TechSpot

Qvo6 problem however,

By neowing
Apr 16, 2013
  1. Hello ?
    I accidently [most likely unknowingly] install qvo6.
    I did not notice how it is inside of my computer.

    Every Browever was redirectly to qvo6 's unknown domain.
    Therefore, I did the virus scan but it didn't fix it all.
    Scan did not detect "that qvo6"

    I uninstall IE/Chrome/FF.
    As well as qvo6 <---- it had uninstaller.
    Then reinstall Chrome Only.

    I looked internet if I could solve it by myself...
    Unfortunately, I cannot find right answer.

    Therefore, I use "Windows Backup" to 4days ago's
    As a result, Every Browser turned back normal.

    However, I want to make sure it is safe to use this computer to the online shopping/bank.
    Could you tell me what do I do for now ?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    You've been to this forum before so you should know what we need....

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  3. neowing

    neowing TS Booster Topic Starter Posts: 288

    First, I have to say sorry for I didn't follow steps.

    Anyway, I followed 4 steps:
    Antivirus/ MBAM didn't find anything.

    However, I upload DDS attachment but I have to say one thing.
    Right now, I am living in different country.
    So, inside of those attachment log have "Asian" Language.

    Thank you for replaying.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

     
  5. neowing

    neowing TS Booster Topic Starter Posts: 288

    I copy/past the log.

    DDS Attach:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate K
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2013-04-05 오후 1:27:02
    System Uptime: 2013-04-17 오전 7:57:06 (2 hours ago)
    .
    Motherboard: ASRock | | P67 Extreme4
    Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | CPUSocket | 3301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 320.492 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 188.657 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 298 GiB total, 89.456 GiB free.
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP45: 2013-04-12 오후 5:35:58 - DirectX 설치됨
    RP46: 2013-04-12 오후 6:17:03 - Installed Python 2.7.3
    RP47: 2013-04-16 오후 6:44:21 - Windows 모듈 설치기
    RP48: 2013-04-16 오후 6:55:52 - Windows Update
    RP49: 2013-04-16 오후 7:08:06 - Windows Update
    RP50: 2013-04-16 오후 7:16:35 - 복원 작업
    RP51: 2013-04-16 오후 7:53:32 - Windows Update
    RP52: 2013-04-16 오후 7:59:20 - Windows Update
    RP53: 2013-04-16 오후 8:07:16 - Windows Update
    RP54: 2013-04-16 오후 8:17:53 - Windows Update
    RP55: 2013-04-16 오후 8:25:47 - Windows Update
    RP56: 2013-04-16 오후 8:54:44 - Removed V3 Lite
    RP57: 2013-04-16 오후 8:55:43 - avast! Free Antivirus 설정
    RP58: 2013-04-16 오후 9:15:41 - Installed Python 2.7.3
    RP59: 2013-04-17 오전 8:04:44 - Installed Java 7 Update 21
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20 (x64 edition)
    Adobe Acrobat X Pro - English, Fran?is, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Content Viewer
    Adobe Creative Suite 5.5 Master Collection
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.6) - Korean
    Adobe Story
    Adobe Widget Browser
    AhnLab Online Security
    Apple Software Update
    Apple 응용 프로그램 지원
    Asmedia ASM104x USB 3.0 Host Controller Driver
    avast! Free Antivirus
    BOSS
    CCleaner
    Chrome
    COMODO Internet Security
    CyberLink PowerDVD 8
    DTS+AC3 필터
    Etron USB3.0 Host Controller
    GeekBuddy
    Google Update Helper
    Intel(R) Management Engine Components
    Intel(R) Smart Connect Technology 2.0 x64
    Intel® Trusted Connect Service Client
    IPinside Agent
    Java 7 Update 21
    Java Auto Updater
    K-Lite Codec Pack 9.8.5 (64-bit)
    K-Lite Mega Codec Pack 9.8.5
    LG PC Suite
    LG United Mobile Driver
    Malwarebytes Anti-Malware 버전 1.75.0.1300
    Microsoft Office Access MUI (Korean) 2010
    Microsoft Office Excel MUI (Korean) 2010
    Microsoft Office Groove MUI (Korean) 2010
    Microsoft Office IME (Korean) 2010
    Microsoft Office InfoPath MUI (Korean) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (Korean) 2010
    Microsoft Office Outlook MUI (Korean) 2010
    Microsoft Office PowerPoint MUI (Korean) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (Korean) 2010
    Microsoft Office Proofing (Korean) 2010
    Microsoft Office Publisher MUI (Korean) 2010
    Microsoft Office Shared 64-bit MUI (Korean) 2010
    Microsoft Office Shared MUI (Korean) 2010
    Microsoft Office Word MUI (Korean) 2010
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Microsoft_VC90_MFCLOC_x86
    Microsoft_VC90_MFCLOC_x86_x64
    Mozilla Firefox 20.0.1 (x86 ko)
    Mozilla Maintenance Service
    MPEG2코덱(libmpeg2/mad)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Ultra Edition
    neroxml
    Nexus Mod Manager
    NVIDIA 3D Vision 드라이버 314.22
    NVIDIA 3D Vision 컨트롤러 드라이버 314.22
    NVIDIA HD 오디오 드라이버 1.3.23.1
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX 시스템 소프트웨어 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update Components
    NVIDIA 그래픽 드라이버 314.22
    NVIDIA 업데이트 1.12.12
    NVIDIA 제어판 314.22
    PDF Settings CS5
    PxMergeModule
    Python 2.7 comtypes-0.6.2
    Python 2.7 pywin32-218
    Python 2.7.3
    QuickTime
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    TouchEn key with E2E for 32bit
    Veraport20(보안모듈 관리 프로그램) - 2,5,2,3
    VirtualDVD 2.5.0.0
    WinRAR 4.20 (64-bit)
    Wrye Bash
    wxPython 2.8.12.1 (unicode) for Python 2.7
    XecureWeb UnifiedPlugin
    μTorrent
    곰TV 플러그인
    곰플레이어
    반디집
    한컴오피스 2010
    .
    ==== End Of File ===========================


