Packed.protexor!gen1

Inactive
By Agung Coriandri
Aug 26, 2012
Topic Status:
Not open for further replies.
  1. Hi,
    I'm using Windows 7 Ultimate and My Symantec reported that the computer is infected by packed.protexor!gen1.
    When I scanned using Symantec Power Eraser Tools, it indicated that file called ALSysIO.sys is the caused but the tools could not fixed.

    Enclosed is the reports:
    =====================================
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.25.07

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Agung choliadri :: AGC-ARAFAHNET [administrator]

    8/26/2012 11:02:33 AM
    mbam-log-2012-08-26 (11-02-33).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 295612
    Time elapsed: 12 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\Users\Agung choliadri\Downloads\etypesetup (1).exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
    C:\Users\Agung choliadri\Downloads\etypesetup (2).exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
    C:\Users\Agung choliadri\Downloads\etypesetup (3).exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
    C:\Users\Agung choliadri\Downloads\etypesetup (4).exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
    C:\Users\Agung choliadri\Downloads\etypesetup (5).exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
    C:\Users\Agung choliadri\Downloads\etypesetup.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.

    (end)

    =================================
  2. Agung Coriandri

    Agung Coriandri Newcomer, in training Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-26 12:01:50
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1200BEVS-22RST0 rev.04.01G04
    Running: lqkj0kom.exe; Driver: C:\Users\AGUNGC~1\AppData\Local\Temp\aflcrkow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8696A2F0 ZwAlertResumeThread
    SSDT 86784098 ZwAlertThread
    SSDT 86797788 ZwAllocateVirtualMemory
    SSDT 867358B0 ZwConnectPort
    SSDT 867E4080 ZwCreateMutant
    SSDT 867CF0B0 ZwCreateThread
    SSDT 867B40A0 ZwFreeVirtualMemory
    SSDT 8607E928 ZwImpersonateAnonymousToken
    SSDT 869853C0 ZwImpersonateThread
    SSDT 867CC578 ZwMapViewOfSection
    SSDT 868FAB10 ZwOpenEvent
    SSDT 867D50B0 ZwOpenProcessToken
    SSDT 868009B8 ZwOpenThreadToken
    SSDT \??\C:\Windows\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0x8B972880]
    SSDT 867BBBF8 ZwResumeThread
    SSDT 8693B5E0 ZwSetContextThread
    SSDT 867D8D78 ZwSetInformationProcess
    SSDT 867FABD8 ZwSetInformationThread
    SSDT 867390C0 ZwSuspendProcess
    SSDT 869430D0 ZwSuspendThread
    SSDT 8673DBE8 ZwTerminateProcess
    SSDT 867DB070 ZwTerminateThread
    SSDT 867F70B0 ZwUnmapViewOfSection
    SSDT 8679F448 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E893C9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82EC9D90 8 Bytes [F0, A2, 96, 86, 98, 40, 78, ...]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82EC9DA8 4 Bytes [88, 77, 79, 86]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82EC9E48 4 Bytes [B0, 58, 73, 86] {MOV AL, 0x58; JAE 0xffffffffffffff8a}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82EC9E84 4 Bytes [80, 40, 7E, 86] {ADD BYTE [EAX+0x7e], 0x86}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82EC9EB8 4 Bytes [B0, F0, 7C, 86] {MOV AL, 0xf0; JL 0xffffffffffffff8a}
    .text ...
    PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B96F8000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B96F8123 629 Bytes [35, 6F, B9, FE, 05, 34, 35, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 5329 B96F8399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 538F B96F83FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 543B B96F84AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
    PAGE ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[4900] ntdll.dll!LdrGetProcedureAddress + 26 77532239 7 Bytes JMP 6308B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4900] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75CB93D6 7 Bytes JMP 6333B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4900] kernel32.dll!QueryPerformanceCounter + 13 75CBC435 7 Bytes JMP 6333B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4900] GDI32.dll!GetViewportOrgEx + 26C 75C2884B 7 Bytes JMP 6333B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5168] USER32.dll!GetWindowInfo 77644B5E 5 Bytes JMP 6320BACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5168] USER32.dll!ToUnicodeEx + 71 77652223 7 Bytes JMP 6320C0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateFile + 6 775155CE 4 Bytes [28, 00, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateFile + B 775155D3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateKey + 6 7751560E 4 Bytes [68, 01, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateKey + B 77515613 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateMutant + 6 7751564E 4 Bytes [68, 02, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateMutant + B 77515653 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateSection + 6 775156EE 4 Bytes [A8, 02, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateSection + B 775156F3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtMapViewOfSection + 6 77515C2E 4 Bytes CALL 76516337 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtMapViewOfSection + B 77515C33 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenFile + 6 77515CDE 4 Bytes [68, 00, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenFile + B 77515CE3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenKey + 6 77515D0E 4 Bytes [A8, 01, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenKey + B 77515D13 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenKeyEx + 6 77515D1E 4 Bytes CALL 76516424 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenKeyEx + B 77515D23 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenMutant + 6 77515D5E 4 Bytes [28, 02, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenMutant + B 77515D63 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcess + 6 77515D8E 1 Byte [68]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcess + 6 77515D8E 4 Bytes [68, 03, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcess + B 77515D93 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcessToken + 6 77515D9E 1 Byte [A8]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcessToken + 6 77515D9E 4 Bytes [A8, 03, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcessToken + B 77515DA3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcessTokenEx + 6 77515DAE 4 Bytes [68, 04, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcessTokenEx + B 77515DB3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenSection + 6 77515DCE 4 Bytes CALL 765164D5 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenSection + B 77515DD3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThread + 6 77515E0E 1 Byte [28]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThread + 6 77515E0E 4 Bytes [28, 03, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThread + B 77515E13 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThreadToken + 6 77515E1E 4 Bytes [28, 04, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThreadToken + B 77515E23 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThreadTokenEx + 6 77515E2E 4 Bytes [A8, 04, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThreadTokenEx + B 77515E33 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtQueryAttributesFile + 6 77515F3E 4 Bytes [A8, 00, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtQueryAttributesFile + B 77515F43 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtQueryFullAttributesFile + 6 77515FEE 4 Bytes CALL 765166F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtQueryFullAttributesFile + B 77515FF3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtSetInformationFile + 6 7751663E 4 Bytes [28, 01, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtSetInformationFile + B 77516643 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtSetInformationThread + 6 7751669E 1 Byte [E8]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtSetInformationThread + 6 7751669E 4 Bytes CALL 76516DA6 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtSetInformationThread + B 775166A3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtUnmapViewOfSection + 6 775169BE 4 Bytes [28, 05, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtUnmapViewOfSection + B 775169C3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] kernel32.dll!CreateProcessW 75C7204D 5 Bytes JMP 00010030
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] kernel32.dll!CreateProcessA 75C72082 5 Bytes JMP 00010070
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!DeleteObject 75C25F14 5 Bytes JMP 001101B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SelectObject 75C26640 5 Bytes JMP 001105F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetTextColor 75C26906 5 Bytes JMP 001109F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetBkMode 75C269B1 5 Bytes JMP 001108B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!DeleteDC 75C26EAA 5 Bytes JMP 00110170
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetDeviceCaps 75C26F7F 5 Bytes JMP 001103B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!ExtSelectClipRgn 75C27114 5 Bytes JMP 001102F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SelectClipRgn 75C27242 5 Bytes JMP 001105B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetStretchBltMode 75C27705 5 Bytes JMP 00110670
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetCurrentObject 75C27917 5 Bytes JMP 00110370
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextMetricsW 75C27B8F 5 Bytes JMP 00110DF0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextAlign 75C27DAF 5 Bytes JMP 00110D30
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!IntersectClipRect 75C27DFE 5 Bytes JMP 001103F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!ExtTextOutW 75C28192 5 Bytes JMP 00110930
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetTextAlign 75C2828E 5 Bytes JMP 001109B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetClipBox 75C28525 5 Bytes JMP 00110330
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!MoveToEx 75C28C21 5 Bytes JMP 00110470
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!StretchDIBits 75C2A53E 5 Bytes JMP 00110730
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!RestoreDC 75C2A67B 5 Bytes JMP 00110530
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SaveDC 75C2A74B 5 Bytes JMP 00110570
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextExtentPoint32W 75C2B4B5 5 Bytes JMP 00110630
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextFaceW 75C2B73A 2 Bytes JMP 00110CF0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextFaceW + 3 75C2B73D 2 Bytes [4E, 8A]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetFontData 75C2BCC4 5 Bytes JMP 00110C30
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetWorldTransform 75C2C90A 5 Bytes JMP 001106B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!CreateDCA 75C2CCA9 5 Bytes JMP 001100B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!CreateDCW 75C2CF79 5 Bytes JMP 001100F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!CreateICW 75C2CFD0 5 Bytes JMP 00110130
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextMetricsA 75C2D0F2 5 Bytes JMP 00110DB0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!Rectangle 75C2F1FF 5 Bytes JMP 00110970
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!LineTo 75C2F59B 5 Bytes JMP 00110430
