Inactive All Icons,Folders And Files At Desktop,Start Menu Hidden

bayang · 2011/05/27

[Inactive] All Icons,Folders And Files At Desktop,Start Menu Hidden

Yesterday my friend open a wrong website...actually he's not good about internet..then he open mobile tracker website to know which code number of country that called him....after he put the number...all things in my pc hidden automatically...n my internet connection quite slow right now...Wut should i do now??? i will paste all data that u tell us....

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5169

Windows 6.1.7600 (Safe Mode)
Internet Explorer 9.0.8112.16421

5/27/2011 7:06:31 AM
mbam-log-2011-05-27 (07-06-31).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 282311
Time elapsed: 36 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e5d5d4a1-17f0-41d7-b1c6-0979f91e6f46} (Adware.BDSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Bayang\Downloads\Angry Birds - PC Version- Free Download [www.loqmankarim.com]\Angry Birds PC Version Free Download\Installer.exe (Spyware.Banker) -> No action taken.
E:\WORD & EXCEL & PDF & BLABLABLA\Flash Games & Entertainment\Gamez\Hiburan\Dah Takde Kerja.exe (Joke.Stressreducer) -> No action taken.

bayang · 2011/05/27

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: G31M-S2L
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 163):
0x82C4C000 \SystemRoot\system32\ntkrnlpa.exe
0x82C15000 \SystemRoot\system32\halmacpi.dll
0x80BA6000 \SystemRoot\system32\kdcom.dll
0x83215000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8328D000 \SystemRoot\system32\PSHED.dll
0x8329E000 \SystemRoot\system32\BOOTVID.dll
0x832A6000 \SystemRoot\system32\CLFS.SYS
0x832E8000 \SystemRoot\system32\CI.dll
0x8B017000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B088000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B096000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B0DE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B0E7000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B0EF000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B119000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B124000 \SystemRoot\System32\drivers\partmgr.sys
0x8B135000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B145000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B190000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8B197000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B1A5000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B1BB000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B1C4000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B1E7000 \SystemRoot\system32\DRIVERS\fvxscsi.sys
0x83393000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8B000000 \SystemRoot\system32\drivers\amdxata.sys
0x833B9000 \SystemRoot\system32\drivers\fltmgr.sys
0x833ED000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B219000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B348000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B373000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B386000 \SystemRoot\System32\Drivers\cng.sys
0x8B3E3000 \SystemRoot\System32\drivers\pcw.sys
0x8B3F1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B429000 \SystemRoot\system32\drivers\ndis.sys
0x8B4E0000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B51E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B62D000 \SystemRoot\System32\drivers\tcpip.sys
0x8B776000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B7A7000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8B7B0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B7EF000 \SystemRoot\System32\Drivers\spldr.sys
0x8B600000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B543000 \SystemRoot\System32\Drivers\mup.sys
0x8B7F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B553000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B585000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B596000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B400000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B41F000 \SystemRoot\System32\Drivers\Null.SYS
0x8B5ED000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B5F4000 \SystemRoot\System32\drivers\vga.sys
0x8F416000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F437000 \SystemRoot\System32\drivers\watchdog.sys
0x8F444000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F44C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F454000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8F45C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F467000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F475000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F48C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F497000 \SystemRoot\system32\drivers\afd.sys
0x8F4F1000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F523000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8F52A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F549000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F557000 \SystemRoot\system32\DRIVERS\serial.sys
0x8F571000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F584000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F594000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F59A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F5DB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F5E5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F5EF000 \SystemRoot\System32\drivers\discache.sys
0x90209000 \SystemRoot\system32\drivers\csc.sys
0x9026D000 \SystemRoot\System32\Drivers\dfsc.sys
0x90285000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90293000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x902B9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x902DA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x902EC000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9080A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9032B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90F90000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90FC9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91211000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x91236000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91241000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9128C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9129B000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x912AC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x912B6000 \SystemRoot\system32\DRIVERS\parport.sys
0x912CE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x912E6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x912F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91300000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9130D000 \SystemRoot\System32\Drivers\RootMdm.sys
0x91315000 \SystemRoot\system32\drivers\modem.sys
0x91322000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91334000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9134C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91357000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91379000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91390000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x913A7000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x913AE000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x913B8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x913BA000 \SystemRoot\system32\DRIVERS\ks.sys
0x913EE000 \SystemRoot\system32\DRIVERS\fcdabus.sys
0x913F1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91034000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91078000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91089000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x910A6000 \SystemRoot\system32\drivers\portcls.sys
0x910D5000 \SystemRoot\system32\drivers\drmk.sys
0x910EE000 \SystemRoot\system32\drivers\HdAudio.sys
0x9113E000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x91150000 \SystemRoot\System32\Drivers\bthport.sys
0x911B4000 \SystemRoot\System32\Drivers\USBD.SYS
0x911B6000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x911DA000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x91000000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x9101B000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x903E2000 \SystemRoot\system32\DRIVERS\hidbth.sys
0x911E7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9102D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B200000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C63B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8C65F000 \SystemRoot\system32\drivers\usbaudio.sys
0x8C673000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C680000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C68B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8C694000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93140000 \SystemRoot\System32\win32k.sys
0x8C6A5000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C6AF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x933A0000 \SystemRoot\System32\TSDDD.dll
0x93000000 \SystemRoot\System32\ATMFD.DLL
0x93050000 \SystemRoot\System32\cdd.dll
0x8C6BA000 \SystemRoot\system32\drivers\luafv.sys
0x8C6D5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8C6EA000 \SystemRoot\system32\drivers\WudfPf.sys
0x8C712000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8C722000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8C735000 \SystemRoot\system32\drivers\HTTP.sys
0x8C7BA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8C7D3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8C600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F811000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F84C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F87E000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9F885000 \SystemRoot\System32\Drivers\adfs.SYS
0x9F8A1000 \SystemRoot\system32\drivers\peauth.sys
0x9F938000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F942000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9F963000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F970000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9EC17000 \SystemRoot\System32\DRIVERS\srv.sys
0x9EC69000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0x9ECFE000 \??\C:\Users\Bayang\AppData\Local\Temp\awdiipow.sys
0x77D40000 \Windows\System32\ntdll.dll
0x484C0000 \Windows\System32\smss.exe
0x77F80000 \Windows\System32\apisetschema.dll

