784 ----a-w- C:\Windows\SysWow64\vp7vfw.dll
    2011-09-29 23:15:52 . 2004-05-18 18:16:42 39936 ----a-w- C:\Windows\SysWow64\huffyuv.dll
    2011-09-29 23:15:52 . 2001-02-25 01:19:46 287744 ----a-w- C:\Windows\SysWow64\divxa32.acm
    2011-09-29 23:15:51 . 2011-09-29 23:16:02 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
    2011-09-24 06:43:35 . 2011-09-24 06:43:35 -------- d-----w- C:\Users\Mbhkoay\AppData\Local\Chromium
    .


    (((((((((((((((((((((((((((((((((((((((( ÔÚÈý¸öÔÂÄÚ±»Ð޸ĵĵµ°¸ ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-10-16 10:04:17 . 2011-05-27 14:20:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-07 06:13:17 . 2011-04-06 19:28:43 87456 ----a-w- C:\Windows\system32\LMIRfsClientNP.dll
    2011-10-07 06:13:17 . 2011-04-06 19:28:43 34688 ----a-w- C:\Windows\system32\LMIport.dll
    2011-10-07 06:13:17 . 2011-04-06 19:28:40 80768 ----a-w- C:\Windows\system32\LMIinit.dll
    2011-09-14 03:47:42 . 2011-09-14 03:47:42 60416 ----a-w- C:\Windows\system32\OVDecode64.dll
    2011-09-14 03:47:40 . 2011-09-14 03:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-09-14 03:47:10 . 2011-09-14 03:47:10 16652288 ----a-w- C:\Windows\system32\amdocl64.dll
    2011-09-14 03:38:30 . 2011-09-14 03:38:30 44032 ----a-w- C:\Windows\system32\amdoclcl64.dll
    2011-09-14 03:38:28 . 2011-09-14 03:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
    2011-09-08 18:27:22 . 2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\system32\drivers\atikmdag.sys
    2011-09-08 17:59:44 . 2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\system32\atio6axx.dll
    2011-09-08 17:39:44 . 2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-09-08 17:34:20 . 2011-09-08 17:34:20 151552 ----a-w- C:\Windows\system32\atiapfxx.exe
    2011-09-08 17:34:10 . 2011-07-28 21:40:44 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-09-08 17:32:58 . 2010-09-29 01:54:02 862720 ----a-w- C:\Windows\system32\aticfx64.dll
    2011-09-08 17:30:38 . 2011-09-08 17:30:38 466944 ----a-w- C:\Windows\system32\ATIDEMGX.dll
    2011-09-08 17:30:26 . 2011-09-08 17:30:26 486912 ----a-w- C:\Windows\system32\atieclxx.exe
    2011-09-08 17:29:56 . 2011-09-08 17:29:56 204288 ----a-w- C:\Windows\system32\atiesrxx.exe
    2011-09-08 17:28:54 . 2011-09-08 17:28:54 120320 ----a-w- C:\Windows\system32\atitmm64.dll
    2011-09-08 17:28:38 . 2011-09-08 17:28:38 423424 ----a-w- C:\Windows\system32\atipdl64.dll
    2011-09-08 17:28:32 . 2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-09-08 17:28:22 . 2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-09-08 17:28:18 . 2011-09-08 17:28:18 21504 ----a-w- C:\Windows\system32\atimuixx.dll
    2011-09-08 17:28:14 . 2011-09-08 17:28:14 59392 ----a-w- C:\Windows\system32\atiedu64.dll
    2011-09-08 17:28:10 . 2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-09-08 17:24:38 . 2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-09-08 17:18:56 . 2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\system32\atiumd6v.dll
    2011-09-08 17:18:22 . 2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-09-08 17:18:08 . 2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\system32\atiumd6a.dll
    2011-09-08 17:16:00 . 2010-09-29 01:37:28 4944896 ----a-w- C:\Windows\system32\atidxx64.dll
    2011-09-08 17:09:42 . 2011-09-08 17:09:42 51200 ----a-w- C:\Windows\system32\aticalrt64.dll
    2011-09-08 17:09:40 . 2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-09-08 17:09:30 . 2011-09-08 17:09:30 44544 ----a-w- C:\Windows\system32\aticalcl64.dll
