Inactive Packed.protexor!gen1

[Agung Coriandri]

Hi,
I'm using Windows 7 Ultimate and My Symantec reported that the computer is infected by packed.protexor!gen1.
When I scanned using Symantec Power Eraser Tools, it indicated that file called ALSysIO.sys is the caused but the tools could not fixed.

Enclosed is the reports:
=====================================
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Agung choliadri :: AGC-ARAFAHNET [administrator]

8/26/2012 11:02:33 AM
mbam-log-2012-08-26 (11-02-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295612
Time elapsed: 12 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Agung choliadri\Downloads\etypesetup (1).exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
C:\Users\Agung choliadri\Downloads\etypesetup (2).exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
C:\Users\Agung choliadri\Downloads\etypesetup (3).exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
C:\Users\Agung choliadri\Downloads\etypesetup (4).exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
C:\Users\Agung choliadri\Downloads\etypesetup (5).exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
C:\Users\Agung choliadri\Downloads\etypesetup.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.

(end)

=================================

 

[Agung Coriandri]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-26 12:01:50
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1200BEVS-22RST0 rev.04.01G04
Running: lqkj0kom.exe; Driver: C:\Users\AGUNGC~1\AppData\Local\Temp\aflcrkow.sys


---- System - GMER 1.0.15 ----

SSDT 8696A2F0 ZwAlertResumeThread
SSDT 86784098 ZwAlertThread
SSDT 86797788 ZwAllocateVirtualMemory
SSDT 867358B0 ZwConnectPort
SSDT 867E4080 ZwCreateMutant
SSDT 867CF0B0 ZwCreateThread
SSDT 867B40A0 ZwFreeVirtualMemory
SSDT 8607E928 ZwImpersonateAnonymousToken
SSDT 869853C0 ZwImpersonateThread
SSDT 867CC578 ZwMapViewOfSection
SSDT 868FAB10 ZwOpenEvent
SSDT 867D50B0 ZwOpenProcessToken
SSDT 868009B8 ZwOpenThreadToken
SSDT \??\C:\Windows\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory [0x8B972880]
SSDT 867BBBF8 ZwResumeThread
SSDT 8693B5E0 ZwSetContextThread
SSDT 867D8D78 ZwSetInformationProcess
SSDT 867FABD8 ZwSetInformationThread
SSDT 867390C0 ZwSuspendProcess
SSDT 869430D0 ZwSuspendThread
SSDT 8673DBE8 ZwTerminateProcess
SSDT 867DB070 ZwTerminateThread
SSDT 867F70B0 ZwUnmapViewOfSection
SSDT 8679F448 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E893C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC2D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82EC9D90 8 Bytes [F0, A2, 96, 86, 98, 40, 78, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82EC9DA8 4 Bytes [88, 77, 79, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82EC9E48 4 Bytes [B0, 58, 73, 86] {MOV AL, 0x58; JAE 0xffffffffffffff8a}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82EC9E84 4 Bytes [80, 40, 7E, 86] {ADD BYTE [EAX+0x7e], 0x86}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82EC9EB8 4 Bytes [B0, F0, 7C, 86] {MOV AL, 0xf0; JL 0xffffffffffffff8a}
.text ...
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B96F8000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B96F8123 629 Bytes [35, 6F, B9, FE, 05, 34, 35, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 B96F8399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F B96F83FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B B96F84AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[4900] ntdll.dll!LdrGetProcedureAddress + 26 77532239 7 Bytes JMP 6308B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4900] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75CB93D6 7 Bytes JMP 6333B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4900] kernel32.dll!QueryPerformanceCounter + 13 75CBC435 7 Bytes JMP 6333B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4900] GDI32.dll!GetViewportOrgEx + 26C 75C2884B 7 Bytes JMP 6333B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5168] USER32.dll!GetWindowInfo 77644B5E 5 Bytes JMP 6320BACC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5168] USER32.dll!ToUnicodeEx + 71 77652223 7 Bytes JMP 6320C0F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateFile + 6 775155CE 4 Bytes [28, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateFile + B 775155D3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateKey + 6 7751560E 4 Bytes [68, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateKey + B 77515613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateMutant + 6 7751564E 4 Bytes [68, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateMutant + B 77515653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateSection + 6 775156EE 4 Bytes [A8, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtCreateSection + B 775156F3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtMapViewOfSection + 6 77515C2E 4 Bytes CALL 76516337 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtMapViewOfSection + B 77515C33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenFile + 6 77515CDE 4 Bytes [68, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenFile + B 77515CE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenKey + 6 77515D0E 4 Bytes [A8, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenKey + B 77515D13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenKeyEx + 6 77515D1E 4 Bytes CALL 76516424 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenKeyEx + B 77515D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenMutant + 6 77515D5E 4 Bytes [28, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenMutant + B 