Processes (total 60):
0 System Idle Process
4 SYSTEM
232 C:\Windows\System32\smss.exe
376 csrss.exe
444 C:\Windows\System32\wininit.exe
456 csrss.exe
500 C:\Windows\System32\services.exe
508 C:\Windows\System32\lsass.exe
516 C:\Windows\System32\lsm.exe
580 C:\Windows\System32\winlogon.exe
680 C:\Windows\System32\svchost.exe
784 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\atiesrxx.exe
948 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\atieclxx.exe
1440 C:\Windows\System32\dwm.exe
1496 C:\Windows\explorer.exe
1616 C:\Windows\System32\svchost.exe
1752 C:\Windows\System32\spoolsv.exe
1784 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1792 C:\Windows\System32\taskhost.exe
1832 C:\Windows\System32\svchost.exe
1972 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
308 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
488 C:\Windows\System32\FsUsbExService.Exe
440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
356 C:\Program Files\Internet Explorer\iexplore.exe
1244 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1204 C:\Windows\System32\conhost.exe
1292 C:\Windows\System32\svchost.exe
1368 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2332 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2376 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2468 C:\Program Files\IM Magician\vmonproc.exe
2484 C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
2568 C:\Program Files\Windows Sidebar\sidebar.exe
2604 C:\Program Files\uTorrent\uTorrent.exe
2660 C:\Program Files\Free Download Manager\fdm.exe
2704 C:\Program Files\Internet Explorer\iexplore.exe
2796 C:\Windows\System32\svchost.exe
3116 C:\Windows\System32\SearchIndexer.exe
3340 C:\Windows\System32\svchost.exe
3392 C:\Windows\System32\svchost.exe
3416 C:\Program Files\IM Magician\vicamon.exe
3776 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3992 C:\Program Files\Windows Media Player\wmpnetwk.exe
3112 C:\Windows\System32\svchost.exe
4092 C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
3972 C:\Program Files\Opera\opera.exe
3820 C:\Windows\System32\svchost.exe
2496 C:\Windows\System32\wuauclt.exe
5764 C:\dds.scr
1696 C:\Windows\System32\conhost.exe
5140 C:\Users\Bayang\AppData\Local\Temp\nsf8B5F.tmp\PEV.DAT
4236 C:\MBRCheck.exe
5336 C:\Windows\System32\conhost.exe
5928 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`69e61600 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3160812SV, Rev: 3.ASJ
PhysicalDrive1 Model Number: WDCWD10EADS-00L5B1, Rev: 01.01A01
PhysicalDrive2 Model Number: WDCWD5000AACS-00ZUB0, Rev: 01.01B01