    DDS:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
    Run by FamilyCom at 9:22:05 on 2013-04-17
    Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.8154.5841 [GMT 9:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\VirtualDVD\VirtualDVD.exe
    C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
    C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.naver.com/
    mWinlogon: Userinit = userinit.exe
    BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [uTorrent] "C:\Users\FamilyCom\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [VirtualDVD] "C:\Program Files (x86)\VirtualDVD\VirtualDVD.exe" /Startup
    mRun: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [IME14 KOR Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [HncUpdate] C:\Program Files (x86)\Hnc\HncUtils\HncChecker.exe
    mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Microsoft Excel로 내보내기(&X) - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: OneNote로 보내기(&N) - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {1C3DB737-3814-495E-87D5-62968A2A1761} - hxxp://activex.off.co.kr/toolbar/DicoStarterX.cab
    DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - C:\Users\FAMILY~1\AppData\Local\Temp\5002543\TouchEnKey_Installer_x86.exe
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 168.126.63.1 168.126.63.2
    TCP: Interfaces\{A127E362-2855-4737-A15D-DABB58F73491} : DHCPNameServer = 168.126.63.1 168.126.63.2
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IME14 KOR Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log
    x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\FamilyCom\AppData\Roaming\Mozilla\Firefox\Profiles\0xr32m0f.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll
    FF - plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll
    FF - plugin: C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Windows\System32\npDeployJava1.dll
    FF - plugin: C:\Windows\System32\npKeyPro.dll
    FF - plugin: C:\Windows\System32\npmproxy.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npKeyPro.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-04-12 17:09; {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}; C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    FF - ExtSQL: 2013-04-12 17:11; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-16 65336]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-12 55280]
    R1 AMonTDLH;AMonTDLH;C:\Windows\System32\drivers\AmonTDLh.sys [2013-4-7 118072]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-16 1025808]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-16 377920]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-1-16 23176]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-1-16 699880]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-1-16 48360]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2008-2-1 32240]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-16 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-16 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-16 45248]
    R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-3-29 70352]
    R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-3-13 1851088]
    R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-1-21 83312]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
    R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-4-5 161560]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-6 283200]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512]
    R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
    R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
    R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
    R3 JRSUKD25;JRSUKD25;C:\Windows\System32\JRSUKD25.SYS [2013-4-7 19888]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-24 646248]
    R3 VirtualDVD;VirtualDVD;C:\Windows\System32\drivers\VirtualDVD.sys [2013-4-12 184320]
    R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-4-5 34752]
    S3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2013-4-10 31744]
    S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2013-4-10 29184]
    S3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;C:\Windows\System32\drivers\lgandnetdiag264.sys [2013-4-10 29184]
    S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2013-4-10 36352]
    S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-16 178624]
    S3 CdmDrvNt;CdmDrvNt;C:\Windows\System32\drivers\CdmDrvNt.sys [2013-4-5 25656]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-24 158928]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-22 71168]
    S3 kcrtx64;kcrtx64;C:\Windows\System32\kcrtx64.sys [2013-4-7 141848]
    S3 MfFWEnt;MfFWEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [2013-4-7 126072]
    S3 MfIPSEnt;MfIPSEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [2013-4-7 155256]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-22 88960]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-22 34816]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-22 117248]
    .
    =============== File Associations ===============
    .
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-04-16 23:07:4625928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-04-16 23:05:3995648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-16 22:58:1394656----a-w-C:\Windows\System32\WPRO_41_2001woem.tmp
    2013-04-16 12:19:51--------d-----w-C:\Program Files (x86)\Common Files\Wrye Bash
    2013-04-16 12:19:448192----a-w-C:\Windows\SysWow64\pythoncomloader27.dll
    2013-04-16 12:19:44364544----a-w-C:\Windows\SysWow64\pythoncom27.dll
    2013-04-16 12:19:44110080----a-w-C:\Windows\SysWow64\pywintypes27.dll
    2013-04-16 11:57:1470992----a-w-C:\Windows\System32\drivers\aswRdr2.sys
    2013-04-16 11:57:131025808----a-w-C:\Windows\System32\drivers\aswSnx.sys
    2013-04-16 11:57:1265336----a-w-C:\Windows\System32\drivers\aswRvrt.sys
    2013-04-16 11:57:12178624----a-w-C:\Windows\System32\drivers\aswVmm.sys
    2013-04-16 11:57:0780816----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
    2013-04-16 11:56:0241664----a-w-C:\Windows\avastSS.scr
    2013-04-16 11:55:53--------d-----w-C:\Program Files\AVAST Software
    2013-04-16 11:53:58--------d-----w-C:\ProgramData\AVAST Software
    2013-04-16 11:06:303717632----a-w-C:\Windows\System32\mstscax.dll
    2013-04-16 11:06:283217408----a-w-C:\Windows\SysWow64\mstscax.dll
    2013-04-16 11:06:28158720----a-w-C:\Windows\System32\aaclient.dll
    2013-04-16 11:06:28131584----a-w-C:\Windows\SysWow64\aaclient.dll
    2013-04-16 11:06:2744032----a-w-C:\Windows\System32\tsgqec.dll
    2013-04-16 11:06:2736864----a-w-C:\Windows\SysWow64\tsgqec.dll
    2013-04-16 11:00:179311288----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C2C9FC5-FC98-45AC-9B7C-E2A123FF3274}\mpengine.dll
    2013-04-16 10:58:363153408----a-w-C:\Windows\System32\win32k.sys
    2013-04-16 10:56:595550424----a-w-C:\Windows\System32\ntoskrnl.exe
    2013-04-16 10:56:586656----a-w-C:\Windows\SysWow64\apisetschema.dll
    2013-04-16 10:56:5843520----a-w-C:\Windows\System32\csrsrv.dll
    2013-04-16 10:56:583968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-16 10:56:583913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-16 10:56:58112640----a-w-C:\Windows\System32\smss.exe
    2013-04-16 09:24:42--------d-----w-C:\Program Files\CCleaner
    2013-04-16 08:47:28--------d-----w-C:\Users\FamilyCom\AppData\Roaming\Malwarebytes
    2013-04-16 08:47:21--------d-----w-C:\ProgramData\Malwarebytes
    2013-04-16 08:47:20--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-16 08:28:14--------d-----w-C:\Program Files (x86)\Common Files\337
    2013-04-16 08:27:40--------d-----w-C:\ProgramData\eSafe
    2013-04-16 08:15:26--------d-----w-C:\Users\FamilyCom\AppData\Local\Macromedia
    2013-04-16 08:15:01--------d-----w-C:\Users\FamilyCom\AppData\Local\Mozilla
    2013-04-14 11:18:08--------d-----w-C:\Program Files (x86)\Skyrim Mods
    2013-04-13 02:52:45--------d-----w-C:\Program Files (x86)\Banktown
    2013-04-13 01:49:28--------d-----w-C:\Program Files (x86)\INICIS61
    2013-04-12 12:55:56--------d-----w-C:\BOSS
    2013-04-12 09:17:24--------d-----w-C:\Python27
    2013-04-12 09:03:47--------d-----w-C:\Games
    2013-04-12 09:02:57--------d-----w-C:\Program Files\Nexus Mod Manager
    2013-04-12 08:55:26--------d-----w-C:\Users\FamilyCom\AppData\Local\Black_Tree_Gaming
    2013-04-12 08:52:22--------d-----w-C:\Users\FamilyCom\AppData\Local\Skyrim
    2013-04-12 08:36:5972200----a-w-C:\Windows\System32\XAPOFX1_1.dll
    2013-04-12 08:25:16--------d-----w-C:\ProgramData\regid.1986-12.com.adobe
    2013-04-12 08:20:32--------d-----w-C:\ProgramData\ALM
    2013-04-12 08:14:32--------d-----w-C:\Users\FamilyCom\Adobe Flash Builder 4.5
    2013-04-12 08:08:20--------d-----w-C:\Program Files (x86)\Adobe Story
    2013-04-12 08:03:4555280------w-C:\Windows\System32\drivers\PxHlpa64.sys
    2013-04-12 08:03:4510224------w-C:\Windows\System32\drivers\cdralw2k.sys
    2013-04-12 08:03:4510224------w-C:\Windows\System32\drivers\cdr4_xp.sys
    2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\My Company Name
    2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\Common Files\Sonic Shared
    2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\Common Files\PX Storage Engine
    2013-04-12 07:46:06--------d-----w-C:\Users\FamilyCom\AppData\Roaming\VirtualDVD
    2013-04-12 07:45:18184320----a-w-C:\Windows\System32\drivers\VirtualDVD.sys
    2013-04-12 07:45:18--------d-----w-C:\Windows\SysWow64\VirtualDVD InstallData
    2013-04-12 07:45:18--------d-----w-C:\Program Files (x86)\VirtualDVD
    2013-04-10 11:27:1931744----a-w-C:\Windows\System32\drivers\lgandnetadb.sys
    2013-04-10 11:27:1836352----a-w-C:\Windows\System32\drivers\lgandnetmodem64.sys
    2013-04-10 11:27:1429184----a-w-C:\Windows\System32\drivers\lgandnetdiag64.sys
    2013-04-10 11:27:1429184----a-w-C:\Windows\System32\drivers\lgandnetdiag264.sys
    2013-04-10 11:25:20655872----a-w-C:\Windows\SysWow64\msvcr90.dll
    2013-04-10 11:25:20568832----a-w-C:\Windows\SysWow64\msvcp90.dll
    2013-04-10 11:25:20224768----a-w-C:\Windows\SysWow64\msvcm90.dll
    2013-04-10 11:25:1844544----a-w-C:\Windows\SysWow64\msxml4a.dll
    2013-04-10 11:25:1753248----a-w-C:\Windows\SysWow64\CommonDL.dll
    2013-04-10 11:25:14--------d-----w-C:\ProgramData\LGMOBILEAX
    2013-04-10 11:25:08--------d-----w-C:\LGMobileUpgrade
    2013-04-09 13:10:10--------d-----w-C:\Users\FamilyCom\AppData\Local\Bandizip
    2013-04-08 03:18:06--------d-----w-C:\Users\FamilyCom\AppData\Roaming\NVIDIA
    2013-04-08 02:10:55--------d-----w-C:\Users\FamilyCom\AppData\Roaming\LG Electronics
    2013-04-08 02:08:26--------d-----w-C:\Users\FamilyCom\AppData\Local\LG Electronics
    2013-04-08 02:06:53--------d-----w-C:\Program Files (x86)\LG Electronics
    2013-04-07 05:51:11118072----a-w-C:\Windows\System32\drivers\AmonTDLh.sys
    2013-04-07 05:49:48--------d-----w-C:\Program Files (x86)\AhnLab
    2013-04-07 05:49:46--------d-----w-C:\Program Files\NPKI
    2013-04-07 05:49:43--------d-----w-C:\Program Files (x86)\Softforum
    2013-04-07 05:49:26--------d-----w-C:\Program Files (x86)\Wizvera
    2013-04-06 13:25:14--------d--h--w-C:\VTRoot
    2013-04-06 13:16:32--------d-----w-C:\Program Files\COMODO
    2013-04-06 13:16:19--------d-----w-C:\ProgramData\Comodo Downloader
    2013-04-06 12:40:28--------d-----w-C:\Users\FamilyCom\AppData\Roaming\DAEMON Tools Lite
    2013-04-06 12:40:27--------d-----w-C:\ProgramData\DAEMON Tools Lite
    2013-04-06 12:36:57--------d-----w-C:\Users\FamilyCom\AppData\Local\Diagnostics
    2013-04-06 12:30:12564824----a-w-C:\Windows\System32\drivers\sptd.sys
    2013-04-06 08:23:59206336----a-w-C:\Windows\System32\unrar64.dll
    2013-04-06 08:23:59148992----a-w-C:\Windows\System32\lagarith.dll
    2013-04-06 08:23:58127488----a-w-C:\Windows\System32\ff_vfw.dll
    2013-04-06 08:23:57--------d-----w-C:\Program Files\K-Lite Codec Pack x64
    2013-04-06 08:22:49650752----a-w-C:\Windows\SysWow64\xvidcore.dll
    2013-04-06 08:22:4939936----a-w-C:\Windows\SysWow64\huffyuv.dll
    2013-04-06 08:22:493649536----a-w-C:\Windows\SysWow64\x264vfw.dll
    2013-04-06 08:22:49243200----a-w-C:\Windows\SysWow64\xvidvfw.dll
    2013-04-06 08:22:49216064----a-w-C:\Windows\SysWow64\lagarith.dll
    2013-04-06 08:22:49178688----a-w-C:\Windows\SysWow64\unrar.dll
    2013-04-06 08:22:49151552----a-w-C:\Windows\SysWow64\ac3acm.acm
    2013-04-06 08:22:47112640----a-w-C:\Windows\SysWow64\ff_vfw.dll
    2013-04-06 08:22:46--------d-----w-C:\Program Files (x86)\K-Lite Codec Pack
    2013-04-06 08:22:20--------d-----w-C:\Users\FamilyCom\AppData\Local\Programs
    2013-04-06 07:16:55--------d-----w-C:\Users\FamilyCom\AppData\Local\Adobe
    2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin6.dll
    2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin5.dll
    2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin4.dll
    2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin3.dll
    2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin2.dll
    2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin.dll
    2013-04-06 02:58:56--------d-----w-C:\Users\FamilyCom\AppData\Local\Apple
    2013-04-06 02:57:22--------d-----w-C:\Users\FamilyCom\AppData\Roaming\RealNetworks
    2013-04-06 02:57:09--------d-----w-C:\Program Files (x86)\RealNetworks
    2013-04-06 02:57:08--------d-----w-C:\ProgramData\RealNetworks
    2013-04-06 02:57:02--------d-----w-C:\Program Files (x86)\Common Files\xing shared
    2013-04-06 02:18:46--------d-----w-C:\Program Files (x86)\Common Files\COMODO
    2013-04-06 02:13:28--------d-----w-C:\ProgramData\COMODO
    2013-04-06 02:13:12--------d-----w-C:\Program Files (x86)\Comodo
    2013-04-06 02:05:33--------d-----w-C:\Users\FamilyCom\AppData\Roaming\uTorrent
    2013-04-06 02:04:04861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2013-04-06 02:04:04782240----a-w-C:\Windows\SysWow64\deployJava1.dll
    2013-04-05 13:28:20--------d-----w-C:\Users\FamilyCom\AppData\Local\CrashDumps
    2013-04-05 11:14:59--------d-----w-C:\Users\FamilyCom\AppData\Local\Google
    2013-04-05 11:14:50--------d-----w-C:\Users\FamilyCom\AppData\Local\Apps
    2013-04-05 11:14:49--------d-----w-C:\Users\FamilyCom\AppData\Local\Deployment
    2013-04-05 06:44:483045104----a-w-C:\Windows\System32\btscan.exe
    2013-04-05 06:44:47--------d-----w-C:\Program Files\Common Files\AhnLab
    2013-04-05 06:43:1825656----a-w-C:\Windows\System32\drivers\CdmDrvNt.sys
    2013-04-05 06:43:16--------d-----w-C:\Program Files\AhnLab
    2013-04-05 06:42:13--------d-----w-C:\ProgramData\AhnLab
    2013-04-05 06:19:27--------d-----w-C:\Program Files (x86)\Etron Technology
    2013-04-05 06:18:58--------d-----w-C:\Users\FamilyCom\AppData\Roaming\Estsoft
    2013-04-05 06:18:56--------d-----w-C:\Users\FamilyCom\AppData\Local\ECRSC
    2013-04-05 06:17:53--------d-----w-C:\Users\FamilyCom\AppData\Roaming\HNC
    2013-04-05 06:17:0965136----a-w-C:\Windows\System32\HNCE2PPRMON80.dll
    2013-04-05 06:14:45667136----a-w-C:\Windows\SysWow64\OGACheckControl.dll
    2013-04-05 06:14:45667136----a-w-C:\Windows\System32\OGACheckControl.dll
    2013-04-05 06:04:52--------d-----w-C:\Program Files (x86)\Microsoft Synchronization Services
    2013-04-05 06:04:41--------d-----w-C:\Windows\PCHEALTH
    2013-04-05 06:04:41--------d-----w-C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2013-04-05 06:04:00--------d-----w-C:\Program Files (x86)\Microsoft Visual Studio 8
    2013-04-05 06:02:33--------d-----w-C:\Program Files (x86)\Microsoft Analysis Services
    2013-04-05 06:02:18--------d-----w-C:\Users\FamilyCom\AppData\Local\Microsoft Help
    2013-04-05 05:12:02--------d-sh--r-C:\Windows Activation Technologies
    2013-04-05 05:11:23405881----a-w-C:\Windows\KJ.exe
    2013-04-05 05:11:13--------d-----w-C:\Windows\KJ
    2013-04-05 04:44:07--------d-----w-C:\NVIDIA
    2013-04-05 04:41:04--------d-----w-C:\Program Files (x86)\ASM104xUSB3
    2013-04-05 04:40:48--------d-----w-C:\Windows\System32\appmgmt
    2013-04-05 04:39:2534752----a-w-C:\Windows\System32\drivers\WPRO_41_2001.sys
    2013-04-05 04:38:07--------d-----w-C:\Windows\SysWow64\RTCOM
    2013-04-05 04:38:07--------d-----w-C:\Program Files\Realtek
    2013-04-05 04:38:01--------d-----w-C:\ProgramData\Downloaded Installations
    2013-04-05 04:36:5274272----a-w-C:\Windows\System32\RtNicProp64.dll
    2013-04-05 04:36:52107552----a-w-C:\Windows\System32\RTNUninst64.dll
    2013-04-05 04:36:46--------d-----w-C:\Program Files (x86)\Realtek
    2013-04-05 04:36:0915128----a-w-C:\Windows\System32\drivers\IntelMEFWVer.dll
    2013-04-05 04:35:4253248----a-w-C:\Windows\SysWow64\CSVer.dll
    2013-04-05 04:35:29--------d-----w-C:\Intel
    2013-04-05 04:26:53--------d-sh--w-C:\Recovery
    2013-04-05 04:26:52--------d-sh--weC:\ProgramData\시작 메뉴
    2013-04-05 04:26:52--------d-sh--weC:\ProgramData\바탕 화면
    .
    ==================== Find3M ====================
    .
    2013-04-16 23:10:5171048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-16 23:10:51691592----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-04-06 12:40:33283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
    2013-04-06 02:56:55499712----a-w-C:\Windows\SysWow64\msvcp71.dll
    2013-04-06 02:56:55348160----a-w-C:\Windows\SysWow64\msvcr71.dll
    2013-03-15 04:16:183477280----a-w-C:\Windows\System32\nvsvc64.dll
    2013-03-15 04:16:176398240----a-w-C:\Windows\System32\nvcpl.dll
    2013-03-15 04:16:10877856----a-w-C:\Windows\System32\nvvsvc.exe
    2013-03-15 04:16:1063776----a-w-C:\Windows\System32\nvshext.dll
    2013-03-15 04:16:102555680----a-w-C:\Windows\System32\nvsvcr.dll
    2013-03-15 04:16:10237856----a-w-C:\Windows\System32\nvmctray.dll
    2013-03-14 13:07:52559904----a-w-C:\Windows\SysWow64\nvStreaming.exe
    2013-03-13 16:24:013065455----a-w-C:\Windows\System32\nvcoproc.bin
    2013-03-11 16:10:56282744------w-C:\Windows\System32\MpSigStub.exe
    2013-02-23 16:26:0729480----a-w-C:\Windows\SysWow64\msxml3a.dll
    2013-02-22 06:27:492312704----a-w-C:\Windows\System32\jscript9.dll
    2013-02-22 06:20:511392128----a-w-C:\Windows\System32\wininet.dll
    2013-02-22 06:19:371494528----a-w-C:\Windows\System32\inetcpl.cpl
    2013-02-22 06:15:48173056----a-w-C:\Windows\System32\ieUnatt.exe
    2013-02-22 06:15:23599040----a-w-C:\Windows\System32\vbscript.dll
    2013-02-22 06:12:412382848----a-w-C:\Windows\System32\mshtml.tlb
    2013-02-22 03:46:001800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-02-22 03:38:001129472----a-w-C:\Windows\SysWow64\wininet.dll
    2013-02-22 03:37:501427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2013-02-22 03:34:17142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2013-02-22 03:34:03420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2013-02-22 03:31:462382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2013-02-12 04:12:0519968----a-w-C:\Windows\System32\drivers\usb8023.sys
    2013-02-10 03:25:271807136----a-w-C:\Windows\System32\nvdispco6420294.dll
    2013-02-10 03:25:271510176----a-w-C:\Windows\System32\nvdispgenco6420162.dll
    2013-01-24 13:43:0443216----a-w-C:\Windows\System32\cmdcsr.dll
    2013-01-24 13:43:02461384----a-w-C:\Windows\System32\guard64.dll
    2013-01-24 13:43:02354752----a-w-C:\Windows\SysWow64\guard32.dll
    2013-01-24 13:42:5445776----a-w-C:\Windows\System32\cmdkbd64.dll
    2013-01-24 13:42:54326352----a-w-C:\Windows\System32\cmdvrt64.dll
    2013-01-24 13:42:5040656----a-w-C:\Windows\SysWow64\cmdkbd32.dll
    2013-01-24 13:42:50263888----a-w-C:\Windows\SysWow64\cmdvrt32.dll
    .
    ============= FINISH: 9:22:51.60 ===============