77515D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcess + 6 77515D8E 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcess + 6 77515D8E 4 Bytes [68, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcess + B 77515D93 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcessToken + 6 77515D9E 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcessToken + 6 77515D9E 4 Bytes [A8, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcessToken + B 77515DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcessTokenEx + 6 77515DAE 4 Bytes [68, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenProcessTokenEx + B 77515DB3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenSection + 6 77515DCE 4 Bytes CALL 765164D5 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenSection + B 77515DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThread + 6 77515E0E 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThread + 6 77515E0E 4 Bytes [28, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThread + B 77515E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThreadToken + 6 77515E1E 4 Bytes [28, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThreadToken + B 77515E23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThreadTokenEx + 6 77515E2E 4 Bytes [A8, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtOpenThreadTokenEx + B 77515E33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtQueryAttributesFile + 6 77515F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtQueryAttributesFile + B 77515F43 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtQueryFullAttributesFile + 6 77515FEE 4 Bytes CALL 765166F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtQueryFullAttributesFile + B 77515FF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtSetInformationFile + 6 7751663E 4 Bytes [28, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtSetInformationFile + B 77516643 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtSetInformationThread + 6 7751669E 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtSetInformationThread + 6 7751669E 4 Bytes CALL 76516DA6 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtSetInformationThread + B 775166A3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtUnmapViewOfSection + 6 775169BE 4 Bytes [28, 05, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ntdll.dll!NtUnmapViewOfSection + B 775169C3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] kernel32.dll!CreateProcessW 75C7204D 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] kernel32.dll!CreateProcessA 75C72082 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!DeleteObject 75C25F14 5 Bytes JMP 001101B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SelectObject 75C26640 5 Bytes JMP 001105F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetTextColor 75C26906 5 Bytes JMP 001109F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetBkMode 75C269B1 5 Bytes JMP 001108B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!DeleteDC 75C26EAA 5 Bytes JMP 00110170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetDeviceCaps 75C26F7F 5 Bytes JMP 001103B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!ExtSelectClipRgn 75C27114 5 Bytes JMP 001102F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SelectClipRgn 75C27242 5 Bytes JMP 001105B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetStretchBltMode 75C27705 5 Bytes JMP 00110670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetCurrentObject 75C27917 5 Bytes JMP 00110370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextMetricsW 75C27B8F 5 Bytes JMP 00110DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextAlign 75C27DAF 5 Bytes JMP 00110D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!IntersectClipRect 75C27DFE 5 Bytes JMP 001103F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!ExtTextOutW 75C28192 5 Bytes JMP 00110930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetTextAlign 75C2828E 5 Bytes JMP 001109B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetClipBox 75C28525 5 Bytes JMP 00110330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!MoveToEx 75C28C21 5 Bytes JMP 00110470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!StretchDIBits 75C2A53E 5 Bytes JMP 00110730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!RestoreDC 75C2A67B 5 Bytes JMP 00110530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SaveDC 75C2A74B 5 Bytes JMP 00110570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextExtentPoint32W 75C2B4B5 5 Bytes JMP 00110630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextFaceW 75C2B73A 2 Bytes JMP 00110CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextFaceW + 3 75C2B73D 2 Bytes [4E, 8A]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetFontData 75C2BCC4 5 Bytes JMP 00110C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetWorldTransform 75C2C90A 5 Bytes JMP 001106B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!CreateDCA 75C2CCA9 5 Bytes JMP 001100B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!CreateDCW 75C2CF79 5 Bytes JMP 001100F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!CreateICW 75C2CFD0 5 Bytes JMP 00110130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextMetricsA 75C2D0F2 5 Bytes JMP 00110DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!Rectangle 75C2F1FF 5 Bytes JMP 00110970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!LineTo 75C2F59B 5 Bytes JMP 00110430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetICMMode 75C2FAA4 5 Bytes JMP 00110D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!ExtTextOutA 