    2011-09-08 17:09:28 . 2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-09-08 17:09:18 . 2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\system32\aticaldd64.dll
    2011-09-08 17:08:24 . 2011-07-28 21:03:58 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-09-08 17:05:52 . 2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-09-08 17:05:44 . 2011-07-28 21:09:10 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-09-08 17:00:02 . 2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\system32\atiumd64.dll
    2011-09-08 16:59:48 . 2011-03-29 18:42:36 58880 ----a-w- C:\Windows\system32\coinst.dll
    2011-09-08 16:53:20 . 2011-09-08 16:53:20 381952 ----a-w- C:\Windows\system32\atiadlxx.dll
    2011-09-08 16:53:12 . 2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-09-08 16:52:58 . 2011-09-08 16:52:58 15360 ----a-w- C:\Windows\system32\atig6pxx.dll
    2011-09-08 16:52:56 . 2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-09-08 16:52:56 . 2011-09-08 16:52:56 13312 ----a-w- C:\Windows\system32\atiglpxx.dll
    2011-09-08 16:52:54 . 2011-09-08 16:52:54 39936 ----a-w- C:\Windows\system32\atig6txx.dll
    2011-09-08 16:52:46 . 2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-09-08 16:52:40 . 2011-09-08 16:52:40 310784 ----a-w- C:\Windows\system32\drivers\atikmpag.sys
    2011-09-08 16:52:00 . 2010-09-29 01:14:06 40960 ----a-w- C:\Windows\system32\atiuxp64.dll
    2011-09-08 16:51:54 . 2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-09-08 16:51:50 . 2011-09-08 16:51:50 38912 ----a-w- C:\Windows\system32\atiu9p64.dll
    2011-09-08 16:51:44 . 2011-07-28 20:53:00 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-09-08 16:51:12 . 2011-09-08 16:51:12 53248 ----a-w- C:\Windows\system32\drivers\ati2erec.dll
    2011-09-08 16:51:02 . 2011-09-08 16:51:02 54784 ----a-w- C:\Windows\system32\atimpc64.dll
    2011-09-08 16:51:02 . 2011-09-08 16:51:02 54784 ----a-w- C:\Windows\system32\amdpcom64.dll
    2011-09-08 16:50:54 . 2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-09-08 16:50:54 . 2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-08-24 12:19:10 . 2011-08-24 12:19:10 56320 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2011-08-24 12:18:30 . 2011-08-24 12:18:30 13601280 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-08-18 15:52:53 . 2010-06-24 03:33:56 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-08-16 00:48:40 . 2011-08-19 13:33:19 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7604F79-F86F-4186-8703-6AFF7CE49D6E}\mpengine.dll
    2011-08-07 15:21:04 . 2011-08-07 15:21:04 2690928 ----a-w- C:\Windows\SysWow64\SogouPY.ime
    2011-08-07 15:21:04 . 2011-03-12 03:18:00 4703088 ----a-w- C:\Windows\system32\SogouPY.ime
    2011-07-22 05:35:08 . 2011-08-18 19:42:07 1638912 ----a-w- C:\Windows\system32\mshtml.tlb
    2011-07-22 04:56:17 . 2011-08-18 19:42:07 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-21 10:49:07 . 2011-04-06 19:28:43 87456 ----a-w- C:\Windows\system32\LMIRfsClientNP.dll.000.bak
    2011-04-26 14:26:00 . 2011-04-26 13:23:51 1578056991 ----a-w- C:\Program Files (x86)\SilkroadOnline_GlobalOfficial_v1_298.exe


    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

    ---- Directory of c:\programdata\boost_interprocess ----



    ((((((((((((((((((((((((((((( SnapShot@2011-10-17_16.04.31 )))))))))))))))))))))))))))))))))))))))))