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetICMMode 75C2FAA4 5 Bytes JMP 00110D70
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!ExtTextOutA 75C303F9 5 Bytes JMP 001108F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!ExtEscape 75C32949 5 Bytes JMP 001102B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!Escape 75C33939 5 Bytes JMP 00110270
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextFaceA 75C33E6A 5 Bytes JMP 00110CB0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetPolyFillMode 75C3D851 5 Bytes JMP 00110AF0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetMiterLimit 75C3DA0D 5 Bytes JMP 00110B30
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!EndPage 75C400D7 5 Bytes JMP 00110230
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!ResetDCW 75C4050D 5 Bytes JMP 00110A70
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetGlyphOutlineW 75C4C1BA 5 Bytes JMP 00110C70
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!CreateScalableFontResourceW 75C4E817 5 Bytes JMP 00110B70
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!AddFontResourceW 75C4EC13 5 Bytes JMP 00110BB0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!RemoveFontResourceW 75C4F109 5 Bytes JMP 00110BF0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!AbortDoc 75C54C63 5 Bytes JMP 00110030
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!EndDoc 75C550AA 5 Bytes JMP 001101F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!StartPage 75C55195 5 Bytes JMP 001106F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!StartDocW 75C55BB0 5 Bytes JMP 001107B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!BeginPath 75C5635D 5 Bytes JMP 001107F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SelectClipPath 75C563B4 5 Bytes JMP 00110AB0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!CloseFigure 75C5640F 5 Bytes JMP 00110070
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!EndPath 75C56466 5 Bytes JMP 00110A30
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!StrokePath 75C56699 5 Bytes JMP 00110770
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!FillPath 75C56726 5 Bytes JMP 00110830
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!PolylineTo 75C56B94 5 Bytes JMP 001104F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!PolyBezierTo 75C56C25 5 Bytes JMP 001104B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!PolyDraw 75C56CD7 5 Bytes JMP 00110870
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!ActivateKeyboardLayout 77638203 5 Bytes JMP 001204F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!ScreenToClient 7763A506 7 Bytes JMP 00120670
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!RegisterClipboardFormatA 7763C091 5 Bytes JMP 001202F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!RegisterClipboardFormatW 7763DF8D 5 Bytes JMP 001202B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!SetCursor 77643075 5 Bytes JMP 00120530
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!MonitorFromWindow 77643622 7 Bytes JMP 00120630
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!PostMessageW 7764447B 5 Bytes JMP 001205F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!IsWindowVisible 77644D69 7 Bytes JMP 001206B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClientRect 776454DD 7 Bytes JMP 001205B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!MapWindowPoints 77645CAA 5 Bytes JMP 00120570
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetParent 77646029 7 Bytes JMP 001206F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!EmptyClipboard 7765290C 5 Bytes JMP 00120130
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!SetClipboardData 77652962 5 Bytes JMP 00120170
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClipboardData 77652BA7 5 Bytes JMP 00120030
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClipboardFormatNameW 77655FD2 5 Bytes JMP 00120230
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!SetClipboardViewer 77656FF6 5 Bytes JMP 001204B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClipboardFormatNameA 7765700A 5 Bytes JMP 00120270
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!ChangeClipboardChain 7766147C 5 Bytes JMP 00120430
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetTopWindow 776624D9 7 Bytes JMP 00120730
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!CloseClipboard 7766446C 5 Bytes JMP 001200B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!OpenClipboard 7766447E 5 Bytes JMP 00120070
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!IsClipboardFormatAvailable 776644FF 5 Bytes JMP 001200F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClipboardSequenceNumber 77664513 5 Bytes JMP 00120330
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClipboardOwner 77664525 5 Bytes JMP 00120370
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!CountClipboardFormats 7766470A 5 Bytes JMP 001201F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!EnumClipboardFormats 776647EC 5 Bytes JMP 001201B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetOpenClipboardWindow 7766480B 5 Bytes JMP 001203F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!SetCursorPos 7767C1B0 5 Bytes JMP 00120770
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClipboardViewer 77694AF7 5 Bytes JMP 00120470
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetPriorityClipboardFormat 77694BF9 5 Bytes JMP 001203B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ole32.dll!OleSetClipboard 77270045 5 Bytes JMP 00130030
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ole32.dll!OleIsCurrentClipboard 772736B2 5 Bytes JMP 00130070
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ole32.dll!OleGetClipboard 7729FDCD 5 Bytes JMP 001300B0