75C303F9 5 Bytes JMP 001108F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!ExtEscape 75C32949 5 Bytes JMP 001102B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!Escape 75C33939 5 Bytes JMP 00110270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetTextFaceA 75C33E6A 5 Bytes JMP 00110CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetPolyFillMode 75C3D851 5 Bytes JMP 00110AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SetMiterLimit 75C3DA0D 5 Bytes JMP 00110B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!EndPage 75C400D7 5 Bytes JMP 00110230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!ResetDCW 75C4050D 5 Bytes JMP 00110A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!GetGlyphOutlineW 75C4C1BA 5 Bytes JMP 00110C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!CreateScalableFontResourceW 75C4E817 5 Bytes JMP 00110B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!AddFontResourceW 75C4EC13 5 Bytes JMP 00110BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!RemoveFontResourceW 75C4F109 5 Bytes JMP 00110BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!AbortDoc 75C54C63 5 Bytes JMP 00110030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!EndDoc 75C550AA 5 Bytes JMP 001101F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!StartPage 75C55195 5 Bytes JMP 001106F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!StartDocW 75C55BB0 5 Bytes JMP 001107B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!BeginPath 75C5635D 5 Bytes JMP 001107F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!SelectClipPath 75C563B4 5 Bytes JMP 00110AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!CloseFigure 75C5640F 5 Bytes JMP 00110070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!EndPath 75C56466 5 Bytes JMP 00110A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!StrokePath 75C56699 5 Bytes JMP 00110770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!FillPath 75C56726 5 Bytes JMP 00110830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!PolylineTo 75C56B94 5 Bytes JMP 001104F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!PolyBezierTo 75C56C25 5 Bytes JMP 001104B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] GDI32.dll!PolyDraw 75C56CD7 5 Bytes JMP 00110870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!ActivateKeyboardLayout 77638203 5 Bytes JMP 001204F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!ScreenToClient 7763A506 7 Bytes JMP 00120670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!RegisterClipboardFormatA 7763C091 5 Bytes JMP 001202F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!RegisterClipboardFormatW 7763DF8D 5 Bytes JMP 001202B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!SetCursor 77643075 5 Bytes JMP 00120530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!MonitorFromWindow 77643622 7 Bytes JMP 00120630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!PostMessageW 7764447B 5 Bytes JMP 001205F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!IsWindowVisible 77644D69 7 Bytes JMP 001206B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClientRect 776454DD 7 Bytes JMP 001205B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!MapWindowPoints 77645CAA 5 Bytes JMP 00120570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetParent 77646029 7 Bytes JMP 001206F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!EmptyClipboard 7765290C 5 Bytes JMP 00120130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!SetClipboardData 77652962 5 Bytes JMP 00120170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClipboardData 77652BA7 5 Bytes JMP 00120030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClipboardFormatNameW 77655FD2 5 Bytes JMP 00120230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!SetClipboardViewer 77656FF6 5 Bytes JMP 001204B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClipboardFormatNameA 7765700A 5 Bytes JMP 00120270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!ChangeClipboardChain 7766147C 5 Bytes JMP 00120430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetTopWindow 776624D9 7 Bytes JMP 00120730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!CloseClipboard 7766446C 5 Bytes JMP 001200B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!OpenClipboard 7766447E 5 Bytes JMP 00120070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!IsClipboardFormatAvailable 776644FF 5 Bytes JMP 001200F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClipboardSequenceNumber 77664513 5 Bytes JMP 00120330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClipboardOwner 77664525 5 Bytes JMP 00120370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!CountClipboardFormats 7766470A 5 Bytes JMP 001201F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!EnumClipboardFormats 776647EC 5 Bytes JMP 001201B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetOpenClipboardWindow 7766480B 5 Bytes JMP 001203F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!SetCursorPos 7767C1B0 5 Bytes JMP 00120770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetClipboardViewer 77694AF7 5 Bytes JMP 00120470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] USER32.dll!GetPriorityClipboardFormat 77694BF9 5 Bytes JMP 001203B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ole32.dll!OleSetClipboard 77270045 5 Bytes JMP 00130030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ole32.dll!OleIsCurrentClipboard 772736B2 5 Bytes JMP 00130070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] ole32.dll!OleGetClipboard 7729FDCD 5 Bytes JMP 001300B0