    MBAM:

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    DB 버전: v2013.04.17.01

    Windows 7 Service Pack 1 x64 NTFS
    인터넷 익스플로러 9.0.8112.16421
    FamilyCom :: FAMILYCOM-PC [관리자]

    2013-04-17 오전 9:18:17
    mbam-log-2013-04-17 (09-18-17).txt

    검사 방식: 빠른 검사
    활성화된 검사 옵션: 메모리 | 시작 프로그램 | 레지스트리 | 파일 시스템 | 휴리스틱/Extra | 휴리스틱/Shuriken | PUP | PUM
    비활성화된 검사 옵션: P2P
    검사 대상: 235754
    경과 시간: 2 분, 12 초

    메모리 프로세스 감염: 0
    (탐지된 악성 항목이 없음)

    메모리 모듈 감염: 0
    (탐지된 악성 항목이 없음)

    레지스트리 키 감염: 0
    (탐지된 악성 항목이 없음)

    레지스트리 값 감염: 0
    (탐지된 악성 항목이 없음)

    레지스트리 데이터 항목 감염: 0
    (탐지된 악성 항목이 없음)

    폴더 감염: 0
    (탐지된 악성 항목이 없음)

    파일 감염: 0
    (탐지된 악성 항목이 없음)

    (완료)
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Hmmm....one more time....

    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  7. neowing

    neowing TS Booster Topic Starter Posts: 288

    Updated in previous post.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  9. neowing

    neowing TS Booster Topic Starter Posts: 288

    RogueKiller 1st:

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    메일 : tigzyRK<at>gmail<dot>com
    피드백 : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    웹사이트 : http://tigzy.geekstogo.com/roguekiller.php
    블로그 : http://tigzyrk.blogspot.com/

    운영 체제 : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    시작 모드: : 일반 모드
    사용자 : FamilyCom [관리자 권한]
    방식 : 검사 -- 날짜 : 04/17/2013 11:17:48
    | ARK || FAK || MBR |

    ¤¤¤ 악성 프로세스 : 0 ¤¤¤

    ¤¤¤ 레지스트리 항목 : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 발견
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 발견

    ¤¤¤ 특정 파일 / 폴더: ¤¤¤

    ¤¤¤ 드라이버 : [호출 안됨] ¤¤¤

    ¤¤¤ 호스트 파일: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 3dns.adobe.com
    127.0.0.1 3dns-1.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-4.adobe.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 activate.wip.adobe.com
    127.0.0.1 activate.wip1.adobe.com
    127.0.0.1 activate.wip2.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 activate.wip4.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-1.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 adobe-dns-4.adobe.com
    127.0.0.1 adobeereg.com
    [...]


    ¤¤¤ MBR 검사: ¤¤¤

    +++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
    --- User ---
    [MBR] 249cf3bd6a26e88d09311de924e0a94d
    [BSP] 4ff846e52f11ebb6cbc8e6d709fc0dc6 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476934 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 976762880 | Size: 476932 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SAMSUNG HD322HJ ATA Device +++++
    --- User ---
    [MBR] 4096895ae983853347ee11e923737ec6
    [BSP] e0469f37ee10b211566cff4bb39ace3c : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    마침 : << RKreport[1]_S_04172013_02d1117.txt >>
    RKreport[1]_S_04172013_02d1117.txt


    RogueKiller 2nd:

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    메일 : tigzyRK<at>gmail<dot>com
    피드백 : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    웹사이트 : http://tigzy.geekstogo.com/roguekiller.php
    블로그 : http://tigzyrk.blogspot.com/

    운영 체제 : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    시작 모드: : 일반 모드
    사용자 : FamilyCom [관리자 권한]
    방식 : 제거 -- 날짜 : 04/17/2013 11:19:07
    | ARK || FAK || MBR |

    ¤¤¤ 악성 프로세스 : 0 ¤¤¤

    ¤¤¤ 레지스트리 항목 : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 대체됨 (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 대체됨 (0)

    ¤¤¤ 특정 파일 / 폴더: ¤¤¤

    ¤¤¤ 드라이버 : [호출 안됨] ¤¤¤

    ¤¤¤ 호스트 파일: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 3dns.adobe.com
    127.0.0.1 3dns-1.adobe.com
    127.0.0.1 3dns-2.adobe.com
    127.0.0.1 3dns-3.adobe.com
    127.0.0.1 3dns-4.adobe.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 activate.wip.adobe.com
    127.0.0.1 activate.wip1.adobe.com
    127.0.0.1 activate.wip2.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 activate.wip4.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-1.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 adobe-dns-4.adobe.com
    127.0.0.1 adobeereg.com
    [...]


    ¤¤¤ MBR 검사: ¤¤¤

    +++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
    --- User ---
    [MBR] 249cf3bd6a26e88d09311de924e0a94d
    [BSP] 4ff846e52f11ebb6cbc8e6d709fc0dc6 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476934 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 976762880 | Size: 476932 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SAMSUNG HD322HJ ATA Device +++++
    --- User ---
    [MBR] 4096895ae983853347ee11e923737ec6
    [BSP] e0469f37ee10b211566cff4bb39ace3c : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    마침 : << RKreport[2]_D_04172013_02d1119.txt >>
    RKreport[1]_S_04172013_02d1117.txt ; RKreport[2]_D_04172013_02d1119.txt


    MB 1st:

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.04.17.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    FamilyCom :: FAMILYCOM-PC [administrator]

    2013-04-17 오전 11:47:09
    mbar-log-2013-04-17 (11-47-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 30773
    Time elapsed: 16 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    MB 2nd:

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.04.17.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    FamilyCom :: FAMILYCOM-PC [administrator]

    2013-04-17 오후 12:00:35
    mbar-log-2013-04-17 (12-00-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 30772
    Time elapsed: 11 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

     
  10. neowing

    neowing TS Booster Topic Starter Posts: 288

    System Log:


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 3.292000 GHz
    Memory total: 8549584896, free: 6719782912

    ------------ Kernel report ------------
    04/17/2013 11:29:26
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\sptd.sys
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\pciide.sys
    \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\System32\DRIVERS\cmderd.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\system32\DRIVERS\cmdguard.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \??\C:\Windows\system32\Drivers\AMonTDLH.sys
    \SystemRoot\System32\DRIVERS\cmdhlp.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\Drivers\aswrdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\inspect.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\System32\Drivers\EtronXHCI.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ISCTD64.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\VirtualDVD.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\EtronHub3.sys
    \SystemRoot\System32\Drivers\USBD.SYS
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \??\C:\Windows\system32\JRSUKD25.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\ikbevent.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\imsevent.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\WPRO_41_2001.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\setupapi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\imm32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\usp10.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\ole32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\user32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\nsi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\devobj.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8007865060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP6T0L0-8\
    Lower Device Object: 0xfffffa800759c060
    Lower Device Driver Name: \Driver\atapi\
    Device already Exists: 0xfffffa800995b540
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8007864060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-6\
    Lower Device Object: 0xfffffa8007582060
    Lower Device Driver Name: \Driver\atapi\
    Device already Exists: 0xfffffa8006d1a090
    Downloaded database version: v2013.04.17.01
    Downloaded database version: v2013.03.25.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8007864060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007864b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007864060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007582060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-6\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00f47ea80, 0xfffffa8007864060, 0xfffffa800a0ca680
    Lower DeviceData: 0xfffff8a00f795150, 0xfffffa8007582060, 0xfffffa8006d1a090
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A644CBDA

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 976760832
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976762880 Numsec = 976756736

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8007865060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007865ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007865060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800759c060, DeviceName: \Device\Ide\IdeDeviceP6T0L0-8\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00687e730, 0xfffffa8007865060, 0xfffffa8006ecf4f0
    Lower DeviceData: 0xfffff8a00f0e9ac0, 0xfffffa800759c060, 0xfffffa800995b540
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: FCC0FCC0

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 625137664

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 3.292000 GHz
    Memory total: 8549584896, free: 6712016896

    ------------ Kernel report ------------
    04/17/2013 11:48:40
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\sptd.sys
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\DRIVERS\pciide.sys
    \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\System32\DRIVERS\cmderd.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\system32\DRIVERS\cmdguard.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \??\C:\Windows\system32\Drivers\AMonTDLH.sys
    \SystemRoot\System32\DRIVERS\cmdhlp.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\Drivers\aswrdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\inspect.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\System32\Drivers\EtronXHCI.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ISCTD64.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\VirtualDVD.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\EtronHub3.sys
    \SystemRoot\System32\Drivers\USBD.SYS
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \??\C:\Windows\system32\JRSUKD25.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\ikbevent.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\imsevent.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\WPRO_41_2001.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\setupapi.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\imm32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\usp10.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\ole32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\user32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\nsi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\devobj.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8007865060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP6T0L0-8\
    Lower Device Object: 0xfffffa800759c060
    Lower Device Driver Name: \Driver\atapi\
    Device already Exists: 0xfffffa800995b540
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8007864060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-6\
    Lower Device Object: 0xfffffa8007582060
    Lower Device Driver Name: \Driver\atapi\
    Device already Exists: 0xfffffa8006d1a090
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8007864060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007864b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007864060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007582060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-6\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00e397510, 0xfffffa8007864060, 0xfffffa800a0ca680
    Lower DeviceData: 0xfffff8a00e3ed4a0, 0xfffffa8007582060, 0xfffffa8006d1a090
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A644CBDA

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 976760832
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 976762880 Numsec = 976756736

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8007865060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007865ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007865060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800759c060, DeviceName: \Device\Ide\IdeDeviceP6T0L0-8\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a00e41f010, 0xfffffa8007865060, 0xfffffa8006ecf4f0
    Lower DeviceData: 0xfffff8a006386d80, 0xfffffa800759c060, 0xfffffa800995b540
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: FCC0FCC0

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 625137664

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. neowing

    neowing TS Booster Topic Starter Posts: 288

    Where is your_name.exe ?
     