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

bayang · 2011/05/27

DDS (Ver_2011-05-26.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Bayang at 17:48:58 on 2011-05-27
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1870 [GMT 8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IM Magician\vmonproc.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\IM Magician\Vicamon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe "
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe "
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [VirtualDrive] "c:\program files\farstone\virtualdrive\VDTask.exe" /AutoRestore
mRun: [IMMON] "c:\program files\im magician\Vicamon.exe "
mRun: [IMMONSUPPORT] "c:\program files\im magician\vmonproc.exe" /cls=IMMAGICIAN_CAMERA_MONITOR_I /exe=Vicamon.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRunOnce: [FsVdInstReboot] 1 (0x1)
mRunOnce: [FsVdUnReboot] 1 (0x1)
StartupFolder: c:\users\bayang\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{04FC2999-A0A9-4CA4-871D-5F867C854C9C}: NameServer = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bayang\appdata\roaming\mozilla\firefox\profiles\zv4fxc54.default\
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\users\bayang\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 180224]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-2 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-2 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-2 61960]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-5-21 217088]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-5-21 36640]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-5 38224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-9 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-9 136176]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-7-24 9472]
.
=============== Created Last 30 ================
.
2011-05-27 07:29:06 610953 ------r- C:\dds.scr
2011-05-27 07:28:45 80384 ----a-w- C:\MBRCheck.exe
2011-05-27 07:28:27 302080 ----a-w- C:\4chnclri.exe
2011-05-27 00:03:15 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-26 23:29:15 98816 ----a-w- c:\windows\sed.exe
2011-05-26 23:29:15 89088 ----a-w- c:\windows\MBR.exe
2011-05-26 23:29:15 256512 ----a-w- c:\windows\PEV.exe
2011-05-26 23:29:15 161792 ----a-w- c:\windows\SWREG.exe
2011-05-26 23:26:22 4295606 ------r- C:\ComboFix.exe
2011-05-26 02:00:30 746888 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-05-21 03:34:20 -------- d-----w- c:\users\bayang\appdata\local\Samsung
2011-05-21 03:33:09 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-05-21 02:58:49 -------- d-----w- c:\users\bayang\appdata\local\Downloaded Installations
2011-05-21 02:58:33 79929616 ----a-w- c:\users\bayang\appdata\roaming\microsoft\windows\templates\SamsungKiesSetup.exe
2011-05-21 02:49:56 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2011-05-21 02:49:56 217088 ----a-w- c:\windows\system32\FsUsbExService.Exe
2011-05-21 02:49:56 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2011-05-21 02:47:15 -------- d-----w- c:\program files\PC Connectivity Solution
2011-05-21 02:45:07 -------- d-----w- c:\users\bayang\appdata\roaming\Samsung
2011-05-21 02:45:06 -------- d-----w- c:\program files\MarkAny
2011-05-21 02:45:04 -------- d-----w- c:\programdata\Samsung
2011-05-21 02:38:39 -------- d-----w- c:\program files\Samsung
2011-05-21 02:38:09 -------- d-----w- c:\program files\common files\Samsung
2011-05-19 12:31:36 -------- d-----w- c:\program files\TalkBox
2011-05-19 12:31:31 249856 ------w- c:\windows\Setup1.exe
2011-05-19 12:31:30 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-05-16 13:21:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-05 11:38:33 454656 ----a-w- c:\program files\microsoft games\mechwarrior vengeance\NFOEDI~1.EXE
2011-05-05 11:18:40 -------- d-----w- c:\program files\directx
2011-05-03 04:51:28 -------- d-----w- c:\windows\rescache
2011-05-02 19:35:24 -------- d-----w- c:\users\bayang\appdata\roaming\Rovio
2011-05-02 19:34:57 761152 ----a-w- c:\windows\system\msvcr100.dll
2011-05-02 15:49:23 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8fd9ac8a-f89a-4161-aa69-701191a3d8a5}\mpengine.dll
2011-05-02 15:45:39 -------- d-----w- c:\program files\MSXML 4.0
2011-05-02 06:32:47 -------- d-----w- c:\programdata\Skype Extras
2011-05-02 06:17:10 -------- d-----r- c:\program files\Skype
2011-05-01 10:53:28 53248 ----a-r- c:\users\bayang\appdata\roaming\microsoft\installer\{b0a92733-c870-415c-a494-df72c2c58402}\ARPPRODUCTICON.exe
2011-04-30 11:04:26 -------- d-----w- c:\users\bayang\appdata\roaming\Vimisoft Studio
2011-04-30 11:04:17 77824 ----a-w- c:\windows\system32\vgf.dll
2011-04-30 11:04:17 450560 ----a-w- c:\windows\system32\newlistview2.dll
2011-04-30 11:04:16 -------- d-----w- c:\program files\common files\Vimisoft Studio
2011-04-30 11:03:53 -------- d-----w- c:\program files\Vimicro Corporation
2011-04-30 11:03:32 -------- d-----w- c:\program files\IM Magician
2011-04-27 13:11:37 -------- d-----w- c:\users\bayang\appdata\roaming\The Creative Assembly
.
==================== Find3M ====================
.
2011-04-27 06:19:30 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-04-20 04:35:54 86016 ----a-w- c:\windows\system32\RDrv2KInterface.dll
2011-04-20 04:35:54 135168 ----a-w- c:\windows\system32\VDProductInfoEx.dll
2011-04-20 04:35:53 86016 ----a-w- c:\windows\system32\Dversion.dll
2011-04-20 04:35:53 36864 ----a-w- c:\windows\system32\unVHDDrvExe.exe
2011-04-20 04:35:53 32768 ----a-w- c:\windows\system32\inVHDDrvExe.exe
2011-04-20 04:35:53 28672 ----a-w- c:\windows\system32\RDrvInterface.dll
2011-04-20 04:35:53 118784 ----a-w- c:\windows\system32\DVC.dll
2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:44:09 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 05:44:01 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 05:44:01 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 05:44:01 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 05:43:55 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 05:43:46 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 05:43:46 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST3160812SV rev.3.ASJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x9033C8B0]<<
_asm { PUSH ECX; MOV EAX, [ESP+0x8]; PUSH EBX; PUSH EBP; PUSH ESI; PUSH EDI; CMP EAX, [0x90342904]; JNZ 0x22; MOV EBX, [ESP+0x1c]; CALL 0xfffffffffffffcc0; }
1 ntkrnlpa!IofCallDriver[0x82C7D448] -> \Device\Harddisk0\DR0[0x8635B7D8]
3 CLASSPNP[0x8B5AD59E] -> ntkrnlpa!IofCallDriver[0x82C7D448] -> [0x8660E5C0]
\Driver\Disk[0x865E88B8] -> IRP_MJ_CREATE -> 0x9033C8B0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
.
============= FINISH: 17:49:46.95 ===============