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741B24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7419562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741956EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741B2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741A85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741A4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741A5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741A51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741A6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741A8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741A8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741A90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741AE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741A4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3248] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7556FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3248] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7556FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3248] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7556FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3248] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7556FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7556FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010090
    IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00120790
    IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 001207D0
    IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010090
    IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010090

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\ACPI_HAL \Device\00000061 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----

    =====================================================
  3. Agung Coriandri

    Agung Coriandri Newcomer, in training Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
    Run by Agung choliadri at 12:08:21 on 2012-08-26
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1670 [GMT 7:00]
    .
    AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    C:\Windows\system32\Dwm.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    D:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Windows\system32\FortiSSLVPNdaemon.exe
    C:\ProgramData\DatacardService\HWDeviceService.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Logitech\ScrollApp\KhalScroll.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    D:\Program Files\Evernote\Evernote\EvernoteClipper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = hxxp://id.yahoo.com
    uInternet Settings,ProxyServer = 10.8.7.13:8080
    uInternet Settings,ProxyOverride = <local>;*.local
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - d:\program files\internet download manager\IDMIECC.dll
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Logitech Scroll App: {e11db59d-5008-42ff-9069-535843bc0be1} - c:\program files\logitech\scrollapp\LogiSmooth.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
    uRun: [Facebook Update] "c:\users\agung choliadri\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [LogiScrollApp] c:\program files\logitech\scrollapp\KhalScroll.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\agungc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\agung choliadri\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\users\agungc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - d:\program files\evernote\evernote\EvernoteClipper.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Evernote 4.0 - d:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: Download all links with IDM - d:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - d:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://d:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: DhcpNameServer = 61.247.0.4 202.73.99.4 61.247.0.2
    TCP: Interfaces\{E8167A6A-FD79-4B17-9473-53DC6C206496} : DhcpNameServer = 61.247.0.4 202.73.99.4 61.247.0.2
    TCP: Interfaces\{E8167A6A-FD79-4B17-9473-53DC6C206496}\144594F5C494E4B435953523 : DhcpNameServer = 10.8.8.11 10.8.8.15
    TCP: Interfaces\{E8167A6A-FD79-4B17-9473-53DC6C206496}\C696E6B6379737 : DhcpNameServer = 202.73.99.2 61.247.0.4 202.73.99.4
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\agung choliadri\appdata\roaming\mozilla\firefox\profiles\k9py4xjs.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=1700&gct=hp
    FF - prefs.js: network.proxy.ftp - 10.8.7.13
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.http - 10.8.7.13
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - 10.8.7.13
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - 10.8.7.13
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\fortinet\sslvpnclient\npccplugin.dll
    FF - plugin: c:\program files\fortinet\sslvpnclient\nptcplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\users\agung choliadri\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\users\agung choliadri\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\users\agung choliadri\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    FF - plugin: d:\program files\videolan\vlc\npvlc.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
    R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [2009-9-17 703080]
    R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
    R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-10-25 89376]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-26 106656]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-8-30 73216]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-2 42648]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-2 12184]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
    R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2009-7-21 36384]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-29 116648]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
    S2 TELKOMSELFlash. RunOuc;TELKOMSELFlash. OUC;c:\program files\telkomselflash\updatedog\ouc.exe [2011-8-30 218624]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250568]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-8-30 102784]
    S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2011-8-30 353280]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-29 116648]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 113120]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-1 15872]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-21 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-08-26 05:03:00 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d121d0f9-9277-4297-bde3-f957d0d3ed58}\offreg.dll
    2012-08-26 05:02:16 7023536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d121d0f9-9277-4297-bde3-f957d0d3ed58}\mpengine.dll
    2012-08-26 03:35:57 -------- d-----w- c:\users\agung choliadri\appdata\roaming\Malwarebytes
    2012-08-26 03:35:30 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-26 03:35:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-25 19:26:24 7023536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-08-21 01:55:31 -------- d-----w- c:\users\agung choliadri\appdata\roaming\SPE
    2012-08-18 14:45:07 -------- d-----w- c:\programdata\Kaspersky Lab
    2012-08-18 14:04:03 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-08-18 12:41:01 98816 ----a-w- c:\windows\sed.exe
    2012-08-18 12:41:01 518144 ----a-w- c:\windows\SWREG.exe
    2012-08-18 12:41:01 256000 ----a-w- c:\windows\PEV.exe
    2012-08-18 12:41:01 208896 ----a-w- c:\windows\MBR.exe
    2012-08-15 06:41:23 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-08-15 06:41:22 102912 ----a-w- c:\windows\system32\browser.dll
    2012-08-15 06:41:21 41984 ----a-w- c:\windows\system32\browcli.dll
    2012-08-15 06:41:20 769024 ----a-w- c:\windows\system32\localspl.dll
    2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2012-08-24 16:50:56 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-24 16:50:55 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-30 05:16:18 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
    2012-07-02 11:24:21 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-07-02 11:24:21 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-06 13:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-03 03:41:19 127 ----a-w- c:\windows\system32\ActiveFax.Cmd
    2012-06-03 03:41:15 90112 ----a-w- c:\windows\system32\ActMonRe.dll
    2012-06-03 03:41:15 451776 ----a-w- c:\windows\system32\ActMonNT.dll
    2012-06-03 03:41:11 83136 ----a-w- c:\windows\UIActFax.exe
    2012-06-03 03:41:11 69632 ----a-w- c:\windows\UIActFax.dll
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 08:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 08:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
    .
    ============= FINISH: 12:08:42.83 ===============
  4. Agung Coriandri