    - 2009-07-14 05:10:35 . 2011-10-17 09:58:20 32376 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10:35 . 2011-10-17 16:06:03 32376 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-03-29 20:47:21 . 2011-10-17 16:06:04 11718 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3059343724-861031093-4189790222-1000_UserData.bin
    - 2011-03-30 09:27:42 . 2011-10-17 15:38:53 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-30 09:27:42 . 2011-10-17 22:39:12 32768 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-03-30 09:27:42 . 2011-10-17 15:38:53 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-03-30 09:27:42 . 2011-10-17 22:39:12 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54:19 . 2011-10-17 22:39:12 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54:19 . 2011-10-17 15:38:53 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-03-29 21:32:22 . 2011-10-17 15:38:53 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-29 21:32:22 . 2011-10-17 22:39:13 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-29 21:32:22 . 2011-10-17 22:39:13 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-03-29 21:32:22 . 2011-10-17 15:38:53 32768 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-03-29 21:32:22 . 2011-10-17 15:38:53 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-29 21:32:22 . 2011-10-17 22:39:13 16384 C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-03-29 18:42:00 . 2011-10-17 15:38:58 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-29 18:42:00 . 2011-10-17 22:39:18 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-03-29 18:42:00 . 2011-10-17 15:38:58 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-29 18:42:00 . 2011-10-17 22:39:18 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-06 19:34:31 . 2011-10-17 22:37:47 8974 C:\Windows\system32\wdi\ERCQueuedResolutions.dat
    - 2011-03-29 20:44:28 . 2011-10-17 15:35:31 5791 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2011-03-29 20:44:28 . 2011-10-17 22:37:47 5791 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2011-10-17 22:38:32 . 2011-10-17 22:38:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-10-17 15:36:25 . 2011-10-17 15:36:25 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-10-17 22:38:32 . 2011-10-17 22:38:32 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-10-17 15:36:25 . 2011-10-17 15:36:25 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:12:52 . 2011-10-17 15:38:53 262144 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:12:52 . 2011-10-17 22:39:12 262144 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2011-03-29 21:32:22 . 2011-10-17 22:39:13 262144 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2011-03-29 21:32:22 . 2011-10-17 15:38:53 262144 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:01:48 . 2011-10-17 15:35:31 520440 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01:48 . 2011-10-17 22:37:47 520440 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 02:34:08 . 2011-10-17 15:47:37 10223616 C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34:08 . 2011-10-17 20:02:29 10223616 C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT

    ((((((((((((((((((((((((((((((((((((( ÖØÒªµÇÈëµã ))))))))))))))))))))))))))))))))))))))))))))))))))


    *×¢Òâ* ¿Õ°×ÓëºÏ·¨È±Ê¡µÇ¼½«²»»á±»ÏÔʾ
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{6B896ADB-4A82-46e2-858C-13134782CE34}"= "C:\Program Files (x86)\Xmlbar\Tudou Downloader\IEBar\xbietb.dll" [2009-12-15 07:21:40 413696]

    [HKEY_CLASSES_ROOT\clsid\{6b896adb-4a82-46e2-858c-13134782ce34}]
    [HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{D4FB30ED-7DDB-4e2c-A7F2-C7B905D5D771}]
    [HKEY_CLASSES_ROOT\XBIEBar.XBIEBarObj]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TaggedFrog"="C:\Program Files (x86)\TaggedFrog\TaggedFrog.exe" [2010-05-16 11:17:00 331776]
    "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2011-09-26 01:49:06 17353352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 15:54:20 283160]
    "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 06:27:50 343168]

    C:\Users\Mbhkoay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    RBTray - Shortcut.lnk - C:\Users\Mbhkoay\Desktop\Software\RB Tray\64bit\RBTray.exe [2011-5-16 48128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
    Ime File REG_SZ SOGOUPY.IME