bayang · 2011/05/27

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-05-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 10/2/2010 12:23:46 PM
System Uptime: 5/27/2011 4:11:05 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2L
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 5.744 GiB free.
D: is FIXED (NTFS) - 51 GiB total, 0.575 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 33.349 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 2.109 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C0B7\7&2129A713&0&00234528EB17_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C0B7\7&2129A713&0&00234528EB17_C00000000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C039\7&2129A713&0&001A75A7A152_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C039\7&2129A713&0&001A75A7A152_C00000000
Service:
.
==== System Restore Points ===================
.
RP181: 5/27/2011 4:45:19 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.4.4
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AMD DnD V1.0.19
AMR to MP3 Converter 1.4
ATI Catalyst Install Manager
ATI Catalyst Registration
Avira AntiVir Personal - Free Antivirus
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
Call of Duty Modern Warfare 2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Components Setup
Connect
F1 Racing 3D Screensaver v1.0
FIFA MANAGER 10
Free Download Manager 3.0
Google Chrome
Google Earth
Google Update Helper
IM Magician
Java Auto Updater
Java(TM) 6 Update 24
kuler
Malwarebytes' Anti-Malware
MechWarrior Black Knight
MechWarrior Vengeance
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need For Speed Underground
Nero 7 Lite 7.10.1.0
Opera 11.11
OutlookAddInNet3Setup
PDF Settings CS4
Photoshop Camera Raw
Red Alert 2
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Skype Toolbars
Skype™ 5.3
Suite Shared Configuration CS4
TalkBox v0.3
VirtualDrive Pro
VLC media player 1.1.9
Winamp
Winamp Detector Plug-in
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 2.7.2
.
==== Event Viewer Messages From Past Week ========
.
5/27/2011 7:46:16 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/27/2011 7:31:58 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
5/27/2011 7:31:58 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
5/27/2011 7:31:58 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
5/27/2011 7:11:49 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
5/27/2011 6:24:56 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000e4 (0x00000001, 0x86803b30, 0x00000001, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052711-24772-01.
5/27/2011 3:54:36 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 3:54:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/27/2011 3:54:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/27/2011 3:54:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/27/2011 3:54:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2011 3:54:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/27/2011 3:54:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/27/2011 3:54:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr ssmdrv tdx Wanarpv6 WfpLwf
5/27/2011 3:54:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 3:54:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2011 3:54:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2011 3:54:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 3:54:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 3:54:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2011 3:54:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 3:54:08 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 3:54:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/27/2011 3:54:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/27/2011 3:54:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/24/2011 9:31:26 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR11.
5/23/2011 6:22:08 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
5/21/2011 10:49:57 AM, Error: Service Control Manager [7030] - The FsUsbExService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

Admin. · 2011/05/27

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

bayang · 2011/05/27

ok sir...i will uninstall the p2p software....

broni · 2011/05/27

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================

Your MBAM log says "No action taken ".
Re-run it, FIX all issues and post new log.

Regarding hidden files...
Download and run UnHide
Let me know, if it worked.

======================================================

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

bayang · 2011/05/27

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6691

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

5/28/2011 12:09:58 PM
mbam-log-2011-05-28 (12-09-58).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 326894
Time elapsed: 45 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2011/05/27

You didn't say, if UnHide worked.

bayang · 2011/05/27

wait...i paste this mbam log 1st...ok now im telling u....the UnHide still not work...my icons at desktop n start menu still hidden ...my computer, recycle bin did not appear .....ok for the TDSSKiller...i already download....just extract but i cannot run that application...once i click the TDSSKiller...nothing happen...

broni · 2011/05/27

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:

On completion of the scan click "Save log ", save it to your desktop and post in your next reply:

=================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

bayang · 2011/05/28

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-28 12:57:26
-----------------------------
12:57:26.802 OS Version: Windows 6.1.7600
12:57:26.802 Number of processors: 2 586 0x604
12:57:26.802 ComputerName: BAYANG-PC UserName: Bayang
12:57:27.707 Initialize success
12:57:42.621 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
12:57:42.621 Disk 0 Vendor: ST3160812SV 3.ASJ Size: 152626MB BusType: 3
12:57:42.636 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
12:57:42.636 Disk 1 Vendor: WDC_WD10EADS-00L5B1 01.01A01 Size: 953868MB BusType: 3
12:57:42.636 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-6
12:57:42.652 Disk 2 Vendor: WDC_WD5000AACS-00ZUB0 01.01B01 Size: 476940MB BusType: 3
12:57:44.680 Disk 0 MBR read successfully
12:57:44.680 Disk 0 MBR scan
12:57:44.680 Disk 0 Windows 7 default MBR code
12:57:46.708 Disk 0 scanning sectors +312560640
12:57:46.739 Disk 0 scanning C:\Windows\system32\drivers
12:57:51.419 Service scanning
12:57:52.386 Disk 0 trace - called modules:
12:57:52.402 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8f71b8b0]<<
12:57:52.418 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8635b358]
12:57:52.418 3 CLASSPNP.SYS[8b3be59e] -> nt!IofCallDriver -> [0x86734cf0]
12:57:52.433 \Driver\Disk[0x86672b28] -> IRP_MJ_CREATE -> 0x8f71b8b0
12:57:52.433 Scan finished successfully
12:58:06.723 Disk 0 MBR has been saved successfully to "C:\Users\Bayang\Desktop\MBR.dat "
12:58:06.723 The log file has been saved successfully to "C:\Users\Bayang\Desktop\aswMBR.txt "