    Agung Coriandri Newcomer, in training Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/21/2011 4:23:10 PM
    System Uptime: 8/26/2012 11:34:05 AM (1 hours ago)
    .
    Motherboard: Acer | | Volvi
    Processor: Intel(R) Core(TM) Duo CPU T2450 @ 2.00GHz | U2E1 | 2000/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 44 GiB total, 17.81 GiB free.
    D: is FIXED (NTFS) - 68 GiB total, 47.44 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 4.65
    ACDSee Photo Manager 2009
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X (10.1.4)
    Agent Ransack 2010
    Al Quran Digital 2.1
    BitTorrent
    BlackBerry Desktop Software 6.1
    Bonjour
    Canon Utilities EOS Utility
    CCleaner
    Corel Graphics - Windows Shell Extension
    CorelDRAW Graphics Suite X5
    CorelDRAW Graphics Suite X5 - Capture
    CorelDRAW Graphics Suite X5 - Common
    CorelDRAW Graphics Suite X5 - Connect
    CorelDRAW Graphics Suite X5 - Custom Data
    CorelDRAW Graphics Suite X5 - Draw
    CorelDRAW Graphics Suite X5 - EN
    CorelDRAW Graphics Suite X5 - Filters
    CorelDRAW Graphics Suite X5 - FontNav
    CorelDRAW Graphics Suite X5 - IPM
    CorelDRAW Graphics Suite X5 - PHOTO-PAINT
    CorelDRAW Graphics Suite X5 - Photozoom Plugin
    CorelDRAW Graphics Suite X5 - Redist
    CorelDRAW Graphics Suite X5 - Setup Files
    CorelDRAW Graphics Suite X5 - VBA
    CorelDRAW Graphics Suite X5 - VideoBrowser
    CorelDRAW Graphics Suite X5 - VSTA
    CorelDRAW Graphics Suite X5 - WT
    CorelDRAW(R) Graphics Suite X5
    Doro 1.45
    Dropbox
    EPSON Stylus T11 Series Printer Uninstall
    eReg
    Evernote v. 4.5.7
    Extreme Racers
    Facebook Video Calling 1.2.0.159
    FinePrint
    Folder Size for Windows
    FortiClient SSL VPN v4.0.2073
    Fruit Ninja HD
    Google Chrome
    Google Drive
    Google Update Helper
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Intel(R) Graphics Media Accelerator Driver
    Internet Download Manager
    Internet TV for Windows Media Center
    Java Auto Updater
    Java(TM) 6 Update 33
    JDownloader 0.9
    Kart Rider
    LiveUpdate 3.3 (Symantec Corporation)
    Logitech Scroll App 3.0
    Logitech SetPoint 6.32
    Magic ISO Maker v5.5 (build 0281)
    Malwarebytes Anti-Malware version 1.62.0.1300
    MediaInfo 0.7.47
    Medieval CUE Splitter
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Rise Of Nations
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mp3tag v2.51
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Notepad++
    PDF Settings CS5
    Petualangan Taro Jelajah Indonesia
    Photo to Cartoon
    Quran in Word Ver 1.3
    Return to Castle Wolfenstein
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.8
    Snagit 10.0.1
    Subtitle Workshop 2.51
    Symantec Endpoint Protection
    TELKOMSELFlash
    TeraCopy 2.12
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
    Visual Basic for Applications (R) Core
    Visual Basic for Applications (R) Core - English
    VLC media player 2.0.2
    Winamp
    Winamp Detector Plug-in
    Windows Media Player Firefox Plugin
    WinMerge 2.12.4
    winpcap-overlook 4.02
    WinRAR 4.01 (32-bit)
    WinX DVD Ripper Platinum 6.8.1
    Yahoo! Install Manager
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/26/2012 5:03:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/26/2012 4:26:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/26/2012 11:38:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv szkg5 szkgfs
    8/26/2012 11:37:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TELKOMSELFlash. OUC service to connect.
    8/26/2012 11:37:33 AM, Error: Service Control Manager [7000] - The TELKOMSELFlash. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/26/2012 11:24:59 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    8/26/2012 11:22:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0x9d013250, 0x00000000, 0xc0000001, 0x001003fc). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082612-83554-01.
    8/26/2012 10:53:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/25/2012 8:19:32 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/25/2012 8:03:59 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    8/25/2012 8:03:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/25/2012 8:03:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/25/2012 8:03:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/25/2012 8:03:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/25/2012 8:03:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl is3srv MpFilter SPBBCDrv spldr SRTSP SRTSPX SYMTDI szkg5 szkgfs Wanarpv6