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741B24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7419562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741956EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741B2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741A85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741A4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741A5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741A51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741A6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741A8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741A8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741A90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741AE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741A4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3248] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7556FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3248] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7556FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3248] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7556FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3248] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7556FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3248] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7556FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010090
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00120790
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 001207D0
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010090
IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[5228] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010090

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000061 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

=====================================================

 

[Agung Coriandri]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Agung choliadri at 12:08:21 on 2012-08-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1670 [GMT 7:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Windows\system32\Dwm.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
D:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Windows\system32\FortiSSLVPNdaemon.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Logitech\ScrollApp\KhalScroll.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
D:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://id.yahoo.com
uInternet Settings,ProxyServer = 10.8.7.13:8080
uInternet Settings,ProxyOverride = <local>;*.local
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - d:\program files\internet download manager\IDMIECC.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Logitech Scroll App: {e11db59d-5008-42ff-9069-535843bc0be1} - c:\program files\logitech\scrollapp\LogiSmooth.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
uRun: [Facebook Update] "c:\users\agung choliadri\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [LogiScrollApp] c:\program files\logitech\scrollapp\KhalScroll.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\agungc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\agung choliadri\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\agungc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - d:\program files\evernote\evernote\EvernoteClipper.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - d:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Download all links with IDM - d:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - d:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://d:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 61.247.0.4 202.73.99.4 61.247.0.2
TCP: Interfaces\{E8167A6A-FD79-4B17-9473-53DC6C206496} : DhcpNameServer = 61.247.0.4 202.73.99.4 61.247.0.2
TCP: Interfaces\{E8167A6A-FD79-4B17-9473-53DC6C206496}\144594F5C494E4B435953523 : DhcpNameServer = 10.8.8.11 10.8.8.15
TCP: Interfaces\{E8167A6A-FD79-4B17-9473-53DC6C206496}\C696E6B6379737 : DhcpNameServer = 202.73.99.2 61.247.0.4 202.73.99.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\agung choliadri\appdata\roaming\mozilla\firefox\profiles\k9py4xjs.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=1700&gct=hp
FF - prefs.js: network.proxy.ftp - 10.8.7.13
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 10.8.7.13
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.8.7.13
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.8.7.13
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\fortinet\sslvpnclient\npccplugin.dll
FF - plugin: c:\program files\fortinet\sslvpnclient\nptcplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\agung choliadri\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\agung choliadri\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\agung choliadri\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - plugin: d:\program files\videolan\vlc\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.exe [2009-9-17 703080]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-10-25 89376]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-26 106656]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-8-30 73216]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2011-9-2 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2011-9-2 12184]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
R3 pppop;PPPoP WAN Adapter;c:\windows\system32\drivers\pppop.sys [2009-7-21 36384]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-29 116648]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 TELKOMSELFlash. RunOuc;TELKOMSELFlash. OUC;c:\program files\telkomselflash\updatedog\ouc.exe [2011-8-30 218624]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250568]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-8-30 102784]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2011-8-30 353280]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-29 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 113120]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-1 15872]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-21 1343400]
.
=============== Created Last 30 ================
.
2012-08-26 05:03:00 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d121d0f9-9277-4297-bde3-f957d0d3ed58}\offreg.dll
2012-08-26 05:02:16 7023536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d121d0f9-9277-4297-bde3-f957d0d3ed58}\mpengine.dll
2012-08-26 03:35:57 -------- d-----w- c:\users\agung choliadri\appdata\roaming\Malwarebytes
2012-08-26 03:35:30 -------- d-----w- c:\programdata\Malwarebytes
2012-08-26 03:35:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-25 19:26:24 7023536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-21 01:55:31 -------- d-----w- c:\users\agung choliadri\appdata\roaming\SPE
2012-08-18 14:45:07 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-18 14:04:03 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-18 12:41:01 98816 ----a-w- c:\windows\sed.exe
2012-08-18 12:41:01 518144 ----a-w- c:\windows\SWREG.exe
2012-08-18 12:41:01 256000 ----a-w- c:\windows\PEV.exe
2012-08-18 12:41:01 208896 ----a-w- c:\windows\MBR.exe
2012-08-15 06:41:23 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 06:41:22 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 06:41:21 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 06:41:20 769024 ----a-w- c:\windows\system32\localspl.dll
2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-24 16:50:56 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 16:50:55 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 05:16:18 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-07-02 11:24:21 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-02 11:24:21 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-06 13:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-03 03:41:19 127 ----a-w- c:\windows\system32\ActiveFax.Cmd
2012-06-03 03:41:15 90112 ----a-w- c:\windows\system32\ActMonRe.dll
2012-06-03 03:41:15 451776 ----a-w- c:\windows\system32\ActMonNT.dll
2012-06-03 03:41:11 83136 ----a-w- c:\windows\UIActFax.exe
2012-06-03 03:41:11 69632 ----a-w- c:\windows\UIActFax.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 08:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 12:08:42.83 ===============

 