bayang · 2011/05/28

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x91631000 C:\Windows\system32\DRIVERS\atikmdag.sys 7888896 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0xB2C17000 C:\Windows\system32\DRIVERS\49750821.sys 5373952 bytes (Kaspersky Lab, Kaspersky Unified Driver)
0x82C0B000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82C0B000 PnpManager 4259840 bytes
0x82C0B000 RAW 4259840 bytes
0x82C0B000 WMIxWDM 4259840 bytes
0x93870000 Win32k 2404352 bytes
0x93870000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B637000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8B24D000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x90942000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B480000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x83301000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA0A24000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9AC31000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8322E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8B011000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x91F3D000 C:\Windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x90820000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8B40C000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8F655000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA0B42000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA0BA3000 C:\Windows\system32\DRIVERS\4975082.sys 327680 bytes (Kaspersky Lab, Klif Mini-Filter [fre_wlh_x86])
0x91EDB000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA0AF3000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x93B00000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x92048000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B13F000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B090000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x91E21000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x832BF000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8F788000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x90903000 C:\Windows\system32\DRIVERS\atikmpag.sys 258048 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x8B7BA000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B537000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9AD04000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x91DB7000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8301B000 ACPI_HAL 225280 bytes
0x8301B000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8B208000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x921C1000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8B5B2000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8F6AF000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B780000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x91E93000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8B608000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8B37C000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B0E9000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x908AA000 C:\Windows\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x833AC000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8B3BA000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B575000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x92018000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x8CA36000 C:\Windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x91FBA000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x8B1BE000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9ACE1000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9215E000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA0AC5000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x908D0000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x83200000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x833D2000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x91600000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8F6E8000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x93B50000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x91E76000 C:\Windows\system32\drivers\AtiHdmi.sys 118784 bytes (ATI Technologies, Inc., ATI High Definition Audio Function Driver)
0x8CA67000 C:\Windows\system32\DRIVERS\bthpan.sys 110592 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x8CA94000 C:\Windows\system32\DRIVERS\hidbth.sys 110592 bytes (Microsoft Corporation, Bluetooth Miniport Driver for HID Devices)
0x8CB27000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9AD3F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8F745000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x8CB57000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9ACB6000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x91EC2000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x90884000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x920D5000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x920BD000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x9213B000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x92180000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x92197000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8F633000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x91FA3000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8B19F000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8CB42000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0x8B1E1000 C:\Windows\system32\DRIVERS\fvxscsi.sys 81920 bytes (FarStone Inc., FarStone SCSI Miniport )
0x91FDE000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x8CAAF000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8B3A7000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8CB81000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8F75F000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x92129000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8CA82000 C:\Windows\system32\DRIVERS\bthmodem.sys 73728 bytes (Microsoft Corporation, Bluetooth Communications Driver)
0x91F2B000 C:\Windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x908F1000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9ACCF000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x9AD61000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x8B5E4000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8B5E4000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8CB01000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B23C000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91E65000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8B11E000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x832A6000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x920A2000 C:\Windows\system32\DRIVERS\Rtnicxp.sys 69632 bytes (Realtek Semiconductor Corporation , Realtek 10/100 NDIS 5.1 Driver )
0x8CB71000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B59A000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8F772000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8B12F000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x92093000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x9089C000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8F707000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8F625000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B191000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B469000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x92000000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8B082000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xB3137000 C:\Windows\system32\DRIVERS\49750822.sys 53248 bytes (Kaspersky Lab, Kaspersky Lab Boot Guard Driver)
0x8CA5A000 C:\Windows\system32\DRIVERS\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x92107000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8CAE0000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x920FA000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9211C000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x920ED000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA0AE6000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x83221000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8F7DD000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8B000000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
!!!!!!!!!!!Hidden driver: 0x8F723000 2155373664 45056 bytes
0xB314D000 C:\Users\Bayang\AppData\Local\Temp\aswMBR.sys 45056 bytes
0x8CAED000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8CB1C000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8F61A000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x92153000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8F64A000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x9203D000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8B113000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8CB12000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8F7D3000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8F7C9000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x921B5000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA0ABB000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x920B3000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x8B1F5000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8B1B5000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8CAF8000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0xA0B94000 C:\Windows\system32\FsUsbExDisk.SYS 36864 bytes
0x8B477000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB3161000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x93AD0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B7B1000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8B0D8000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x832B7000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B5AA000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80B96000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8B0E1000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x833F1000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8F60A000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8F612000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x92114000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x8B600000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8B200000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8CAC2000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8B18A000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8B7F9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9AD5A000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x921AE000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x8F6E1000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8F782000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x921F5000 C:\Windows\system32\DRIVERS\fcdabus.sys 12288 bytes (FarStone Inc., FarStone Bus Enumerator)
0x921BF000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x91FA1000 C:\Windows\System32\Drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x863881ED unknown_irp_handler 3603 bytes
0x8F71B8B0 unknown_irp_handler 1872 bytes
==============================================
>Stealth
==============================================
0x06400000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 102400 bytes
0x005E0000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 110592 bytes
0x07260000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Dashboard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 1150976 bytes
0x004E0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x87600030 ] PID: 636, 118784 bytes
0x01590000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 118784 bytes
0x06B40000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 1232896 bytes
0x86389A91 Unknown page with executable code, 1391 bytes
0x04400000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 159744 bytes
0x070B0000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Wizard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 1716224 bytes
0x06E90000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 208896 bytes
0x06560000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 217088 bytes
0x07680000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 282624 bytes
0x007C0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x87600030 ] PID: 636, 28672 bytes
0x007E0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x87600030 ] PID: 636, 28672 bytes
0x00600000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x005D0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x03B20000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x03CF0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x03E40000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x03E60000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x03E50000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x03E70000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x03E90000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x042D0000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x042C0000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x045A0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x04760000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x04600000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x04790000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x047B0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x04DC0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x04E20000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x04E30000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x04E60000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x05380000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x05440000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x05460000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x05FD0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x06150000 Hidden Image-->Branding.dll [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x06160000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x06420000 Hidden Image-->atixclib.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x065A0000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x065C0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x07380000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 28672 bytes
0x03B70000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x87600030 ] PID: 636, 36864 bytes
0x00750000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 36864 bytes
0x03CE0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 36864 bytes
0x041A0000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 36864 bytes
0x04E10000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 36864 bytes
0x05FB0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 36864 bytes
0x065B0000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 36864 bytes
0x8638A191 Unknown page with executable code, 3695 bytes
0x04540000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 380928 bytes
0x060E0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 413696 bytes
0x00510000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x87600030 ] PID: 636, 45056 bytes
0x00650000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x87600030 ] PID: 636, 45056 bytes
0x03B60000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x87600030 ] PID: 636, 45056 bytes
0x003C0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 45056 bytes
0x00420000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 45056 bytes
0x00650000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 45056 bytes
0x03CA0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 45056 bytes
0x06370000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 503808 bytes
0x01480000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 53248 bytes
0x038B0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 53248 bytes
0x03CD0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 53248 bytes
0x03E80000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 53248 bytes
0x03E20000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 53248 bytes
0x05420000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 53248 bytes
0x05FA0000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 53248 bytes
0x063F0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 53248 bytes
0x05390000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 577536 bytes
0x8638CE7A Unknown thread object [ ETHREAD 0x865A9298 ] TID: 248, 600 bytes
0x8638F008 Unknown thread object [ ETHREAD 0x865AEC28 ] TID: 252, 600 bytes
0x8638E0DE Unknown thread object [ ETHREAD 0x865AE950 ] , 600 bytes
0x8638CB45 Unknown thread object [ ETHREAD 0x865B2020 ] , 600 bytes
0x8F728810 Unknown thread object [ ETHREAD 0x8672C3D8 ] TID: 272, 600 bytes
0x8F728810 Unknown thread object [ ETHREAD 0x86728278 ] TID: 276, 600 bytes
0x8F71C710 Unknown thread object [ ETHREAD 0x86736020 ] TID: 280, 600 bytes
0x8F71C710 Unknown thread object [ ETHREAD 0x86736760 ] TID: 284, 600 bytes
0x9AD9CF2E Unknown thread object [ ETHREAD 0x873B1A60 ] , 600 bytes
0x03890000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 69632 bytes
0x03B70000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 69632 bytes
0x04E40000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 69632 bytes
0x06530000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 69632 bytes
0x065D0000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 749568 bytes
0x00660000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x87600030 ] PID: 636, 77824 bytes
0x00630000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 77824 bytes
0x066B0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 77824 bytes
0x8638ECDC Unknown page with executable code, 804 bytes
0x03CB0000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x87B11D40 ] PID: 2296, 86016 bytes
0x06690000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x87B11D40 ] PID: 2296, 86016 bytes