    8/25/2012 7:52:20 AM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
    8/25/2012 1:08:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/24/2012 8:46:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/24/2012 8:44:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    8/24/2012 8:07:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/24/2012 7:33:52 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/24/2012 6:59:45 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/24/2012 6:57:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
    8/24/2012 6:53:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/24/2012 6:14:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/24/2012 6:09:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/24/2012 11:55:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SmcService service.
    8/24/2012 11:48:18 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    8/24/2012 11:45:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
    8/24/2012 11:45:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    8/24/2012 11:45:21 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    8/24/2012 11:40:38 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    8/24/2012 11:35:18 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Virut.gen!epo&threatid=2147656893 Name: Virus:Win32/Virut.gen!epo ID: 2147656893 Severity: Severe Category: Virus Path: file:_C:\ProgramData\Symantec\SRTSP\Quarantine\APQ1746.tmp Detection Origin: Local machine Detection Type: Generic Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Clean Action Status: No additional actions required Error Code: 0x8007007f Error description: The specified procedure could not be found. Signature Version: AV: 1.133.248.0, AS: 1.133.248.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8703.0, NIS: 0.0.0.0
    8/24/2012 11:32:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/24/2012 11:32:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/24/2012 11:32:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl is3srv MpFilter NetBIOS NetBT nsiproxy Psched rdbss SPBBCDrv spldr SRTSP SRTSPX SYMTDI szkg5 szkgfs tdx Wanarpv6 WfpLwf WPS ws2ifsl
    8/24/2012 11:32:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/24/2012 11:32:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/24/2012 11:32:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/24/2012 11:32:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/24/2012 11:32:14 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/24/2012 11:32:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/24/2012 11:32:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/24/2012 11:32:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    8/24/2012 11:32:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/24/2012 11:32:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/24/2012 11:32:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/23/2012 6:28:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/23/2012 6:17:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/23/2012 5:43:46 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/23/2012 5:09:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/23/2012 4:37:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/23/2012 4:26:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/23/2012 10:25:11 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    8/22/2012 8:13:52 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/22/2012 7:39:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/22/2012 7:05:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/20/2012 10:42:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0x9b2ba008, 0x00000001, 0xc0000001, 0x0010040c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082012-80153-01.
    8/19/2012 9:50:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/19/2012 9:37:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/19/2012 9:29:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    8/19/2012 7:07:15 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
    8/19/2012 10:19:39 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 45,309   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    You're running two AV programs, Norton and MSE.
    You must uninstall one of them.
    If Norton use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    Next....

    Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    ========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.