[Agung Coriandri]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 6/21/2011 4:23:10 PM
System Uptime: 8/26/2012 11:34:05 AM (1 hours ago)
.
Motherboard: Acer | | Volvi
Processor: Intel(R) Core(TM) Duo CPU T2450 @ 2.00GHz | U2E1 | 2000/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 44 GiB total, 17.81 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 47.44 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
ACDSee Photo Manager 2009
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.4)
Agent Ransack 2010
Al Quran Digital 2.1
BitTorrent
BlackBerry Desktop Software 6.1
Bonjour
Canon Utilities EOS Utility
CCleaner
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
Doro 1.45
Dropbox
EPSON Stylus T11 Series Printer Uninstall
eReg
Evernote v. 4.5.7
Extreme Racers
Facebook Video Calling 1.2.0.159
FinePrint
Folder Size for Windows
FortiClient SSL VPN v4.0.2073
Fruit Ninja HD
Google Chrome
Google Drive
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Intel(R) Graphics Media Accelerator Driver
Internet Download Manager
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 33
JDownloader 0.9
Kart Rider
LiveUpdate 3.3 (Symantec Corporation)
Logitech Scroll App 3.0
Logitech SetPoint 6.32
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.62.0.1300
MediaInfo 0.7.47
Medieval CUE Splitter
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Rise Of Nations
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.51
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Notepad++
PDF Settings CS5
Petualangan Taro Jelajah Indonesia
Photo to Cartoon
Quran in Word Ver 1.3
Return to Castle Wolfenstein
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.8
Snagit 10.0.1
Subtitle Workshop 2.51
Symantec Endpoint Protection
TELKOMSELFlash
TeraCopy 2.12
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
VLC media player 2.0.2
Winamp
Winamp Detector Plug-in
Windows Media Player Firefox Plugin
WinMerge 2.12.4
winpcap-overlook 4.02
WinRAR 4.01 (32-bit)
WinX DVD Ripper Platinum 6.8.1
Yahoo! Install Manager
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/26/2012 5:03:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/26/2012 4:26:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/26/2012 11:38:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv szkg5 szkgfs
8/26/2012 11:37:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TELKOMSELFlash. OUC service to connect.
8/26/2012 11:37:33 AM, Error: Service Control Manager [7000] - The TELKOMSELFlash. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/26/2012 11:24:59 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/26/2012 11:22:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0x9d013250, 0x00000000, 0xc0000001, 0x001003fc). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082612-83554-01.
8/26/2012 10:53:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/25/2012 8:19:32 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2012 8:03:59 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2012 8:03:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/25/2012 8:03:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/25/2012 8:03:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/25/2012 8:03:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/25/2012 8:03:06 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl is3srv MpFilter SPBBCDrv spldr SRTSP SRTSPX SYMTDI szkg5 szkgfs Wanarpv6
8/25/2012 7:52:20 AM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown.
8/25/2012 1:08:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/24/2012 8:46:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/24/2012 8:44:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/24/2012 8:07:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/24/2012 7:33:52 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/24/2012 6:59:45 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/24/2012 6:57:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