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 05:16:28 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 06:27:14 138576]
    R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 17:09:08 136176]
    R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [2007-05-28 21:05:48 33712]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys [x]
    R3 athur;Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys [x]
    R3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;C:\Windows\system32\drivers\EagleX64.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-13 16:20:21 1431888]
    R3 GGSAFERDriver;GGSAFER Driver;C:\Users\Mbhkoay\Desktop\Games\Garena\safedrv.sys [x]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-09-11 09:54:40 30192]
    R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 17:09:08 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 02:25:22 30969208]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 13:34:24 4925184]
    R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 05:37:14 517096]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
    R3 X6va002;X6va002;C:\Users\Mbhkoay\AppData\Local\Temp\0026981.tmp [x]
    R3 X6va003;X6va003;C:\Users\Mbhkoay\AppData\Local\Temp\003167.tmp [x]
    R4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 04:55:28 64952]
    R4 NetBalancer Windows Service;NetBalancer Windows Service;C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2011-07-18 09:26:34 9728]
    S0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys [x]
    S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
    S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 08:18:52 52896]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 15:54:22 13336]
    S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-10-07 06:13:17 375176]
    S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 07:40:06 15928]
    S2 lxdf_device;lxdf_device;C:\Windows\system32\lxdfcoms.exe [2007-05-28 21:06:06 1053104]
    S2 MBAMService;MBAMService;C:\Malware\Malware\mbamservice.exe [2011-08-31 09:00:48 366152]
    S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-09 18:10:38 86016]
    S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 13:52:54 86016]
    S2 SplashtopRemoteService;Splashtop? Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-08-17 09:31:36 518472]
    S2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [x]
    S2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-09-21 08:27:04 366408]
    S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 15:52:05 2358656]
    S2 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2011-02-07 00:32:20 86016]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys [x]
    S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [x]
    S3 Nbdrv;NetBalancer;C:\Windows\system32\DRIVERS\nbdrv.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]


    ¡®¼Æ»®ÈÎÎñ¡¯ Îļþ¼Ð ÀïµÄÄÚÈÝ

    2011-10-17 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 17:09:09 . 2011-06-01 17:09:08]

    2011-10-17 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 17:09:09 . 2011-06-01 17:09:08]

    2011-10-16 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059343724-861031093-4189790222-1000Core.job
    - C:\Users\Mbhkoay\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 01:48:05 . 2011-08-04 17:19:47]

    2011-10-17 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3059343724-861031093-4189790222-1000UA.job
    - C:\Users\Mbhkoay\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-15 01:48:05 . 2011-08-04 17:19:47]


    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11:32:36 11545192]
    "LogMeIn GUI"="C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 07:40:06 57928]

    ------- ¶øÍâµÄɨÃè -------

    uLocal Page = C:\Windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=English&ver=1.0
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: Download all by FlashGet3 - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - C:\Users\Mbhkoay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - C:\Users\Mbhkoay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: ʹÓÿ쳵3ÏÂÔØ - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: ʹÓÿ쳵3ÏÂÔØÈ«²¿Á´½Ó - C:\Users\Mbhkoay\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
    Trusted Zone: pps.tv
    Trusted Zone: ppstream.com
    Trusted Zone: webscache.com
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{40FFCAFA-121F-49CB-9DD7-C450DD22F3AE}: NameServer = 8.8.8.8,208.67.222.222
    TCP: Interfaces\{40FFCAFA-121F-49CB-9DD7-C450DD22F3AE}\D3E2D396C6C7: NameServer = 8.8.8.8,208.67.222.222

    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{6B896ADB-4A82-46E2-858C-13134782CE34} - (no file)
    ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D} - (no file)



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="C:\Windows\system32\GameMon.des -service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
    "ImagePath"="\??\C:\Users\Mbhkoay\AppData\Local\Temp\0026981.tmp"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
    "ImagePath"="\??\C:\Users\Mbhkoay\AppData\Local\Temp\003167.tmp"

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3059343724-861031093-4189790222-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}]
    @="C:\\Users\\Mbhkoay\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
    "contexts"=dword:00000022

    [HKEY_USERS\S-1-5-21-3059343724-861031093-4189790222-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f3* N}hQèþ&#8221;¥c]
    @="C:\\Users\\Mbhkoay\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
    "contexts"=dword:000000f3