  13. neowing

    neowing TS Booster Topic Starter Posts: 288

    ComboFix Log:

    ComboFix 13-04-15.01 - FamilyCom 2013-04-17 13:50:56.1.4 - x64
    Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.8154.6452 [GMT 9:00]
    Running from: C:\Users\FamilyCom\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files (x86)\Common Files\337
    C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak
    C:\Windows\SysWow64\CKAgent.dat

    Infected copy of C:\Windows\System32\winver.exe was found and disinfected
    Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe


    ((((((((((((((((((((((((( Files Created from 2013-03-17 to 2013-04-17 )))))))))))))))))))))))))))))))


    2013-04-17 04:57:55 . 2013-04-17 04:57:5594656----a-w-C:\Windows\system32\WPRO_41_2001woem.tmp
    2013-04-17 04:56:56 . 2013-04-17 04:56:56--------d-----w-C:\Users\Default\AppData\Local\temp
    2013-04-16 23:07:46 . 2013-04-04 05:50:3225928----a-w-C:\Windows\system32\drivers\mbam.sys
    2013-04-16 23:05:49 . 2013-04-16 23:05:49--------d-----w-C:\Program Files (x86)\Common Files\Java
    2013-04-16 23:05:39 . 2013-04-03 20:35:0595648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-16 12:19:51 . 2013-04-16 12:19:51--------d-----w-C:\Program Files (x86)\Common Files\Wrye Bash
    2013-04-16 12:19:44 . 2012-10-27 14:26:468192----a-w-C:\Windows\SysWow64\pythoncomloader27.dll
    2013-04-16 12:19:44 . 2012-10-27 14:22:08364544----a-w-C:\Windows\SysWow64\pythoncom27.dll
    2013-04-16 12:19:44 . 2012-10-27 14:20:08110080----a-w-C:\Windows\SysWow64\pywintypes27.dll
    2013-04-16 11:57:16 . 2013-03-06 23:33:21377920----a-w-C:\Windows\system32\drivers\aswSP.sys
    2013-04-16 11:57:16 . 2013-03-06 23:33:2033400----a-w-C:\Windows\system32\drivers\aswFsBlk.sys
    2013-04-16 11:57:14 . 2013-03-06 23:33:2170992----a-w-C:\Windows\system32\drivers\aswRdr2.sys
    2013-04-16 11:57:13 . 2013-03-06 23:33:2168920----a-w-C:\Windows\system32\drivers\aswTdi.sys
    2013-04-16 11:57:13 . 2013-03-06 23:33:211025808----a-w-C:\Windows\system32\drivers\aswSnx.sys
    2013-04-16 11:57:12 . 2013-03-06 23:33:2165336----a-w-C:\Windows\system32\drivers\aswRvrt.sys
    2013-04-16 11:57:12 . 2013-03-06 23:33:21178624----a-w-C:\Windows\system32\drivers\aswVmm.sys
    2013-04-16 11:57:07 . 2013-03-06 23:33:2080816----a-w-C:\Windows\system32\drivers\aswMonFlt.sys
    2013-04-16 11:57:07 . 2013-03-06 23:32:22287840----a-w-C:\Windows\system32\aswBoot.exe
    2013-04-16 11:56:02 . 2013-03-06 23:32:5141664----a-w-C:\Windows\avastSS.scr
    2013-04-16 11:55:53 . 2013-04-16 11:55:53--------d-----w-C:\Program Files\AVAST Software
    2013-04-16 11:53:58 . 2013-04-16 11:55:53--------d-----w-C:\ProgramData\AVAST Software
    2013-04-16 11:06:30 . 2013-02-15 06:06:113717632----a-w-C:\Windows\system32\mstscax.dll
    2013-04-16 11:06:28 . 2013-02-15 06:02:26158720----a-w-C:\Windows\system32\aaclient.dll
    2013-04-16 11:06:28 . 2013-02-15 04:37:103217408----a-w-C:\Windows\SysWow64\mstscax.dll
    2013-04-16 11:06:28 . 2013-02-15 04:34:10131584----a-w-C:\Windows\SysWow64\aaclient.dll
    2013-04-16 11:06:27 . 2013-02-15 06:08:4044032----a-w-C:\Windows\system32\tsgqec.dll
    2013-04-16 11:06:27 . 2013-02-15 03:25:5136864----a-w-C:\Windows\SysWow64\tsgqec.dll
    2013-04-16 11:00:17 . 2013-03-15 06:28:529311288----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C2C9FC5-FC98-45AC-9B7C-E2A123FF3274}\mpengine.dll
    2013-04-16 10:58:36 . 2013-03-01 03:36:043153408----a-w-C:\Windows\system32\win32k.sys
    2013-04-16 10:56:59 . 2013-03-19 06:04:065550424----a-w-C:\Windows\system32\ntoskrnl.exe
    2013-04-16 10:56:58 . 2013-03-19 05:46:5643520----a-w-C:\Windows\system32\csrsrv.dll
    2013-04-16 10:56:58 . 2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-16 10:56:58 . 2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-16 10:56:58 . 2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
    2013-04-16 10:56:58 . 2013-03-19 03:06:33112640----a-w-C:\Windows\system32\smss.exe
    2013-04-16 10:32:28 . 2013-04-16 10:32:32--------d-----w-C:\Program Files (x86)\Mozilla Maintenance Service
    2013-04-16 09:24:42 . 2013-04-16 12:51:02--------d-----w-C:\Program Files\CCleaner
    2013-04-16 08:47:21 . 2013-04-16 08:47:21--------d-----w-C:\ProgramData\Malwarebytes
    2013-04-16 08:47:20 . 2013-04-16 23:07:47--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-16 08:27:40 . 2013-04-16 08:30:03--------d-----w-C:\ProgramData\eSafe
    2013-04-14 11:18:08 . 2013-04-14 11:18:08--------d-----w-C:\Program Files (x86)\Skyrim Mods
    2013-04-13 02:52:45 . 2013-04-13 02:52:45--------d-----w-C:\Program Files (x86)\Banktown
    2013-04-13 01:49:28 . 2013-04-13 02:52:47--------d-----w-C:\Program Files (x86)\INICIS61
    2013-04-12 12:55:56 . 2013-04-16 12:33:23--------d-----w-C:\BOSS
    2013-04-12 09:17:24 . 2013-04-16 12:19:41--------d-----w-C:\Python27
    2013-04-12 09:03:47 . 2013-04-12 09:04:04--------d-----w-C:\Games
    2013-04-12 09:02:57 . 2013-04-16 10:30:11--------d-----w-C:\Program Files\Nexus Mod Manager
    2013-04-12 08:36:59 . 2008-07-31 01:41:5272200----a-w-C:\Windows\system32\XAPOFX1_1.dll
    2013-04-12 08:25:16 . 2013-04-12 08:25:16--------d-----w-C:\ProgramData\regid.1986-12.com.adobe
    2013-04-12 08:20:32 . 2013-04-12 08:20:32--------d-----w-C:\ProgramData\ALM
    2013-04-12 08:08:20 . 2013-04-12 08:08:20--------d-----w-C:\Program Files (x86)\Adobe Story
    2013-04-12 08:03:45 . 2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\My Company Name
    2013-04-12 08:03:45 . 2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\Common Files\Sonic Shared
    2013-04-12 08:03:45 . 2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\Common Files\PX Storage Engine
    2013-04-12 08:03:45 . 2009-07-08 18:00:0055280------w-C:\Windows\system32\drivers\PxHlpa64.sys
    2013-04-12 08:03:45 . 2009-06-22 18:00:0010224------w-C:\Windows\system32\drivers\cdralw2k.sys
    2013-04-12 08:03:45 . 2009-06-22 18:00:0010224------w-C:\Windows\system32\drivers\cdr4_xp.sys
    2013-04-12 08:01:11 . 2013-04-12 08:22:52--------d-----w-C:\Program Files\Common Files\Adobe
    2013-04-12 08:01:10 . 2013-04-12 08:22:52--------d-----w-C:\Program Files\Adobe
    2013-04-12 08:00:13 . 2013-04-16 23:11:12--------d-----w-C:\Program Files (x86)\Common Files\Adobe AIR
    2013-04-12 07:45:18 . 2013-04-12 07:45:19--------d-----w-C:\Program Files (x86)\VirtualDVD
    2013-04-12 07:45:18 . 2013-04-12 07:45:18--------d-----w-C:\Windows\SysWow64\VirtualDVD InstallData
    2013-04-12 07:45:18 . 2013-01-03 04:05:24184320----a-w-C:\Windows\system32\drivers\VirtualDVD.sys
    2013-04-10 11:27:19 . 2012-07-03 02:58:0031744----a-w-C:\Windows\system32\drivers\lgandnetadb.sys
    2013-04-10 11:27:18 . 2012-07-03 02:50:0036352----a-w-C:\Windows\system32\drivers\lgandnetmodem64.sys
    2013-04-10 11:27:14 . 2012-07-03 02:50:0029184----a-w-C:\Windows\system32\drivers\lgandnetdiag64.sys
    2013-04-10 11:27:14 . 2012-07-03 02:50:0029184----a-w-C:\Windows\system32\drivers\lgandnetdiag264.sys
    2013-04-10 11:25:20 . 2011-05-10 04:37:38655872----a-w-C:\Windows\SysWow64\msvcr90.dll
    2013-04-10 11:25:20 . 2011-05-10 04:37:38568832----a-w-C:\Windows\SysWow64\msvcp90.dll
    2013-04-10 11:25:20 . 2011-05-10 04:37:38224768----a-w-C:\Windows\SysWow64\msvcm90.dll
    2013-04-10 11:25:18 . 2005-10-03 16:39:5844544----a-w-C:\Windows\SysWow64\msxml4a.dll
    2013-04-10 11:25:17 . 2006-05-03 23:33:4253248----a-w-C:\Windows\SysWow64\CommonDL.dll
    2013-04-10 11:25:14 . 2013-04-10 11:26:31--------d-----w-C:\ProgramData\LGMOBILEAX
    2013-04-10 11:25:08 . 2013-04-10 11:25:08--------d-----w-C:\LGMobileUpgrade
    2013-04-08 02:06:53 . 2013-04-10 11:27:24--------d-----w-C:\Program Files (x86)\LG Electronics
    2013-04-07 05:51:11 . 2012-09-14 07:42:00118072----a-w-C:\Windows\system32\drivers\AmonTDLh.sys
    2013-04-07 05:49:48 . 2013-04-07 05:49:48--------d-----w-C:\Program Files (x86)\AhnLab
    2013-04-07 05:49:46 . 2013-04-07 05:49:46--------d-----w-C:\Program Files\NPKI
    2013-04-07 05:49:43 . 2013-04-07 05:49:43--------d-----w-C:\Program Files (x86)\Softforum
    2013-04-07 05:49:26 . 2013-04-07 05:49:26--------d-----w-C:\Program Files (x86)\Wizvera
    2013-04-06 13:25:14 . 2013-04-06 13:25:14--------d-----w-C:\VTRoot
    2013-04-06 13:16:32 . 2013-04-06 13:16:32--------d-----w-C:\Program Files\COMODO
    2013-04-06 13:16:19 . 2013-04-06 13:16:19--------d-----w-C:\ProgramData\Comodo Downloader
    2013-04-06 12:40:27 . 2013-04-12 07:34:19--------d-----w-C:\ProgramData\DAEMON Tools Lite
    2013-04-06 12:30:12 . 2013-04-06 12:30:12564824----a-w-C:\Windows\system32\drivers\sptd.sys
    2013-04-06 08:23:59 . 2012-06-09 17:21:50206336----a-w-C:\Windows\system32\unrar64.dll
    2013-04-06 08:23:59 . 2011-12-07 17:37:18148992----a-w-C:\Windows\system32\lagarith.dll
    2013-04-06 08:23:58 . 2013-04-04 18:00:00127488----a-w-C:\Windows\system32\ff_vfw.dll
    2013-04-06 08:23:57 . 2013-04-06 08:23:59--------d-----w-C:\Program Files\K-Lite Codec Pack x64
    2013-04-06 08:22:49 . 2013-03-17 16:21:303649536----a-w-C:\Windows\SysWow64\x264vfw.dll
    2013-04-06 08:22:49 . 2012-06-09 17:21:56178688----a-w-C:\Windows\SysWow64\unrar.dll
    2013-04-06 08:22:49 . 2011-12-21 17:14:02151552----a-w-C:\Windows\SysWow64\ac3acm.acm
    2013-04-06 08:22:49 . 2011-12-07 17:32:24216064----a-w-C:\Windows\SysWow64\lagarith.dll
    2013-04-06 08:22:49 . 2011-06-24 14:44:30243200----a-w-C:\Windows\SysWow64\xvidvfw.dll
    2013-04-06 08:22:49 . 2011-06-24 14:28:22650752----a-w-C:\Windows\SysWow64\xvidcore.dll
    2013-04-06 08:22:49 . 2004-05-18 18:16:4239936----a-w-C:\Windows\SysWow64\huffyuv.dll
    2013-04-06 08:22:47 . 2013-04-04 18:00:00112640----a-w-C:\Windows\SysWow64\ff_vfw.dll
    2013-04-06 08:22:46 . 2013-04-06 08:22:48--------d-----w-C:\Program Files (x86)\K-Lite Codec Pack
    2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin6.dll
    2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin5.dll
    2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin4.dll
    2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin3.dll
    2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin2.dll
    2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin.dll
    2013-04-06 02:59:51 . 2013-04-06 03:00:08--------d-----w-C:\Program Files (x86)\QuickTime
    2013-04-06 02:59:51 . 2013-04-06 02:59:51--------d-----w-C:\ProgramData\Apple Computer
    2013-04-06 02:59:02 . 2013-04-06 02:59:02--------d-----w-C:\Program Files (x86)\Common Files\Apple
    2013-04-06 02:58:55 . 2013-04-06 02:58:56--------d-----w-C:\Program Files (x86)\Apple Software Update
    2013-04-06 02:58:55 . 2013-04-06 02:58:55--------d-----w-C:\ProgramData\Apple
    2013-04-06 02:57:02 . 2013-04-06 02:57:02--------d-----w-C:\Program Files (x86)\Common Files\xing shared
    2013-04-06 02:56:53 . 2013-04-06 02:57:06--------d-----w-C:\Program Files (x86)\Real
    2013-04-06 02:18:46 . 2013-04-06 02:18:46--------d-----w-C:\Program Files (x86)\Common Files\COMODO
    2013-04-06 02:13:28 . 2013-04-06 13:17:19--------d-----w-C:\ProgramData\COMODO
    2013-04-06 02:13:12 . 2013-04-07 11:49:14--------d-----w-C:\Program Files (x86)\Comodo
    2013-04-06 02:05:14 . 2013-04-06 02:05:14--------d-----w-C:\Program Files\7-Zip
    2013-04-06 02:04:28 . 2013-04-06 02:04:37--------d-----w-C:\Program Files\WinRAR
    2013-04-06 02:04:04 . 2013-04-06 02:03:53861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2013-04-06 02:04:04 . 2013-04-06 02:03:53782240----a-w-C:\Windows\SysWow64\deployJava1.dll
    2013-04-06 02:03:53 . 2013-04-16 23:05:39--------d-----w-C:\Program Files (x86)\Java
    2013-04-05 11:15:02 . 2013-04-16 10:19:08--------d-----w-C:\Program Files (x86)\Google
    2013-04-05 06:44:48 . 2013-04-09 12:30:003045104----a-w-C:\Windows\system32\btscan.exe
    2013-04-05 06:44:47 . 2013-04-16 11:55:08--------d-----w-C:\Program Files\Common Files\AhnLab
    2013-04-05 06:43:18 . 2009-07-21 01:00:2525656----a-w-C:\Windows\system32\drivers\CdmDrvNt.sys
    2013-04-05 06:43:16 . 2013-04-07 05:50:39--------d-----w-C:\Program Files\AhnLab
    2013-04-05 06:42:13 . 2013-04-05 06:43:35--------d-----w-C:\ProgramData\AhnLab


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    rKill Log:

    Rkill 2.4.7 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 04/17/2013 02:09:52 PM in x64 mode.
    Windows Version: Windows 7 Ultimate Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Possibly Patched Files.