broni · 2011/05/28

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

bayang · 2011/05/28

ComboFix 11-05-27.02 - Bayang 05/28/2011 13:33:15.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2014 [GMT 8:00]
Running from: c:\users\Bayang\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Drivers\pxog.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-28 05:42 . 2011-05-28 05:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-28 04:50 . 2011-05-28 04:50 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-28 04:49 . 2009-10-22 05:54 37392 ----a-w- c:\windows\system32\drivers\49750822.sys
2011-05-28 04:49 . 2009-10-09 15:31 311312 ----a-w- c:\windows\system32\drivers\4975082.sys
2011-05-28 04:49 . 2009-09-25 09:59 128016 ----a-w- c:\windows\system32\drivers\49750821.sys
2011-05-28 04:41 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-28 04:40 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-27 07:29 . 2011-05-27 07:29 610953 ------r- C:\dds.scr
2011-05-27 07:28 . 2011-05-27 07:28 80384 ----a-w- C:\MBRCheck.exe
2011-05-27 07:28 . 2011-05-27 07:28 302080 ----a-w- C:\4chnclri.exe
2011-05-21 03:34 . 2011-05-21 03:46 -------- d-----w- c:\users\Bayang\AppData\Local\Samsung
2011-05-21 03:33 . 2011-04-27 06:20 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-05-21 02:58 . 2011-05-21 02:58 -------- d-----w- c:\users\Bayang\AppData\Local\Downloaded Installations
2011-05-21 02:58 . 2011-05-01 00:22 79929616 ----a-w- c:\users\Bayang\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
2011-05-21 02:49 . 2010-09-13 10:28 36640 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2011-05-21 02:49 . 2010-09-13 10:28 221184 ----a-w- c:\windows\system32\FsUsbExService.Exe
2011-05-21 02:49 . 2010-09-13 10:28 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2011-05-21 02:47 . 2011-05-21 02:59 -------- d-----w- c:\program files\PC Connectivity Solution
2011-05-21 02:45 . 2011-05-21 03:46 -------- d-----w- c:\users\Bayang\AppData\Roaming\Samsung
2011-05-21 02:45 . 2011-05-21 02:45 -------- d-----w- c:\program files\MarkAny
2011-05-21 02:45 . 2011-05-21 03:46 -------- d-----w- c:\programdata\Samsung
2011-05-21 02:38 . 2011-05-21 02:50 -------- d-----w- c:\program files\Samsung
2011-05-21 02:38 . 2011-05-21 02:45 -------- d-----w- c:\program files\Common Files\Samsung
2011-05-19 12:31 . 2011-05-19 12:32 -------- d-----w- c:\program files\TalkBox
2011-05-19 12:31 . 2011-05-19 12:31 249856 ------w- c:\windows\Setup1.exe
2011-05-19 12:31 . 2011-05-19 12:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-05-16 13:21 . 2011-05-16 13:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 15:05 . 2011-05-11 15:05 -------- d-----w- c:\users\Bayang\AppData\Roaming\dvdcss
2011-05-05 11:38 . 2001-07-25 03:21 454656 ----a-w- c:\program files\Microsoft Games\MechWarrior Vengeance\NFOEDI~1.EXE
2011-05-05 11:18 . 2011-05-05 11:18 -------- d-----w- c:\program files\directx
2011-05-03 04:51 . 2011-05-03 04:52 -------- d-----w- c:\windows\rescache
2011-05-02 19:35 . 2011-05-02 19:35 -------- d-----w- c:\users\Bayang\AppData\Roaming\Rovio
2011-05-02 19:34 . 2009-08-24 02:15 761152 ----a-w- c:\windows\system\msvcr100.dll
2011-05-02 15:49 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FD9AC8A-F89A-4161-AA69-701191A3D8A5}\mpengine.dll
2011-05-02 15:45 . 2011-05-02 15:45 -------- d-----w- c:\program files\MSXML 4.0
2011-05-02 06:32 . 2011-05-19 11:08 -------- d-----w- c:\users\Bayang\AppData\Roaming\skypePM
2011-05-02 06:32 . 2011-05-17 08:02 -------- d-----w- c:\programdata\Skype Extras
2011-05-02 06:18 . 2011-05-19 15:54 -------- d-----w- c:\users\Bayang\AppData\Roaming\Skype
2011-05-02 06:17 . 2011-05-02 06:17 -------- d-----w- c:\program files\Common Files\Skype
2011-05-02 06:17 . 2011-05-02 06:17 -------- d-----r- c:\program files\Skype
2011-05-02 06:17 . 2011-05-02 06:17 -------- d-----w- c:\programdata\Skype
2011-05-01 10:53 . 2011-05-01 10:53 53248 ----a-r- c:\users\Bayang\AppData\Roaming\Microsoft\Installer\{B0A92733-C870-415C-A494-DF72C2C58402}\ARPPRODUCTICON.exe
2011-04-30 11:04 . 2011-04-30 11:10 -------- d-----w- c:\users\Bayang\AppData\Roaming\Vimisoft Studio
2011-04-30 11:04 . 2010-09-28 03:59 450560 ----a-w- c:\windows\system32\newlistview2.dll
2011-04-30 11:04 . 2010-09-28 03:56 77824 ----a-w- c:\windows\system32\vgf.dll
2011-04-30 11:04 . 2011-04-30 11:04 -------- d-----w- c:\program files\Common Files\Vimisoft Studio
2011-04-30 11:03 . 2011-04-30 11:03 -------- d-----w- c:\program files\Vimicro Corporation
2011-04-30 11:03 . 2011-04-30 11:04 -------- d-----w- c:\program files\IM Magician
2011-04-30 11:03 . 2011-05-21 03:46 -------- d-----w- c:\program files\InstallShield Installation Information
2011-04-30 11:02 . 2011-04-30 11:02 -------- d-----w- c:\users\Bayang\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 04:24 . 2009-11-25 03:17 397312 ----a-w- c:\windows\system32\atieclxx.exe
2011-05-28 04:24 . 2009-11-25 03:17 180224 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-27 06:19 . 2011-04-27 06:19 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-04-27 06:19 . 2011-04-27 06:19 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-04-27 06:19 . 2011-04-27 06:19 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-04-27 06:19 . 2011-04-27 06:19 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-04-27 06:19 . 2011-04-27 06:19 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-04-27 06:19 . 2011-04-27 06:19 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-04-27 06:19 . 2011-04-27 06:19 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-04-27 06:19 . 2011-04-27 06:19 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-04-27 06:19 . 2011-04-27 06:19 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-04-27 06:19 . 