8/24/2012 6:53:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/24/2012 6:14:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/24/2012 6:09:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/24/2012 11:55:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SmcService service.
8/24/2012 11:48:18 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
8/24/2012 11:45:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
8/24/2012 11:45:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/24/2012 11:45:21 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
8/24/2012 11:40:38 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/24/2012 11:35:18 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Virut.gen!epo&threatid=2147656893 Name: Virus:Win32/Virut.gen!epo ID: 2147656893 Severity: Severe Category: Virus Path: file:_C:\ProgramData\Symantec\SRTSP\Quarantine\APQ1746.tmp Detection Origin: Local machine Detection Type: Generic Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: Unknown Action: Clean Action Status: No additional actions required Error Code: 0x8007007f Error description: The specified procedure could not be found. Signature Version: AV: 1.133.248.0, AS: 1.133.248.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8703.0, NIS: 0.0.0.0
8/24/2012 11:32:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/24/2012 11:32:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/24/2012 11:32:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl is3srv MpFilter NetBIOS NetBT nsiproxy Psched rdbss SPBBCDrv spldr SRTSP SRTSPX SYMTDI szkg5 szkgfs tdx Wanarpv6 WfpLwf WPS ws2ifsl
8/24/2012 11:32:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/24/2012 11:32:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/24/2012 11:32:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/24/2012 11:32:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/24/2012 11:32:14 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/24/2012 11:32:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/24/2012 11:32:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/24/2012 11:32:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/24/2012 11:32:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/24/2012 11:32:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/24/2012 11:32:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/23/2012 6:28:41 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/23/2012 6:17:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/23/2012 5:43:46 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/23/2012 5:09:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/23/2012 4:37:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/23/2012 4:26:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/23/2012 10:25:11 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/22/2012 8:13:52 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/22/2012 7:39:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/22/2012 7:05:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/20/2012 10:42:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0x9b2ba008, 0x00000001, 0xc0000001, 0x0010040c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082012-80153-01.
8/19/2012 9:50:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/19/2012 9:37:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/19/2012 9:29:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/19/2012 7:07:15 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
8/19/2012 10:19:39 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

You're running two AV programs, Norton and MSE.
You must uninstall one of them.
If Norton use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

Next....

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

========================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.