    * C:\Windows\system32\winlogon.exe

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    Checking Windows Service Integrity:

    * Base Filtering Engine (BFE) is not Running.
    Startup Type set to: Automatic

    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic

    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Automatic

    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual

    * Network Store Interface Service (nsi) is not Running.
    Startup Type set to: Automatic

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Ancillary Function Driver for Winsock (AFD) is not Running.
    Startup Type set to: System

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    * NetBT (NetBT) is not Running.
    Startup Type set to: System

    * NSI proxy service driver. (nsiproxy) is not Running.
    Startup Type set to: System

    * NetIO 레거시 TDI 지원 드라이버 (tdx) is not Running.
    Startup Type set to: System

    Searching for Missing Digital Signatures:

    * C:\Windows\System32\user32.dll [NoSig]
    +-> C:\Windows\KJ\Pirate\P\SysWOW64P\user32.dll : 833,024 : 11/20/2010 00:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
    +-> C:\Windows\KJ\Pirate\P\x64P\user32.dll : 1,008,128 : 11/20/2010 00:27 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
    +-> C:\Windows\KJ\Pirate\P\x86P\user32.dll : 811,520 : 11/20/2010 00:21 AM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]
    +-> C:\Windows\KJ\Pirate\T\SysWOW64T\user32.dll : 833,024 : 11/20/2010 00:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
    +-> C:\Windows\KJ\Pirate\T\x64T\user32.dll : 1,008,640 : 01/16/2011 00:01 AM : 0b864e15a0badff0e7bb8b59009fddcf [Pos Repl]
    +-> C:\Windows\KJ\Pirate\T\x86T\user32.dll : 812,032 : 11/20/2010 00:21 AM : cf97d64d7ec169c53c93b0a192218b29 [Pos Repl]
    +-> C:\Windows\SysWOW64\user32.dll : 833,024 : 11/20/2010 00:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
    +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/21/2010 00:24 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
    +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/21/2010 00:24 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

    * C:\Windows\System32\winlogon.exe [NoSig]
    +-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe : 390,656 : 11/21/2010 00:24 AM : 1151b1baa6f350b1db6598e0fea7c457 [Pos Repl]

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 04/17/2013 02:11:10 PM
    Execution time: 0 hours(s), 1 minute(s), and 17 seconds(s)
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Combofix log is incomplete.
    There is more after this line:
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    It it was all you got re-run Combofix.
     
  15. neowing

    neowing TS Booster Topic Starter Posts: 288

    Yes, that is all.

    should I call "new restore point" and do the combofix again ?
     
  16. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Yes, please.
     
  17. neowing

    neowing TS Booster Topic Starter Posts: 288

    When I finished call "new restore point" AVAST 8 FREE turn into pro.
    As a result, I uninstall it.
    Then I do the combo / rkill.

    When I looked log, it is same as previous log

    So I am going to redownload AVAST 8 Free.
     
  18. neowing

    neowing TS Booster Topic Starter Posts: 288

    However, Here is "rKill Log"

    Rkill 2.4.7 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 04/18/2013 08:54:50 AM in x64 mode.
    Windows Version: Windows 7 Ultimate Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Possibly Patched Files.

    * C:\Windows\system32\winlogon.exe

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000

    Checking Windows Service Integrity:

    * Base Filtering Engine (BFE) is not Running.
    Startup Type set to: Automatic

    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic

    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Automatic

    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual

    * Network Store Interface Service (nsi) is not Running.
    Startup Type set to: Automatic

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Ancillary Function Driver for Winsock (AFD) is not Running.
    Startup Type set to: System

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    * NetBT (NetBT) is not Running.
    Startup Type set to: System

    * NSI proxy service driver. (nsiproxy) is not Running.
    Startup Type set to: System

    * NetIO 레거시 TDI 지원 드라이버 (tdx) is not Running.
    Startup Type set to: System

    Searching for Missing Digital Signatures:

    * C:\Windows\System32\user32.dll [NoSig]
    +-> C:\Windows\KJ\Pirate\P\SysWOW64P\user32.dll : 833,024 : 11/20/2010 00:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
    +-> C:\Windows\KJ\Pirate\P\x64P\user32.dll : 1,008,128 : 11/20/2010 00:27 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
    +-> C:\Windows\KJ\Pirate\P\x86P\user32.dll : 811,520 : 11/20/2010 00:21 AM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]
    +-> C:\Windows\KJ\Pirate\T\SysWOW64T\user32.dll : 833,024 : 11/20/2010 00:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
    +-> C:\Windows\KJ\Pirate\T\x64T\user32.dll : 1,008,640 : 01/16/2011 00:01 AM : 0b864e15a0badff0e7bb8b59009fddcf [Pos Repl]
    +-> C:\Windows\KJ\Pirate\T\x86T\user32.dll : 812,032 : 11/20/2010 00:21 AM : cf97d64d7ec169c53c93b0a192218b29 [Pos Repl]
    +-> C:\Windows\SysWOW64\user32.dll : 833,024 : 11/20/2010 00:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
    +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/21/2010 00:24 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
    +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/21/2010 00:24 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

    * C:\Windows\System32\winlogon.exe [NoSig]
    +-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe : 390,656 : 11/21/2010 00:24 AM : 1151b1baa6f350b1db6598e0fea7c457 [Pos Repl]

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 04/18/2013 08:56:19 AM
    Execution time: 0 hours(s), 1 minute(s), and 28 seconds(s)
     
  19. neowing

    neowing TS Booster Topic Starter Posts: 288

    Here is New ComboFix log:

    ComboFix 13-04-17.01 - FamilyCom 2013-04-18 8:58:09.2.4 - x64 MINIMAL
    Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.8154.6525 [GMT 9:00]
    Running from: C:\Users\FamilyCom\Desktop\your_name.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    ---- Previous Run -------

    C:\Windows\SysWow64\CKAgent.dat

    -- Previous Run --

    Infected copy of C:\Windows\System32\winver.exe was found and disinfected
    Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe

    --------

    Infected copy of C:\Windows\System32\winver.exe was found and disinfected
    Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe


    ((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))