2011-04-27 06:19 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-04-27 06:19 . 2011-04-27 06:19 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-04-27 06:19 . 2011-04-27 06:19 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-04-27 06:19 . 2011-04-27 06:19 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-04-27 06:19 . 2011-04-27 06:19 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-04-27 06:19 . 2011-04-27 06:19 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-04-27 06:19 . 2011-04-27 06:19 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-04-27 06:19 . 2011-04-27 06:19 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-04-27 06:19 . 2011-04-27 06:19 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-04-27 06:19 . 2011-04-27 06:19 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-04-27 06:19 . 2011-04-27 06:19 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-04-27 06:19 . 2011-04-27 06:19 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-04-27 06:19 . 2011-04-27 06:19 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-04-27 06:19 . 2011-04-27 06:19 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-04-27 06:19 . 2011-04-27 06:19 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-04-27 06:19 . 2011-04-27 06:19 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-04-20 04:35 . 2011-04-20 04:35 135168 ----a-w- c:\windows\system32\VDProductInfoEx.dll
2011-04-20 04:35 . 2011-04-20 04:35 86016 ----a-w- c:\windows\system32\RDrv2KInterface.dll
2011-04-20 04:35 . 2011-04-20 04:35 86016 ----a-w- c:\windows\system32\Dversion.dll
2011-04-20 04:35 . 2011-04-20 04:35 28672 ----a-w- c:\windows\system32\RDrvInterface.dll
2011-04-20 04:35 . 2011-04-20 04:35 118784 ----a-w- c:\windows\system32\DVC.dll
2011-04-20 04:35 . 2011-04-16 11:33 36864 ----a-w- c:\windows\system32\unVHDDrvExe.exe
2011-04-20 04:35 . 2011-04-16 11:33 32768 ----a-w- c:\windows\system32\inVHDDrvExe.exe
2011-03-17 10:48 . 2010-10-02 06:52 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-11 05:40 . 2011-04-20 04:54 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-20 04:54 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38 . 2011-04-20 04:55 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 19:04 . 2011-03-04 19:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-04 19:04 . 2011-03-04 19:04 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-03 05:29 . 2011-04-20 04:56 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-20 04:56 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-20 04:56 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-05-03 10:53 . 2011-04-13 16:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Messenger (Yahoo!) "= "c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Free Download Manager "= "c:\program files\Free Download Manager\fdm.exe" [2009-01-30 3399727]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"ATICustomerCare "= "c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AdobeCS4ServiceManager "= "c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"VirtualDrive "= "c:\program files\FarStone\VirtualDrive\VDTask.exe" [2010-08-17 686680]
"IMMON "= "c:\program files\IM Magician\Vicamon.exe" [2010-09-28 143360]
"IMMONSUPPORT "= "c:\program files\IM Magician\vmonproc.exe" [2010-09-28 233472]
"RIMBBLaunchAgent.exe "= "c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FsVdInstReboot "= "1 (0x1)" [X]
"FsVdUnReboot "= "1 (0x1)" [X]
.
c:\users\Bayang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
setup_9.0.0.722_28.05.2011_06-14.lnk - c:\users\Bayang\Desktop\Virus Removal Tool\setup_9.0.0.722_28.05.2011_06-14\startup.exe [2011-5-28 72208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3 "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 136176]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 136176]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 9472]
S0 49750822;49750822 Boot Guard Driver;c:\windows\system32\DRIVERS\49750822.sys [2009-10-22 37392]
S1 49750821;49750821;c:\windows\system32\DRIVERS\49750821.sys [2009-09-25 128016]
S1 setup_9.0.0.722_28.05.2011_06-14drv;setup_9.0.0.722_28.05.2011_06-14drv;c:\windows\system32\DRIVERS\4975082.sys [2009-10-09 311312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-28 180224]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-28 136360]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-09-13 221184]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 7566848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 238592]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-09-13 36640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 49750821
*NewlyCreated* - 49750822
*NewlyCreated* - ASWMBR
*NewlyCreated* - NORMANDY
*NewlyCreated* - SETUP_9.0.0.722_28.05.2011_06-14DRV
*Deregistered* - aswMBR
*Deregistered* - Normandy
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 02:49]
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-09 02:49]
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-68621998-3842919755-3149787651-1000Core.job
- c:\users\Bayang\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 08:57]
.
2011-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-68621998-3842919755-3149787651-1000UA.job
- c:\users\Bayang\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 08:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{04FC2999-A0A9-4CA4-871D-5F867C854C9C}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Bayang\AppData\Roaming\Mozilla\Firefox\Profiles\zv4fxc54.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-28 13:52:02
ComboFix-quarantined-files.txt 2011-05-28 05:51
ComboFix2.txt 2011-05-27 00:02
.
Pre-Run: 5,624,905,728 bytes free
Post-Run: 5,509,382,144 bytes free
.
- - End Of File - - C3B8461968E53C7C2E976E845F858B88