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:b9,0b,c0,7a,20,35,f5,d4,aa,e1,be,01,10,74,66,b9,91,9a,37,30,e4,
    29,24,6b,12,9e,11,8a,41,e6,2c,46,c4,ae,01,6c,d7,0f,d9,a6,ef,41,0f,67,ba,9f,\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:b9,0b,c0,7a,20,35,f5,d4,aa,e1,be,01,10,74,66,b9,91,9a,37,30,e4,
    29,24,6b,12,9e,11,8a,41,e6,2c,46,c4,ae,01,6c,d7,0f,d9,a6,ef,41,0f,67,ba,9f,\

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)

    ------------------------ ÆäËûÔËÐнø³Ì ------------------------

    C:\PROGRA~2\SOGOUI~1\600~1.607\SGTool.exe

    **************************************************************************

    Íê³Éʱ¼ä: 2011-10-18 06:42:28 - µçÄÔÒÑÖØÐÂÆô¶¯
    ComboFix-quarantined-files.txt 2011-10-17 22:42:28
    ComboFix2.txt 2011-10-17 16:07:54

    Pre-Run: 232,128,147,456 bytes free
    Post-Run: 231,833,964,544 bytes free

    - - End Of File - - 3BA3809A8D204459E790D84E6BF7A8DA
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,876
    I think we have got it all now BUT this is very badly detected by antiviruses & is one of the first 64 bit specific malwares
    About the only AV that seems to detect it so far is NOD so
    Run an online antivirus check from

    http://www.eset.com/online-scanner

    Befire you do that though please do this, so I can get copies of all the files we have deleted & make sure tha\t the AV companies do add them to detections

    can you please go to C:\qoobox & right click the quarantine folder, select send to compressed(zip) folders
    that will make a zipped copy of the quarantine folder
    then
    please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

    Just press new topic, fill in the needed details
    Use files for DVK01 as subject

    In the body of the post paste this

    combofix Quarantine folder from
    http://forums.techguy.org/virus-oth...ogle-misdirect-malware-opera.html#post8115535


    & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,876
    have the redirects stopped in opera now
     
  8. perishknight

    perishknight Thread Starter

    Joined:
    Oct 17, 2011
    Messages:
    5
    http://thespykiller.co.uk/index.php/topic,9822.new.html#new
    The files you requested seems to have some permission issues with the folder Backenv so I changed the permission.
    Besides that I used winrar for the compression though I set it to zip mode.

    Just back home from work, sorry for the late reply...
    The redirects seemed to have stopped.

    ESET Online scanner is up and scanning, for nearly two hours by now, found 27 infected files and seems to be moving quite slow, currently at 349664, still increasing as I post this.
    I was thinking about finishing the scan before posting but since it seems to be taking its time I'll just give you a heads up.
    Anyway I need to sleep as its 1.20a.m. here so I'll update you later today.
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,876
    I'll wait for the eset report to decide if we need to do more
     
  10. perishknight

    perishknight Thread Starter

    Joined:
    Oct 17, 2011
    Messages:
    5
    C:\Qoobox.zip multiple threats deleted - quarantined
    C:\$RECYCLE.BIN\S-1-5-21-3059343724-861031093-4189790222-1000\$R2U83W6.rar multiple threats deleted - quarantined
    C:\$RECYCLE.BIN\S-1-5-21-3059343724-861031093-4189790222-1000\$RLI8GFL.zip multiple threats deleted - quarantined
    C:\Program Files (x86)\EA\Bulletstorm\xlive.dll a variant of Win32/Packed.VMProtect.AAD trojan cleaned by deleting - quarantined
    C:\Program Files (x86)\EA\Bulletstorm\Binaries\Win32\xlive.dll a variant of Win32/Packed.VMProtect.AAD trojan cleaned by deleting - quarantined
    C:\Program Files (x86)\EA\Bulletstorm\Fairlight\xlive.dll a variant of Win32/Packed.VMProtect.AAD trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\[38]-Submit_2011-10-18_06.33.32.zip Win64/Sirefef.A trojan deleted - quarantined
    C:\Qoobox\Quarantine\C\Users\Mbhkoay\AppData\Local\b6aedd43\X.vir Win64/Sirefef.A trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir probably a variant of Win32/Agent.IKPFSXV trojan cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Games\Assassin's Creed 2\AssassinsCreed2.iso multiple threats deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Games\bulletstorm\Fairlight\xlive.dll a variant of Win32/Packed.VMProtect.AAD trojan cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\3ds max 8\sdsmax 8 software\vray150rc2full.rar probably a variant of Win32/Agent.ELMRYWD trojan deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\3ds max 8\sdsmax 8 software\www.51render.com\Keymaker.exe probably a variant of Win32/Agent.ELMRYWD trojan cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\@Autodesk 3dsMax v2011 Win32\Crack\xf-a2011-32bits.exe a variant of Win32/Keygen.BL application cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\@Autodesk 3dsMax v2011 Win32\Crack\xf-a2011-32bits.rar a variant of Win32/Keygen.BL application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\@Autodesk 3dsMax v2011 Win32\Crack\xf-a2011-64bits.exe a variant of Win32/Keygen.BL application cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\@Autodesk 3dsMax v2011 Win32\Crack\xf-a2011-64bits.rar a variant of Win32/Keygen.BL application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Adobe After Effects CS4 (Final) [RH]\AAE_CS4_[RH].rar probably a variant of Win32/Spy.Agent.FFETUNH trojan deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Extra keygen\ACS4MC-Keygen.EXE probably a variant of Win32/Spy.Agent.FFETUNH trojan cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Compressed\MemTurbo4.rar probably a variant of Win32/Injector.GFM trojan deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Crack\Kaygenarator.rar a variant of Win32/Keygen.BH application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Crack\keygen.exe a variant of Win32/Keygen.BH application cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Crack\windows7crack\bie_7install64.exe a variant of Win32/HackKMS.A application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Ecotect\ecotect2k10.iso a variant of Win32/Keygen.BL application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Ecotect\ecotect2k10.rar a variant of Win32/Keygen.BL application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Ecotect\Crack\xf-a2011-32bits.exe a variant of Win32/Keygen.BL application cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Ecotect\Crack\32-Bit\xf-a2010-X86.exe a variant of Win32/Keygen.BL application cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\FL studio\Image-Line.FL.Studio.ASSiGN.Edition.v10.0.0-ASSiGN\flstudio_10.0.exe Win32/OpenCandy application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Illustrator cs5\Adobe Illustrator CS5\New folder\1-9-CS5-PAT-CRA-KEY.rar multiple threats deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Illustrator cs5\Adobe Illustrator CS5\New folder\KEYGEN\keygen.exe a variant of Win32/Keygen.BH application cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Illustrator cs5\Adobe Illustrator CS5\New folder\KEYGEN\PATCH.exe a variant of Win32/Kryptik.OIJ trojan cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Illustrator cs5\Adobe Illustrator CS5\New folder\PATCH\PATCH.exe a variant of Win32/Kryptik.OIJ trojan cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\moviema\SoftonicDownloader_for_windows-movie-maker.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\premiere\AdbPrmreProCS5.5.v5.5x64C_ExpresShare.com.part1.rar a variant of Win32/Keygen.BH application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\premiere\Adobe.Premiere.Pro.CS5.5.v5.5.x64.Multilingual.Incl.Keymaker-CORE\keygen.exe a variant of Win32/Keygen.BH application cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Programs\dIDM-5.17-www.d60pc.com.rar Win32/HackTool.Patcher.A application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Programs\64bit cad\Autodesk_AutoCAD_2010_x32_x64\Autocad_2010_Keygen__32_and_64_Bit__-_RS.rar a variant of Win32/Keygen.BL application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Revit\rac2011.iso a variant of Win32/Keygen.BL application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Revit\Crack\xf-a2011-32bits.rar a variant of Win32/Keygen.BL application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Revit\Crack\xf-a2011-64bits.exe a variant of Win32/Keygen.BL application cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Desktop\Software\Revit\Crack\xf-a2011-64bits.rar a variant of Win32/Keygen.BL application deleted - quarantined
    C:\Users\Mbhkoay\Desktop\Software\sketchup\SketchUp 8\crack\google.sketchup.pro.8.0.3117-MPT.exe a variant of Win32/HackTool.Patcher.T application cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Music\DVDVideoSoft\Temp\Temp.exe Win32/Brontok.CO worm cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Music\Music - Albums\????\???????\???????.exe Win32/Brontok.CO worm cleaned by deleting - quarantined
    C:\Users\Mbhkoay\Music\transfer\1\??? - ??3\??? - ??3.exe Win32/Brontok.CO worm cleaned by deleting - quarantined
    D:\Transcend\autorun.inf INF/Autorun virus deleted - quarantined
    D:\Transcend\@Autodesk 3dsMax v2011 Win32\Crack\xf-a2011-32bits.exe a variant of Win32/Keygen.BL application cleaned by deleting - quarantined
    D:\Transcend\@Autodesk 3dsMax v2011 Win32\Crack\xf-a2011-32bits.rar a variant of Win32/Keygen.BL application deleted - quarantined
    D:\Transcend\@Autodesk 3dsMax v2011 Win32\Crack\xf-a2011-64bits.exe a variant of Win32/Keygen.BL application cleaned by deleting - quarantined
    D:\Transcend\@Autodesk 3dsMax v2011 Win32\Crack\xf-a2011-64bits.rar a variant of Win32/Keygen.BL application deleted - quarantined
    D:\Transcend\azam's file\acad2011 installer\1.CRACK_toxic_el\xf-a2011-64bits.exe a variant of Win32/Keygen.BL application cleaned by deleting - quarantined
    D:\Transcend\Interim 2 St Michaels\facade\East Elevation\East Elevation.exe Win32/Brontok.CO worm cleaned by deleting - quarantined
    D:\Transcend\Interim 2 St Michaels\St. Michael Institution\St. Michael Institution`.exe Win32/Brontok.CO worm cleaned by deleting - quarantined
    D:\Transcend\Interim 2 St Michaels\St.Michael\St.Michael`.exe Win32/Brontok.CO worm cleaned by deleting - quarantined
    D:\Transcend\Interim 2 St Michaels\St.Michael\New Folder\New Folder.exe Win32/Brontok.CO worm cleaned by deleting - quarantined
    D:\Transcend\kingston 17thaug\dIDM-5.17-www.d60pc.com.rar Win32/HackTool.Patcher.A application deleted - quarantined
    D:\Transcend\KOAY-PORTAL\Backup Set 2010-10-03 190000\Backup Files 2010-10-03 190000\Backup files 1.zip multiple threats deleted - quarantined
    D:\Transcend\teik\My Programs\Administration\unlocker1.8.7.exe Win32/Adware.ADON application deleted - quarantined
    D:\Transcend\teik\My Programs\Compression\WinRAR.v3.20\cr-wr320.exe probably a variant of Win32/Agent.IICJCIP trojan cleaned by deleting - quarantined
    D:\Transcend\teik\My Programs\Downloader\Internet.Download.Manager.v5.12.Incl.Patch.rar a variant of Win32/HackTool.Patcher.A application deleted - quarantined
    D:\Transcend\Ungrouped materials\dIDM-5.17-www.d60pc.com.rar Win32/HackTool.Patcher.A application deleted - quarantined
    D:\Transcend\Ungrouped materials\Kingston pendrive item\Koay\My Programs\reformat\unlocker1.8.7.exe Win32/Adware.ADON application deleted - quarantined



    Interesting, malware in the recycle bin? Qoobox and unlocker should be safe shouldn't it?
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,876
    That all looks ok but you do have a plethora of cracks which nakes another infection extremely likely
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1022670