    2013-04-18 00:02:22 . 2013-04-18 00:02:2294656----a-w-C:\Windows\system32\WPRO_41_2001woem.tmp
    2013-04-18 00:01:31 . 2013-04-18 00:01:31--------d-----w-C:\Users\Default\AppData\Local\temp
    2013-04-16 23:07:46 . 2013-04-04 05:50:3225928----a-w-C:\Windows\system32\drivers\mbam.sys
    2013-04-16 23:05:49 . 2013-04-16 23:05:49--------d-----w-C:\Program Files (x86)\Common Files\Java
    2013-04-16 23:05:39 . 2013-04-03 20:35:0595648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-16 12:19:51 . 2013-04-16 12:19:51--------d-----w-C:\Program Files (x86)\Common Files\Wrye Bash
    2013-04-16 12:19:44 . 2012-10-27 14:26:468192----a-w-C:\Windows\SysWow64\pythoncomloader27.dll
    2013-04-16 12:19:44 . 2012-10-27 14:22:08364544----a-w-C:\Windows\SysWow64\pythoncom27.dll
    2013-04-16 12:19:44 . 2012-10-27 14:20:08110080----a-w-C:\Windows\SysWow64\pywintypes27.dll
    2013-04-16 11:57:12 . 2013-03-06 23:33:2165336----a-w-C:\Windows\system32\drivers\aswRvrt.sys
    2013-04-16 11:57:12 . 2013-03-06 23:33:21178624----a-w-C:\Windows\system32\drivers\aswVmm.sys
    2013-04-16 11:57:07 . 2012-07-04 14:18:39258560----a-w-C:\Windows\system32\aswBoot.exe
    2013-04-16 11:55:53 . 2013-04-16 11:55:53--------d-----w-C:\Program Files\AVAST Software
    2013-04-16 11:53:58 . 2013-04-17 23:49:38--------d-----w-C:\ProgramData\AVAST Software
    2013-04-16 11:06:30 . 2013-02-15 06:06:113717632----a-w-C:\Windows\system32\mstscax.dll
    2013-04-16 11:06:28 . 2013-02-15 06:02:26158720----a-w-C:\Windows\system32\aaclient.dll
    2013-04-16 11:06:28 . 2013-02-15 04:37:103217408----a-w-C:\Windows\SysWow64\mstscax.dll
    2013-04-16 11:06:28 . 2013-02-15 04:34:10131584----a-w-C:\Windows\SysWow64\aaclient.dll
    2013-04-16 11:06:27 . 2013-02-15 06:08:4044032----a-w-C:\Windows\system32\tsgqec.dll
    2013-04-16 11:06:27 . 2013-02-15 03:25:5136864----a-w-C:\Windows\SysWow64\tsgqec.dll
    2013-04-16 11:00:17 . 2013-03-15 06:28:529311288----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C2C9FC5-FC98-45AC-9B7C-E2A123FF3274}\mpengine.dll
    2013-04-16 10:58:36 . 2013-03-01 03:36:043153408----a-w-C:\Windows\system32\win32k.sys
    2013-04-16 10:56:59 . 2013-03-19 06:04:065550424----a-w-C:\Windows\system32\ntoskrnl.exe
    2013-04-16 10:56:58 . 2013-03-19 05:46:5643520----a-w-C:\Windows\system32\csrsrv.dll
    2013-04-16 10:56:58 . 2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-16 10:56:58 . 2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-16 10:56:58 . 2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
    2013-04-16 10:56:58 . 2013-03-19 03:06:33112640----a-w-C:\Windows\system32\smss.exe
    2013-04-16 10:32:28 . 2013-04-16 10:32:32--------d-----w-C:\Program Files (x86)\Mozilla Maintenance Service
    2013-04-16 09:24:42 . 2013-04-16 12:51:02--------d-----w-C:\Program Files\CCleaner
    2013-04-16 08:47:21 . 2013-04-16 08:47:21--------d-----w-C:\ProgramData\Malwarebytes
    2013-04-16 08:47:20 . 2013-04-16 23:07:47--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-16 08:27:40 . 2013-04-16 08:30:03--------d-----w-C:\ProgramData\eSafe
    2013-04-14 11:18:08 . 2013-04-14 11:18:08--------d-----w-C:\Program Files (x86)\Skyrim Mods
    2013-04-13 02:52:45 . 2013-04-13 02:52:45--------d-----w-C:\Program Files (x86)\Banktown
    2013-04-13 01:49:28 . 2013-04-13 02:52:47--------d-----w-C:\Program Files (x86)\INICIS61
    2013-04-12 12:55:56 . 2013-04-16 12:33:23--------d-----w-C:\BOSS
    2013-04-12 09:17:24 . 2013-04-16 12:19:41--------d-----w-C:\Python27
    2013-04-12 09:03:47 . 2013-04-12 09:04:04--------d-----w-C:\Games
    2013-04-12 09:02:57 . 2013-04-16 10:30:11--------d-----w-C:\Program Files\Nexus Mod Manager
    2013-04-12 08:36:59 . 2008-07-31 01:41:5272200----a-w-C:\Windows\system32\XAPOFX1_1.dll
    2013-04-12 08:25:16 . 2013-04-12 08:25:16--------d-----w-C:\ProgramData\regid.1986-12.com.adobe
    2013-04-12 08:20:32 . 2013-04-12 08:20:32--------d-----w-C:\ProgramData\ALM
    2013-04-12 08:08:20 . 2013-04-12 08:08:20--------d-----w-C:\Program Files (x86)\Adobe Story
    2013-04-12 08:03:45 . 2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\My Company Name
    2013-04-12 08:03:45 . 2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\Common Files\Sonic Shared
    2013-04-12 08:03:45 . 2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\Common Files\PX Storage Engine
    2013-04-12 08:03:45 . 2009-07-08 18:00:0055280------w-C:\Windows\system32\drivers\PxHlpa64.sys
    2013-04-12 08:03:45 . 2009-06-22 18:00:0010224------w-C:\Windows\system32\drivers\cdralw2k.sys
    2013-04-12 08:03:45 . 2009-06-22 18:00:0010224------w-C:\Windows\system32\drivers\cdr4_xp.sys
    2013-04-12 08:01:11 . 2013-04-12 08:22:52--------d-----w-C:\Program Files\Common Files\Adobe
    2013-04-12 08:01:10 . 2013-04-12 08:22:52--------d-----w-C:\Program Files\Adobe
    2013-04-12 08:00:13 . 2013-04-16 23:11:12--------d-----w-C:\Program Files (x86)\Common Files\Adobe AIR
    2013-04-12 07:45:18 . 2013-04-12 07:45:19--------d-----w-C:\Program Files (x86)\VirtualDVD
    2013-04-12 07:45:18 . 2013-04-12 07:45:18--------d-----w-C:\Windows\SysWow64\VirtualDVD InstallData
    2013-04-12 07:45:18 . 2013-01-03 04:05:24184320----a-w-C:\Windows\system32\drivers\VirtualDVD.sys
    2013-04-10 11:27:19 . 2012-07-03 02:58:0031744----a-w-C:\Windows\system32\drivers\lgandnetadb.sys
    2013-04-10 11:27:18 . 2012-07-03 02:50:0036352----a-w-C:\Windows\system32\drivers\lgandnetmodem64.sys
    2013-04-10 11:27:14 . 2012-07-03 02:50:0029184----a-w-C:\Windows\system32\drivers\lgandnetdiag64.sys
    2013-04-10 11:27:14 . 2012-07-03 02:50:0029184----a-w-C:\Windows\system32\drivers\lgandnetdiag264.sys
    2013-04-10 11:25:20 . 2011-05-10 04:37:38655872----a-w-C:\Windows\SysWow64\msvcr90.dll
    2013-04-10 11:25:20 . 2011-05-10 04:37:38568832----a-w-C:\Windows\SysWow64\msvcp90.dll
    2013-04-10 11:25:20 . 2011-05-10 04:37:38224768----a-w-C:\Windows\SysWow64\msvcm90.dll
    2013-04-10 11:25:18 . 2005-10-03 16:39:5844544----a-w-C:\Windows\SysWow64\msxml4a.dll
    2013-04-10 11:25:17 . 2006-05-03 23:33:4253248----a-w-C:\Windows\SysWow64\CommonDL.dll
    2013-04-10 11:25:14 . 2013-04-10 11:26:31--------d-----w-C:\ProgramData\LGMOBILEAX
    2013-04-10 11:25:08 . 2013-04-10 11:25:08--------d-----w-C:\LGMobileUpgrade
    2013-04-08 02:06:53 . 2013-04-10 11:27:24--------d-----w-C:\Program Files (x86)\LG Electronics
    2013-04-07 05:51:11 . 2012-09-14 07:42:00118072----a-w-C:\Windows\system32\drivers\AmonTDLh.sys
    2013-04-07 05:49:48 . 2013-04-07 05:49:48--------d-----w-C:\Program Files (x86)\AhnLab
    2013-04-07 05:49:46 . 2013-04-07 05:49:46--------d-----w-C:\Program Files\NPKI
    2013-04-07 05:49:43 . 2013-04-07 05:49:43--------d-----w-C:\Program Files (x86)\Softforum
    2013-04-07 05:49:26 . 2013-04-07 05:49:26--------d-----w-C:\Program Files (x86)\Wizvera
    2013-04-06 13:25:14 . 2013-04-06 13:25:14--------d-----w-C:\VTRoot
    2013-04-06 13:16:32 . 2013-04-06 13:16:32--------d-----w-C:\Program Files\COMODO
    2013-04-06 13:16:19 . 2013-04-06 13:16:19--------d-----w-C:\ProgramData\Comodo Downloader
    2013-04-06 12:40:27 . 2013-04-12 07:34:19--------d-----w-C:\ProgramData\DAEMON Tools Lite
    2013-04-06 12:30:12 . 2013-04-06 12:30:12564824----a-w-C:\Windows\system32\drivers\sptd.sys
    2013-04-06 08:23:59 . 2012-06-09 17:21:50206336----a-w-C:\Windows\system32\unrar64.dll
    2013-04-06 08:23:59 . 2011-12-07 17:37:18148992----a-w-C:\Windows\system32\lagarith.dll
    2013-04-06 08:23:58 . 2013-04-04 18:00:00127488----a-w-C:\Windows\system32\ff_vfw.dll
    2013-04-06 08:23:57 . 2013-04-06 08:23:59--------d-----w-C:\Program Files\K-Lite Codec Pack x64
    2013-04-06 08:22:49 . 2013-03-17 16:21:303649536----a-w-C:\Windows\SysWow64\x264vfw.dll
    2013-04-06 08:22:49 . 2012-06-09 17:21:56178688----a-w-C:\Windows\SysWow64\unrar.dll
    2013-04-06 08:22:49 . 2011-12-21 17:14:02151552----a-w-C:\Windows\SysWow64\ac3acm.acm
    2013-04-06 08:22:49 . 2011-12-07 17:32:24216064----a-w-C:\Windows\SysWow64\lagarith.dll
    2013-04-06 08:22:49 . 2011-06-24 14:44:30243200----a-w-C:\Windows\SysWow64\xvidvfw.dll
    2013-04-06 08:22:49 . 2011-06-24 14:28:22650752----a-w-C:\Windows\SysWow64\xvidcore.dll
    2013-04-06 08:22:49 . 2004-05-18 18:16:4239936----a-w-C:\Windows\SysWow64\huffyuv.dll
    2013-04-06 08:22:47 . 2013-04-04 18:00:00112640----a-w-C:\Windows\SysWow64\ff_vfw.dll
    2013-04-06 08:22:46 . 2013-04-06 08:22:48--------d-----w-C:\Program Files (x86)\K-Lite Codec Pack
    2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin6.dll
    2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin5.dll
    2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin4.dll
    2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin3.dll
    2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin2.dll
    2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin.dll
    2013-04-06 02:59:51 . 2013-04-06 03:00:08--------d-----w-C:\Program Files (x86)\QuickTime
    2013-04-06 02:59:51 . 2013-04-06 02:59:51--------d-----w-C:\ProgramData\Apple Computer
    2013-04-06 02:59:02 . 2013-04-06 02:59:02--------d-----w-C:\Program Files (x86)\Common Files\Apple
    2013-04-06 02:58:55 . 2013-04-06 02:58:56--------d-----w-C:\Program Files (x86)\Apple Software Update
    2013-04-06 02:58:55 . 2013-04-06 02:58:55--------d-----w-C:\ProgramData\Apple
    2013-04-06 02:57:02 . 2013-04-06 02:57:02--------d-----w-C:\Program Files (x86)\Common Files\xing shared
    2013-04-06 02:56:53 . 2013-04-06 02:57:06--------d-----w-C:\Program Files (x86)\Real
    2013-04-06 02:18:46 . 2013-04-06 02:18:46--------d-----w-C:\Program Files (x86)\Common Files\COMODO
    2013-04-06 02:13:28 . 2013-04-06 13:17:19--------d-----w-C:\ProgramData\COMODO
    2013-04-06 02:13:12 . 2013-04-07 11:49:14--------d-----w-C:\Program Files (x86)\Comodo
    2013-04-06 02:05:14 . 2013-04-06 02:05:14--------d-----w-C:\Program Files\7-Zip
    2013-04-06 02:04:28 . 2013-04-06 02:04:37--------d-----w-C:\Program Files\WinRAR
    2013-04-06 02:04:04 . 2013-04-06 02:03:53861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2013-04-06 02:04:04 . 2013-04-06 02:03:53782240----a-w-C:\Windows\SysWow64\deployJava1.dll
    2013-04-06 02:03:53 . 2013-04-16 23:05:39--------d-----w-C:\Program Files (x86)\Java
    2013-04-05 11:15:02 . 2013-04-16 10:19:08--------d-----w-C:\Program Files (x86)\Google
    2013-04-05 06:44:48 . 2013-04-09 12:30:003045104----a-w-C:\Windows\system32\btscan.exe
    2013-04-05 06:44:47 . 2013-04-16 11:55:08--------d-----w-C:\Program Files\Common Files\AhnLab
    2013-04-05 06:43:18 . 2009-07-21 01:00:2525656----a-w-C:\Windows\system32\drivers\CdmDrvNt.sys
    2013-04-05 06:43:16 . 2013-04-07 05:50:39--------d-----w-C:\Program Files\AhnLab
    2013-04-05 06:42:13 . 2013-04-05 06:43:35--------d-----w-C:\ProgramData\AhnLab
    2013-04-05 06:19:27 . 2013-04-05 06:19:27--------d-----w-C:\Program Files (x86)\Etron Technology
    2013-04-05 06:17:09 . 2012-10-24 08:52:1265136----a-w-C:\Windows\system32\HNCE2PPRMON80.dll
    2013-04-05 06:14:45 . 2009-09-06 17:30:02667136----a-w-C:\Windows\SysWow64\OGACheckControl.dll
    2013-04-05 06:14:45 . 2009-09-06 17:30:02667136----a-w-C:\Windows\system32\OGACheckControl.dll
    2013-04-05 06:04:52 . 2013-04-05 06:04:52--------d-----w-C:\Program Files (x86)\Microsoft Synchronization Services
    2013-04-05 06:04:41 . 2013-04-05 06:04:41--------d-----w-C:\Windows\PCHEALTH
    2013-04-05 06:04:41 . 2013-04-05 06:04:41--------d-----w-C:\Program Files (x86)\Microsoft.NET


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please re-run Combofix from safe mode.
     
  21. neowing

    neowing TS Booster Topic Starter Posts: 288

    I re-run ComboFix in Safe Mode.
    This time, when ComboFix automaticaly close windows in the safe mode.
    Computer run into the Normal mode, however, it showed the Small box that ComboFix is doing "3M"
    Previous Attempt didn't show that.


    Now here is Only ComboFix Log:



    ComboFix 13-04-18.01 - FamilyCom 2013-04-18 10:22:24.4.4 - x64 MINIMAL
    Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.8154.6431 [GMT 9:00]
    Running from: c:\users\FamilyCom\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -- Previous Run --
    .
    Infected copy of c:\windows\System32\winver.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
    .
    -- Previous Run --
    .
    Infected copy of c:\windows\System32\winver.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
    .
    --------
    .
    Infected copy of c:\windows\System32\winver.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
    .
    -- Previous Run --
    .
    Infected copy of c:\windows\System32\winver.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
    .
    -- Previous Run --
    .
    Infected copy of c:\windows\System32\winver.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
    .
    --------
    .
    Infected copy of c:\windows\System32\winver.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
    .
    --------
    .
    Infected copy of c:\windows\System32\winver.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
    .
    --------
    .
    Infected copy of c:\windows\System32\winver.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-18 01:26 . 2013-04-18 01:2694656----a-w-c:\windows\system32\WPRO_41_2001woem.tmp
    2013-04-18 01:25 . 2013-04-18 01:25--------d-----w-c:\users\Default\AppData\Local\temp
    2013-04-18 00:34 . 2013-04-18 00:34--------d-----w-c:\program files (x86)\Common Files\COMODO
    2013-04-18 00:17 . 2013-03-06 23:3322600----a-w-c:\windows\system32\drivers\aswKbd.sys
    2013-04-18 00:11 . 2013-03-06 23:3333400----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2013-04-18 00:11 . 2013-03-06 23:33377920----a-w-c:\windows\system32\drivers\aswSP.sys
    2013-04-18 00:11 . 2013-03-06 23:3370992----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2013-04-18 00:11 . 2013-03-06 23:3368920----a-w-c:\windows\system32\drivers\aswTdi.sys
    2013-04-18 00:11 . 2013-03-06 23:331025808----a-w-c:\windows\system32\drivers\aswSnx.sys
    2013-04-18 00:11 . 2013-03-06 23:3380816----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2013-04-18 00:11 . 2013-03-06 23:3241664----a-w-c:\windows\avastSS.scr
    2013-04-16 23:07 . 2013-04-04 05:5025928----a-w-c:\windows\system32\drivers\mbam.sys
    2013-04-16 23:05 . 2013-04-16 23:05--------d-----w-c:\program files (x86)\Common Files\Java
    2013-04-16 23:05 . 2013-04-03 20:3595648----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-16 12:19 . 2013-04-16 12:19--------d-----w-c:\program files (x86)\Common Files\Wrye Bash
    2013-04-16 12:19 . 2012-10-27 14:268192----a-w-c:\windows\SysWow64\pythoncomloader27.dll
    2013-04-16 12:19 . 2012-10-27 14:22364544----a-w-c:\windows\SysWow64\pythoncom27.dll
    2013-04-16 12:19 . 2012-10-27 14:20110080----a-w-c:\windows\SysWow64\pywintypes27.dll
    2013-04-16 11:57 . 2013-03-06 23:3365336----a-w-c:\windows\system32\drivers\aswRvrt.sys
    2013-04-16 11:57 . 2013-03-06 23:33178624----a-w-c:\windows\system32\drivers\aswVmm.sys
    2013-04-16 11:57 . 2013-03-06 23:32287840----a-w-c:\windows\system32\aswBoot.exe
    2013-04-16 11:55 . 2013-04-18 00:11--------d-----w-c:\program files\AVAST Software
    2013-04-16 11:53 . 2013-04-18 00:11--------d-----w-c:\programdata\AVAST Software
    2013-04-16 11:06 . 2013-02-15 06:063717632----a-w-c:\windows\system32\mstscax.dll
    2013-04-16 11:06 . 2013-02-15 06:02158720----a-w-c:\windows\system32\aaclient.dll
    2013-04-16 11:06 . 2013-02-15 04:373217408----a-w-c:\windows\SysWow64\mstscax.dll
    2013-04-16 11:06 . 2013-02-15 04:34131584----a-w-c:\windows\SysWow64\aaclient.dll
    2013-04-16 11:06 . 2013-02-15 06:0844032----a-w-c:\windows\system32\tsgqec.dll
    2013-04-16 11:06 . 2013-02-15 03:2536864----a-w-c:\windows\SysWow64\tsgqec.dll
    2013-04-16 11:00 . 2013-03-15 06:289311288----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C2C9FC5-FC98-45AC-9B7C-E2A123FF3274}\mpengine.dll
    2013-04-16 10:58 . 2013-03-01 03:363153408----a-w-c:\windows\system32\win32k.sys
    2013-04-16 10:56 . 2013-03-19 06:045550424----a-w-c:\windows\system32\ntoskrnl.exe
    2013-04-16 10:56 . 2013-03-19 05:4643520----a-w-c:\windows\system32\csrsrv.dll
    2013-04-16 10:56 . 2013-03-19 05:043968856----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2013-04-16 10:56 . 2013-03-19 05:043913560----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2013-04-16 10:56 . 2013-03-19 04:476656----a-w-c:\windows\SysWow64\apisetschema.dll
    2013-04-16 10:56 . 2013-03-19 03:06112640----a-w-c:\windows\system32\smss.exe
    2013-04-16 10:32 . 2013-04-16 10:32--------d-----w-c:\program files (x86)\Mozilla Maintenance Service
    2013-04-16 09:24 . 2013-04-16 12:51--------d-----w-c:\program files\CCleaner
    2013-04-16 08:47 . 2013-04-16 08:47--------d-----w-c:\programdata\Malwarebytes
    2013-04-16 08:47 . 2013-04-16 23:07--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-04-16 08:27 . 2013-04-16 08:30--------d-----w-c:\programdata\eSafe
    2013-04-14 11:18 . 2013-04-14 11:18--------d-----w-c:\program files (x86)\Skyrim Mods
    2013-04-13 02:52 . 2013-04-13 02:52--------d-----w-c:\program files (x86)\Banktown
    2013-04-13 01:49 . 2013-04-13 02:52--------d-----w-c:\program files (x86)\INICIS61
    2013-04-12 12:55 . 2013-04-16 12:33--------d-----w-C:\BOSS
    2013-04-12 09:17 . 2013-04-16 12:19--------d-----w-C:\Python27
    2013-04-12 09:03 . 2013-04-12 09:04--------d-----w-C:\Games
    2013-04-12 09:02 . 2013-04-16 10:30--------d-----w-c:\program files\Nexus Mod Manager
    2013-04-12 08:36 . 2008-07-31 01:4172200----a-w-c:\windows\system32\XAPOFX1_1.dll
    2013-04-12 08:25 . 2013-04-12 08:25--------d-----w-c:\programdata\regid.1986-12.com.adobe
    2013-04-12 08:20 . 2013-04-12 08:20--------d-----w-c:\programdata\ALM
    2013-04-12 08:08 . 2013-04-12 08:08--------d-----w-c:\program files (x86)\Adobe Story
    2013-04-12 08:03 . 2013-04-12 08:03--------d-----w-c:\program files (x86)\My Company Name
    2013-04-12 08:03 . 2013-04-12 08:03--------d-----w-c:\program files (x86)\Common Files\Sonic Shared
    2013-04-12 08:03 . 2013-04-12 08:03--------d-----w-c:\program files (x86)\Common Files\PX Storage Engine
    2013-04-12 08:03 . 2009-07-08 18:0055280------w-c:\windows\system32\drivers\PxHlpa64.sys
    2013-04-12 08:03 . 2009-06-22 18:0010224------w-c:\windows\system32\drivers\cdralw2k.sys
    2013-04-12 08:03 . 2009-06-22 18:0010224------w-c:\windows\system32\drivers\cdr4_xp.sys
    2013-04-12 08:01 . 2013-04-12 08:22--------d-----w-c:\program files\Common Files\Adobe
    2013-04-12 08:01 . 2013-04-12 08:22--------d-----w-c:\program files\Adobe
    2013-04-12 08:00 . 2013-04-16 23:11--------d-----w-c:\program files (x86)\Common Files\Adobe AIR
    2013-04-12 07:45 . 2013-04-12 07:45--------d-----w-c:\program files (x86)\VirtualDVD
    2013-04-12 07:45 . 2013-04-12 07:45--------d-----w-c:\windows\SysWow64\VirtualDVD InstallData
    2013-04-12 07:45 . 2013-01-03 04:05184320----a-w-c:\windows\system32\drivers\VirtualDVD.sys
    2013-04-10 11:27 . 2012-07-03 02:5831744----a-w-c:\windows\system32\drivers\lgandnetadb.sys
    2013-04-10 11:27 . 2012-07-03 02:5036352----a-w-c:\windows\system32\drivers\lgandnetmodem64.sys
    2013-04-10 11:27 . 2012-07-03 02:5029184----a-w-c:\windows\system32\drivers\lgandnetdiag64.sys
    2013-04-10 11:27 . 2012-07-03 02:5029184----a-w-c:\windows\system32\drivers\lgandnetdiag264.sys
    2013-04-10 11:25 . 2011-05-10 04:37655872----a-w-c:\windows\SysWow64\msvcr90.dll
    2013-04-10 11:25 . 2011-05-10 04:37568832----a-w-c:\windows\SysWow64\msvcp90.dll
    2013-04-10 11:25 . 2011-05-10 04:37224768----a-w-c:\windows\SysWow64\msvcm90.dll
    2013-04-10 11:25 . 2005-10-03 16:3944544----a-w-c:\windows\SysWow64\msxml4a.dll
    2013-04-10 11:25 . 2006-05-03 23:3353248----a-w-c:\windows\SysWow64\CommonDL.dll
    2013-04-10 11:25 . 2013-04-10 11:26--------d-----w-c:\programdata\LGMOBILEAX
    2013-04-10 11:25 . 2013-04-10 11:25--------d-----w-C:\LGMobileUpgrade
    2013-04-08 02:06 . 2013-04-10 11:27--------d-----w-c:\program files (x86)\LG Electronics
    2013-04-07 05:51 . 2012-09-14 07:42118072----a-w-c:\windows\system32\drivers\AmonTDLh.sys
    2013-04-07 05:49 . 2013-04-07 05:49--------d-----w-c:\program files (x86)\AhnLab
    2013-04-07 05:49 . 2013-04-07 05:49--------d-----w-c:\program files\NPKI
    2013-04-07 05:49 . 2013-04-07 05:49--------d-----w-c:\program files (x86)\Softforum
    2013-04-07 05:49 . 2013-04-07 05:49--------d-----w-c:\program files (x86)\Wizvera
    2013-04-06 13:25 . 2013-04-06 13:25--------d-----w-C:\VTRoot
    2013-04-06 13:16 . 2013-04-06 13:16--------d-----w-c:\program files\COMODO
    2013-04-06 13:16 . 2013-04-06 13:16--------d-----w-c:\programdata\Comodo Downloader
    2013-04-06 12:40 . 2013-04-12 07:34--------d-----w-c:\programdata\DAEMON Tools Lite
    2013-04-06 12:30 . 2013-04-06 12:30564824----a-w-c:\windows\system32\drivers\sptd.sys
    2013-04-06 08:23 . 2012-06-09 17:21206336----a-w-c:\windows\system32\unrar64.dll
    2013-04-06 08:23 . 2011-12-07 17:37148992----a-w-c:\windows\system32\lagarith.dll
    2013-04-06 08:23 . 2013-04-04 18:00127488----a-w-c:\windows\system32\ff_vfw.dll
    2013-04-06 08:23 . 2013-04-06 08:23--------d-----w-c:\program files\K-Lite Codec Pack x64
    2013-04-06 08:22 . 2013-03-17 16:213649536----a-w-c:\windows\SysWow64\x264vfw.dll
    2013-04-06 08:22 . 2012-06-09 17:21178688----a-w-c:\windows\SysWow64\unrar.dll
    2013-04-06 08:22 . 2011-12-21 17:14151552----a-w-c:\windows\SysWow64\ac3acm.acm
    2013-04-06 08:22 . 2011-12-07 17:32216064----a-w-c:\windows\SysWow64\lagarith.dll
    2013-04-06 08:22 . 2011-06-24 14:44243200----a-w-c:\windows\SysWow64\xvidvfw.dll
    2013-04-06 08:22 . 2011-06-24 14:28650752----a-w-c:\windows\SysWow64\xvidcore.dll
    2013-04-06 08:22 . 2004-05-18 18:1639936----a-w-c:\windows\SysWow64\huffyuv.dll
    2013-04-06 08:22 . 2013-04-04 18:00112640----a-w-c:\windows\SysWow64\ff_vfw.dll
    2013-04-06 08:22 . 2013-04-06 08:22--------d-----w-c:\program files (x86)\K-Lite Codec Pack
    2013-04-06 03:00 . 2013-04-06 03:00159744----a-w-c:\program files (x86)\Internet Explorer\플러그인\npqtplugin6.dll
    2013-04-06 03:00 . 2013-04-06 03:00159744----a-w-c:\program files (x86)\Internet Explorer\플러그인\npqtplugin5.dll
    2013-04-06 03:00 . 2013-04-06 03:00159744----a-w-c:\program files (x86)\Internet Explorer\플러그인\npqtplugin4.dll
    2013-04-06 03:00 . 2013-04-06 03:00159744----a-w-c:\program files (x86)\Internet Explorer\플러그인\npqtplugin3.dll
    2013-04-06 03:00 . 2013-04-06 03:00159744----a-w-c:\program files (x86)\Internet Explorer\플러그인\npqtplugin2.dll
    2013-04-06 03:00 . 2013-04-06 03:00159744----a-w-c:\program files (x86)\Internet Explorer\플러그인\npqtplugin.dll
    2013-04-06 02:59 . 2013-04-06 03:00--------d-----w-c:\program files (x86)\QuickTime
    2013-04-06 02:59 . 2013-04-06 02:59--------d-----w-c:\programdata\Apple Computer
    2013-04-06 02:59 . 2013-04-06 02:59--------d-----w-c:\program files (x86)\Common Files\Apple
    2013-04-06 02:58 . 2013-04-06 02:58--------d-----w-c:\program files (x86)\Apple Software Update
    2013-04-06 02:58 . 2013-04-06 02:58--------d-----w-c:\programdata\Apple
    2013-04-06 02:57 . 2013-04-06 02:57--------d-----w-c:\program files (x86)\Common Files\xing shared
    2013-04-06 02:56 . 2013-04-06 02:57--------d-----w-c:\program files (x86)\Real
    2013-04-06 02:13 . 2013-04-06 13:17--------d-----w-c:\programdata\COMODO
    2013-04-06 02:13 . 2013-04-07 11:49--------d-----w-c:\program files (x86)\Comodo
    2013-04-06 02:05 . 2013-04-06 02:05--------d-----w-c:\program files\7-Zip
    2013-04-06 02:04 . 2013-04-06 02:04--------d-----w-c:\program files\WinRAR
    2013-04-06 02:04 . 2013-04-06 02:03861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2013-04-06 02:04 . 2013-04-06 02:03782240----a-w-c:\windows\SysWow64\deployJava1.dll
    2013-04-06 02:03 . 2013-04-16 23:05--------d-----w-c:\program files (x86)\Java
    2013-04-05 11:15 . 2013-04-18 00:14--------d-----w-c:\program files (x86)\Google
    2013-04-05 06:44 . 2013-04-09 12:303045104----a-w-c:\windows\system32\btscan.exe
    2013-04-05 06:44 . 2013-04-16 11:55--------d-----w-c:\program files\Common Files\AhnLab
    2013-04-05 06:43 . 2009-07-21 01:0025656----a-w-c:\windows\system32\drivers\CdmDrvNt.sys
    2013-04-05 06:43 . 2013-04-07 05:50--------d-----w-c:\program files\AhnLab
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-16 23:10 . 2013-02-23 15:4971048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-16 23:10 . 2013-02-23 15:49691592----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-04-06 12:40 . 2013-03-06 03:04283200----a-w-c:\windows\system32\drivers\dtsoftbus01.sys
    2013-04-06 02:56 . 2006-07-16 22:00499712----a-w-c:\windows\SysWow64\msvcp71.dll
    2013-04-06 02:56 . 2006-07-16 22:00348160----a-w-c:\windows\SysWow64\msvcr71.dll
    2013-04-01 10:58 . 2013-02-23 16:4872702784----a-w-c:\windows\system32\MRT.exe
    2013-03-14 13:07 . 2013-03-14 13:07559904----a-w-c:\windows\SysWow64\nvStreaming.exe
    2013-03-11 16:10 . 2010-11-21 03:27282744------w-c:\windows\system32\MpSigStub.exe
    2013-02-23 16:43 . 2013-02-23 16:4391648----a-w-c:\windows\system32\SetIEInstalledDate.exe
    2013-02-23 16:43 . 2013-02-23 16:4389088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
    2013-02-23 16:43 . 2013-02-23 16:4389088----a-w-c:\windows\system32\ie4uinit.exe
    2013-02-23 16:43 . 2013-02-23 16:4386528----a-w-c:\windows\SysWow64\iesysprep.dll
    2013-02-23 16:43 . 2013-02-23 16:4385504----a-w-c:\windows\system32\iesetup.dll
    2013-02-23 16:43 . 2013-02-23 16:4382432----a-w-c:\windows\system32\icardie.dll
    2013-02-23 16:43 . 2013-02-23 16:4376800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-02-23 16:43 . 2013-02-23 16:4376800----a-w-c:\windows\system32\tdc.ocx
    2013-02-23 16:43 . 2013-02-23 16:4374752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-02-23 16:43 . 2013-02-23 16:4374752----a-w-c:\windows\SysWow64\iesetup.dll
    2013-02-23 16:43 . 2013-02-23 16:4365024----a-w-c:\windows\system32\pngfilt.dll
    2013-02-23 16:43 . 2013-02-23 16:4363488----a-w-c:\windows\SysWow64\tdc.ocx
    2013-02-23 16:43 . 2013-02-23 16:4355296----a-w-c:\windows\system32\msfeedsbs.dll
    2013-02-23 16:43 . 2013-02-23 16:43534528----a-w-c:\windows\system32\ieapfltr.dll
    2013-02-23 16:43 . 2013-02-23 16:4349664----a-w-c:\windows\system32\imgutil.dll
    2013-02-23 16:43 . 2013-02-23 16:4348640----a-w-c:\windows\SysWow64\mshtmler.dll
    2013-02-23 16:43 . 2013-02-23 16:4348640----a-w-c:\windows\system32\mshtmler.dll
    2013-02-23 16:43 . 2013-02-23 16:43452608----a-w-c:\windows\system32\dxtmsft.dll
    2013-02-23 16:43 . 2013-02-23 16:43448512----a-w-c:\windows\system32\html.iec
    2013-02-23 16:43 . 2013-02-23 16:43403248----a-w-c:\windows\system32\iedkcs32.dll
    2013-02-23 16:43 . 2013-02-23 16:4339936----a-w-c:\windows\system32\iernonce.dll
    2013-02-23 16:43 . 2013-02-23 16:433695416----a-w-c:\windows\system32\ieapfltr.dat
    2013-02-23 16:43 . 2013-02-23 16:43367104----a-w-c:\windows\SysWow64\html.iec
    2013-02-23 16:43 . 2013-02-23 16:4335840----a-w-c:\windows\SysWow64\imgutil.dll
    2013-02-23 16:43 . 2013-02-23 16:4330720----a-w-c:\windows\system32\licmgr10.dll
    2013-02-23 16:43 . 2013-02-23 16:43282112----a-w-c:\windows\system32\dxtrans.dll
    2013-02-23 16:43 . 2013-02-23 16:43267776----a-w-c:\windows\system32\ieaksie.dll
    2013-02-23 16:43 . 2013-02-23 16:43249344----a-w-c:\windows\system32\webcheck.dll
    2013-02-23 16:43 . 2013-02-23 16:4323552----a-w-c:\windows\SysWow64\licmgr10.dll
    2013-02-23 16:43 . 2013-02-23 16:43222208----a-w-c:\windows\system32\msls31.dll
    2013-02-23 16:43 . 2013-02-23 16:43197120----a-w-c:\windows\system32\msrating.dll
    2013-02-23 16:43 . 2013-02-23 16:43165888----a-w-c:\windows\system32\iexpress.exe
    2013-02-23 16:43 . 2013-02-23 16:43163840----a-w-c:\windows\system32\ieakui.dll
    2013-02-23 16:43 . 2013-02-23 16:43161792----a-w-c:\windows\SysWow64\msls31.dll
    2013-02-23 16:43 . 2013-02-23 16:43160256----a-w-c:\windows\system32\wextract.exe
    2013-02-23 16:43 . 2013-02-23 16:43160256----a-w-c:\windows\system32\ieakeng.dll
    2013-02-23 16:43 . 2013-02-23 16:43152064----a-w-c:\windows\SysWow64\wextract.exe
    2013-02-23 16:43 . 2013-02-23 16:43150528----a-w-c:\windows\SysWow64\iexpress.exe
    2013-02-23 16:43 . 2013-02-23 16:43149504----a-w-c:\windows\system32\occache.dll
    2013-02-23 16:43 . 2013-02-23 16:43145920----a-w-c:\windows\system32\iepeers.dll
    2013-02-23 16:43 . 2013-02-23 16:43135168----a-w-c:\windows\system32\IEAdvpack.dll
    2013-02-23 16:43 . 2013-02-23 16:4312288----a-w-c:\windows\system32\mshta.exe
    2013-02-23 16:43 . 2013-02-23 16:4311776----a-w-c:\windows\SysWow64\mshta.exe
    2013-02-23 16:43 . 2013-02-23 16:43114176----a-w-c:\windows\system32\admparse.dll
    2013-02-23 16:43 . 2013-02-23 16:43111616----a-w-c:\windows\system32\iesysprep.dll
    2013-02-23 16:43 . 2013-02-23 16:43110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
    2013-02-23 16:43 . 2013-02-23 16:4310752----a-w-c:\windows\system32\msfeedssync.exe
    2013-02-23 16:43 . 2013-02-23 16:43103936----a-w-c:\windows\system32\inseng.dll
    2013-02-23 16:43 . 2013-02-23 16:43101888----a-w-c:\windows\SysWow64\admparse.dll
    2013-02-23 16:26 . 2013-02-23 16:2629480----a-w-c:\windows\SysWow64\msxml3a.dll
    2013-01-24 13:43 . 2013-01-24 13:4343216----a-w-c:\windows\system32\cmdcsr.dll
    2013-01-24 13:43 . 2013-01-24 13:43461384----a-w-c:\windows\system32\guard64.dll
    2013-01-24 13:43 . 2013-01-24 13:43354752----a-w-c:\windows\SysWow64\guard32.dll
    2013-01-24 13:42 . 2013-01-24 13:4245776----a-w-c:\windows\system32\cmdkbd64.dll
    2013-01-24 13:42 . 2013-01-24 13:42326352----a-w-c:\windows\system32\cmdvrt64.dll
    2013-01-24 13:42 . 2013-01-24 13:4240656----a-w-c:\windows\SysWow64\cmdkbd32.dll
    2013-01-24 13:42 . 2013-01-24 13:42263888----a-w-c:\windows\SysWow64\cmdvrt32.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [-] 2011-01-16 . 81257415084B84F3C0D95C381A8D4C8F . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
    .
    [-] 2011-01-16 . 0B864E15A0BADFF0E7BB8B59009FDDCF . 1008640 . . [6.1.7601.17514] .. c:\windows\KJ\Pirate\T\x64T\user32.dll
    [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
    [7] 2010-11-19 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\KJ\Pirate\P\x64P\user32.dll
    [-] 2011-01-16 . 0B864E15A0BADFF0E7BB8B59009FDDCF . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\users\FamilyCom\AppData\Roaming\uTorrent\uTorrent.exe" [2013-04-16 802136]
    "VirtualDVD"="c:\program files (x86)\VirtualDVD\VirtualDVD.exe" [2013-02-18 3253760]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Korean IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "IME14 KOR Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "HncUpdate"="c:\program files (x86)\Hnc\HncUtils\HncChecker.exe" [2012-10-17 715624]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-04-06 295512]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
    "gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-04-17 1851088]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe [2013-4-17 49352]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
    Ime FileREG_SZ IMKR14.IME
    .
    R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
    R3 AhnFlt2k;AhnFlt2k;c:\windows\system32\Drivers\AhnFlt2k.sys [x]
    R3 AhnRec2k;AhnRec2k;c:\windows\system32\Drivers\AhnRec2k.sys [x]
    R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [2012-07-03 31744]
    R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys [2012-07-03 29184]
    R3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\DRIVERS\lgandnetdiag264.sys [2012-07-03 29184]
    R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys [2012-07-03 36352]
    R3 aswVmm;aswVmm; [x]
    R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\Drivers\CdmDrvNt.sys [2009-07-21 25656]
    R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-01-24 158928]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [x]
    R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys [2013-04-07 141848]
    R3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [2010-06-28 126072]
    R3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [2010-06-28 155256]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    S0 aswRvrt;aswRvrt; [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys [2012-09-14 118072]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-01-16 23176]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-01-16 699880]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-01-16 48360]
    S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2008-02-01 32240]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
    S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [2013-04-17 70344]
    S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-04-17 1851088]
    S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-01-20 83312]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
    S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-05 39056]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-06 283200]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
    S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
    S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
    S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
    S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2013-04-07 19888]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
    S3 VirtualDVD;VirtualDVD;c:\windows\system32\DRIVERS\VirtualDVD.sys [2013-01-03 184320]
    S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2013-04-18 34752]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-04-10 05:201642448----a-w-c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 23:10]
    .
    2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-05 11:15]
    .
    2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-05 11:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-03-06 23:32133840----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2013-03-07 07:31776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-03-07 07:31776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2013-03-07 07:31776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2013-03-07 07:31776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
    "IME14 KOR Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 109424]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1451728]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-29 499608]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.naver.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Microsoft Excel로 내보내기(&X) - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: OneNote로 보내기(&N) - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 168.126.63.1 168.126.63.2
    DPF: {1C3DB737-3814-495E-87D5-62968A2A1761} - hxxp://activex.off.co.kr/toolbar/DicoStarterX.cab
    FF - ProfilePath - c:\users\FamilyCom\AppData\Roaming\Mozilla\Firefox\Profiles\0xr32m0f.default\
    FF - ExtSQL: 2013-04-12 17:09; {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}; c:\program files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    FF - ExtSQL: 2013-04-12 17:11; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    .
    **************************************************************************
    .
    Completion time: 2013-04-18 10:31:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-04-18 01:31
    .
    Pre-Run: 432,016,105,472 바이트 남음
    Post-Run: 431,425,085,440 바이트 남음
    .
    - - End Of File - - 3F1F7A1758885E945E67CC3BA1B797F1
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe | c:\windows\system32\winlogon.exe
    c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll | c:\windows\system32\user32.dll
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  23. neowing

    neowing TS Booster Topic Starter Posts: 288

    Here is New Log:


    ComboFix 13-04-18.01 - FamilyCom 2013-04-18 13:40:18.5.4 - x64
    Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.8154.6246 [GMT 9:00]
    Running from: C:\Users\FamilyCom\Desktop\ComboFix.exe
    Command switches used :: C:\Users\FamilyCom\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    Infected copy of C:\Windows\System32\winver.exe was found and disinfected
    Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe


    --------------- FCopy ---------------

    c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe --> c:\windows\system32\winlogon.exe
    c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll

    ((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    The log is incomplete.
    If this is all what you got re-run Combofix without my code.
     
  25. neowing

    neowing TS Booster Topic Starter Posts: 288

    I tried 2 times and result is the same.
    I used your code.
    This computer is having a difficult time with ComboFix.

    Maybe I have to clean c:
    Before I do that I want to ask one question.

    My Main Harddrive is 1TB - It have 2 partition.
    I am trying to move "Download" folder (Which is in C) into other partition.

    If that happened, what will happened "resident Maware" that infected inside of my computer ?

    ---------
    But if you want to see the log I put them below:



    ComboFix 13-04-18.03 - FamilyCom 2013-04-19 8:29:12.7.4 - x64
    Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.8154.6408 [GMT 9:00]
    Running from: C:\Users\FamilyCom\Desktop\ComboFix.exe
    Command switches used :: C:\Users\FamilyCom\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    -- Previous Run --

    Infected copy of C:\Windows\System32\winver.exe was found and disinfected
    Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe

    -- Previous Run --

    Infected copy of C:\Windows\System32\winver.exe was found and disinfected
    Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe

    --------

    Infected copy of C:\Windows\System32\winver.exe was found and disinfected
    Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe

    --------

    Infected copy of C:\Windows\System32\winver.exe was found and disinfected
    Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe


    --------------- FCopy ---------------

    c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe --> c:\windows\system32\winlogon.exe
    c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll

    ((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...