broni · 2011/05/28

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
Double-click SystemLook.exe to run it.

Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:dir
%Temp%\smtmp /s
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

====================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box

Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\drivers\49750822.sys
c:\windows\system32\drivers\4975082.sys
c:\windows\system32\drivers\49750821.sys


Driver::
49750822
49750821

DDS::
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = 127.0.0.1


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
 "FsVdInstReboot "=-
 "FsVdUnReboot "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

bayang · 2011/05/29

sir...i already follow ur instruction...but after i drag my file to combofix...my pc hang ...everytime i do the same action that u tell me...my pc got hang...are u recommand if i format my pc? what about other drive like D: E: ...can u help me after i format my pc...then we check other drive's if my pc got infected?

broni · 2011/05/29

I still need SystemLook log.

As for Combofix, restart computer in safe mode and try the fix again.

What are drives D and E?

bayang · 2011/06/01

tomorrow i give u a SystemLook Log ...btw drives D n E just my mp3 n video ..

broni · 2011/06/01

Ok.....

Log in or Sign up

Inactive All Icons,Folders And Files At Desktop,Start Menu Hidden

bayang Inactive Thread Starter

bayang Inactive Thread Starter

bayang Inactive Thread Starter

bayang Inactive Thread Starter

Admin. Administrator Administrator Staff

bayang Inactive Thread Starter

broni Moderator Malware Analyst

bayang Inactive Thread Starter

broni Moderator Malware Analyst

bayang Inactive Thread Starter

broni Moderator Malware Analyst

bayang Inactive Thread Starter

bayang Inactive Thread Starter

broni Moderator Malware Analyst

bayang Inactive Thread Starter

broni Moderator Malware Analyst

bayang Inactive Thread Starter

broni Moderator Malware Analyst

bayang Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive All Icons,Folders And Files At Desktop,Start Menu Hidden

bayang Inactive Thread Starter

bayang Inactive Thread Starter

bayang Inactive Thread Starter

bayang Inactive Thread Starter

Admin. Administrator Administrator Staff

bayang Inactive Thread Starter

broni Moderator Malware Analyst

bayang Inactive Thread Starter

broni Moderator Malware Analyst

bayang Inactive Thread Starter

broni Moderator Malware Analyst

bayang Inactive Thread Starter

bayang Inactive Thread Starter

broni Moderator Malware Analyst

bayang Inactive Thread Starter

broni Moderator Malware Analyst

bayang Inactive Thread Starter

broni Moderator Malware Analyst

bayang Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches