Solved Qvo6 problem however,

[neowing]

Hello ?
I accidently [most likely unknowingly] install qvo6.
I did not notice how it is inside of my computer.

Every Browever was redirectly to qvo6 's unknown domain.
Therefore, I did the virus scan but it didn't fix it all.
Scan did not detect "that qvo6"

I uninstall IE/Chrome/FF.
As well as qvo6 <---- it had uninstaller.
Then reinstall Chrome Only.

I looked internet if I could solve it by myself...
Unfortunately, I cannot find right answer.

Therefore, I use "Windows Backup" to 4days ago's
As a result, Every Browser turned back normal.

However, I want to make sure it is safe to use this computer to the online shopping/bank.
Could you tell me what do I do for now ?

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

You've been to this forum before so you should know what we need....

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[neowing]

First, I have to say sorry for I didn't follow steps.

Anyway, I followed 4 steps:
Antivirus/ MBAM didn't find anything.

However, I upload DDS attachment but I have to say one thing.
Right now, I am living in different country.
So, inside of those attachment log have "Asian" Language.

Thank you for replaying.

 

[Broni]

Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[neowing]

I copy/past the log.

DDS Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate K
Boot Device: \Device\HarddiskVolume1
Install Date: 2013-04-05 오후 1:27:02
System Uptime: 2013-04-17 오전 7:57:06 (2 hours ago)
.
Motherboard: ASRock | | P67 Extreme4
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | CPUSocket | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 320.492 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 188.657 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 298 GiB total, 89.456 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP45: 2013-04-12 오후 5:35:58 - DirectX 설치됨
RP46: 2013-04-12 오후 6:17:03 - Installed Python 2.7.3
RP47: 2013-04-16 오후 6:44:21 - Windows 모듈 설치기
RP48: 2013-04-16 오후 6:55:52 - Windows Update
RP49: 2013-04-16 오후 7:08:06 - Windows Update
RP50: 2013-04-16 오후 7:16:35 - 복원 작업
RP51: 2013-04-16 오후 7:53:32 - Windows Update
RP52: 2013-04-16 오후 7:59:20 - Windows Update
RP53: 2013-04-16 오후 8:07:16 - Windows Update
RP54: 2013-04-16 오후 8:17:53 - Windows Update
RP55: 2013-04-16 오후 8:25:47 - Windows Update
RP56: 2013-04-16 오후 8:54:44 - Removed V3 Lite
RP57: 2013-04-16 오후 8:55:43 - avast! Free Antivirus 설정
RP58: 2013-04-16 오후 9:15:41 - Installed Python 2.7.3
RP59: 2013-04-17 오전 8:04:44 - Installed Java 7 Update 21
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Acrobat X Pro - English, Fran?is, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6) - Korean
Adobe Story
Adobe Widget Browser
AhnLab Online Security
Apple Software Update
Apple 응용 프로그램 지원
Asmedia ASM104x USB 3.0 Host Controller Driver
avast! Free Antivirus
BOSS
CCleaner
Chrome
COMODO Internet Security
CyberLink PowerDVD 8
DTS+AC3 필터
Etron USB3.0 Host Controller
GeekBuddy
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Smart Connect Technology 2.0 x64
Intel® Trusted Connect Service Client
IPinside Agent
Java 7 Update 21
Java Auto Updater
K-Lite Codec Pack 9.8.5 (64-bit)
K-Lite Mega Codec Pack 9.8.5
LG PC Suite
LG United Mobile Driver
Malwarebytes Anti-Malware 버전 1.75.0.1300
Microsoft Office Access MUI (Korean) 2010
Microsoft Office Excel MUI (Korean) 2010
Microsoft Office Groove MUI (Korean) 2010
Microsoft Office IME (Korean) 2010
Microsoft Office InfoPath MUI (Korean) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Korean) 2010
Microsoft Office Outlook MUI (Korean) 2010
Microsoft Office PowerPoint MUI (Korean) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Korean) 2010
Microsoft Office Proofing (Korean) 2010
Microsoft Office Publisher MUI (Korean) 2010
Microsoft Office Shared 64-bit MUI (Korean) 2010
Microsoft Office Shared MUI (Korean) 2010
Microsoft Office Word MUI (Korean) 2010
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mozilla Firefox 20.0.1 (x86 ko)
Mozilla Maintenance Service
MPEG2코덱(libmpeg2/mad)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
Nexus Mod Manager
NVIDIA 3D Vision 드라이버 314.22
NVIDIA 3D Vision 컨트롤러 드라이버 314.22
NVIDIA HD 오디오 드라이버 1.3.23.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX 시스템 소프트웨어 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
NVIDIA 그래픽 드라이버 314.22
NVIDIA 업데이트 1.12.12
NVIDIA 제어판 314.22
PDF Settings CS5
PxMergeModule
Python 2.7 comtypes-0.6.2
Python 2.7 pywin32-218
Python 2.7.3
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
TouchEn key with E2E for 32bit
Veraport20(보안모듈 관리 프로그램) - 2,5,2,3
VirtualDVD 2.5.0.0
WinRAR 4.20 (64-bit)
Wrye Bash
wxPython 2.8.12.1 (unicode) for Python 2.7
XecureWeb UnifiedPlugin
μTorrent
곰TV 플러그인
곰플레이어
반디집
한컴오피스 2010
.
==== End Of File ===========================


DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2
Run by FamilyCom at 9:22:05 on 2013-04-17
Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.8154.5841 [GMT 9:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\VirtualDVD\VirtualDVD.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.naver.com/
mWinlogon: Userinit = userinit.exe
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [uTorrent] "C:\Users\FamilyCom\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [VirtualDVD] "C:\Program Files (x86)\VirtualDVD\VirtualDVD.exe" /Startup
mRun: [Korean IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IME14 KOR Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HncUpdate] C:\Program Files (x86)\Hnc\HncUtils\HncChecker.exe
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Microsoft Excel로 내보내기(&X) - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: OneNote로 보내기(&N) - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {1C3DB737-3814-495E-87D5-62968A2A1761} - hxxp://activex.off.co.kr/toolbar/DicoStarterX.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - C:\Users\FAMILY~1\AppData\Local\Temp\5002543\TouchEnKey_Installer_x86.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 168.126.63.1 168.126.63.2
TCP: Interfaces\{A127E362-2855-4737-A15D-DABB58F73491} : DHCPNameServer = 168.126.63.1 168.126.63.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IME14 KOR Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\FamilyCom\AppData\Roaming\Mozilla\Firefox\Profiles\0xr32m0f.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll
FF - plugin: C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npKeyPro.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npKeyPro.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-04-12 17:09; {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}; C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - ExtSQL: 2013-04-12 17:11; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-16 65336]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-4-12 55280]
R1 AMonTDLH;AMonTDLH;C:\Windows\System32\drivers\AmonTDLh.sys [2013-4-7 118072]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-16 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-16 377920]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-1-16 23176]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-1-16 699880]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-1-16 48360]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2008-2-1 32240]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-16 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-16 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-16 45248]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-3-29 70352]
R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-3-13 1851088]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-1-21 83312]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-4-5 161560]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-6 283200]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2012-2-9 44992]
R3 JRSUKD25;JRSUKD25;C:\Windows\System32\JRSUKD25.SYS [2013-4-7 19888]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-24 646248]
R3 VirtualDVD;VirtualDVD;C:\Windows\System32\drivers\VirtualDVD.sys [2013-4-12 184320]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-4-5 34752]
S3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2013-4-10 31744]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2013-4-10 29184]
S3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;C:\Windows\System32\drivers\lgandnetdiag264.sys [2013-4-10 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2013-4-10 36352]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-16 178624]
S3 CdmDrvNt;CdmDrvNt;C:\Windows\System32\drivers\CdmDrvNt.sys [2013-4-5 25656]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-1-24 158928]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-22 71168]
S3 kcrtx64;kcrtx64;C:\Windows\System32\kcrtx64.sys [2013-4-7 141848]
S3 MfFWEnt;MfFWEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys [2013-4-7 126072]
S3 MfIPSEnt;MfIPSEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys [2013-4-7 155256]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-22 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-22 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-22 117248]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-04-16 23:07:4625928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-04-16 23:05:3995648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 22:58:1394656----a-w-C:\Windows\System32\WPRO_41_2001woem.tmp
2013-04-16 12:19:51--------d-----w-C:\Program Files (x86)\Common Files\Wrye Bash
2013-04-16 12:19:448192----a-w-C:\Windows\SysWow64\pythoncomloader27.dll
2013-04-16 12:19:44364544----a-w-C:\Windows\SysWow64\pythoncom27.dll
2013-04-16 12:19:44110080----a-w-C:\Windows\SysWow64\pywintypes27.dll
2013-04-16 11:57:1470992----a-w-C:\Windows\System32\drivers\aswRdr2.sys
2013-04-16 11:57:131025808----a-w-C:\Windows\System32\drivers\aswSnx.sys
2013-04-16 11:57:1265336----a-w-C:\Windows\System32\drivers\aswRvrt.sys
2013-04-16 11:57:12178624----a-w-C:\Windows\System32\drivers\aswVmm.sys
2013-04-16 11:57:0780816----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
2013-04-16 11:56:0241664----a-w-C:\Windows\avastSS.scr
2013-04-16 11:55:53--------d-----w-C:\Program Files\AVAST Software
2013-04-16 11:53:58--------d-----w-C:\ProgramData\AVAST Software
2013-04-16 11:06:303717632----a-w-C:\Windows\System32\mstscax.dll
2013-04-16 11:06:283217408----a-w-C:\Windows\SysWow64\mstscax.dll
2013-04-16 11:06:28158720----a-w-C:\Windows\System32\aaclient.dll
2013-04-16 11:06:28131584----a-w-C:\Windows\SysWow64\aaclient.dll
2013-04-16 11:06:2744032----a-w-C:\Windows\System32\tsgqec.dll
2013-04-16 11:06:2736864----a-w-C:\Windows\SysWow64\tsgqec.dll
2013-04-16 11:00:179311288----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C2C9FC5-FC98-45AC-9B7C-E2A123FF3274}\mpengine.dll
2013-04-16 10:58:363153408----a-w-C:\Windows\System32\win32k.sys
2013-04-16 10:56:595550424----a-w-C:\Windows\System32\ntoskrnl.exe
2013-04-16 10:56:586656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-04-16 10:56:5843520----a-w-C:\Windows\System32\csrsrv.dll
2013-04-16 10:56:583968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-16 10:56:583913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-04-16 10:56:58112640----a-w-C:\Windows\System32\smss.exe
2013-04-16 09:24:42--------d-----w-C:\Program Files\CCleaner
2013-04-16 08:47:28--------d-----w-C:\Users\FamilyCom\AppData\Roaming\Malwarebytes
2013-04-16 08:47:21--------d-----w-C:\ProgramData\Malwarebytes
2013-04-16 08:47:20--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-16 08:28:14--------d-----w-C:\Program Files (x86)\Common Files\337
2013-04-16 08:27:40--------d-----w-C:\ProgramData\eSafe
2013-04-16 08:15:26--------d-----w-C:\Users\FamilyCom\AppData\Local\Macromedia
2013-04-16 08:15:01--------d-----w-C:\Users\FamilyCom\AppData\Local\Mozilla
2013-04-14 11:18:08--------d-----w-C:\Program Files (x86)\Skyrim Mods
2013-04-13 02:52:45--------d-----w-C:\Program Files (x86)\Banktown
2013-04-13 01:49:28--------d-----w-C:\Program Files (x86)\INICIS61
2013-04-12 12:55:56--------d-----w-C:\BOSS
2013-04-12 09:17:24--------d-----w-C:\Python27
2013-04-12 09:03:47--------d-----w-C:\Games
2013-04-12 09:02:57--------d-----w-C:\Program Files\Nexus Mod Manager
2013-04-12 08:55:26--------d-----w-C:\Users\FamilyCom\AppData\Local\Black_Tree_Gaming
2013-04-12 08:52:22--------d-----w-C:\Users\FamilyCom\AppData\Local\Skyrim
2013-04-12 08:36:5972200----a-w-C:\Windows\System32\XAPOFX1_1.dll
2013-04-12 08:25:16--------d-----w-C:\ProgramData\regid.1986-12.com.adobe
2013-04-12 08:20:32--------d-----w-C:\ProgramData\ALM
2013-04-12 08:14:32--------d-----w-C:\Users\FamilyCom\Adobe Flash Builder 4.5
2013-04-12 08:08:20--------d-----w-C:\Program Files (x86)\Adobe Story
2013-04-12 08:03:4555280------w-C:\Windows\System32\drivers\PxHlpa64.sys
2013-04-12 08:03:4510224------w-C:\Windows\System32\drivers\cdralw2k.sys
2013-04-12 08:03:4510224------w-C:\Windows\System32\drivers\cdr4_xp.sys
2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\My Company Name
2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\Common Files\Sonic Shared
2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\Common Files\PX Storage Engine
2013-04-12 07:46:06--------d-----w-C:\Users\FamilyCom\AppData\Roaming\VirtualDVD
2013-04-12 07:45:18184320----a-w-C:\Windows\System32\drivers\VirtualDVD.sys
2013-04-12 07:45:18--------d-----w-C:\Windows\SysWow64\VirtualDVD InstallData
2013-04-12 07:45:18--------d-----w-C:\Program Files (x86)\VirtualDVD
2013-04-10 11:27:1931744----a-w-C:\Windows\System32\drivers\lgandnetadb.sys
2013-04-10 11:27:1836352----a-w-C:\Windows\System32\drivers\lgandnetmodem64.sys
2013-04-10 11:27:1429184----a-w-C:\Windows\System32\drivers\lgandnetdiag64.sys
2013-04-10 11:27:1429184----a-w-C:\Windows\System32\drivers\lgandnetdiag264.sys
2013-04-10 11:25:20655872----a-w-C:\Windows\SysWow64\msvcr90.dll
2013-04-10 11:25:20568832----a-w-C:\Windows\SysWow64\msvcp90.dll
2013-04-10 11:25:20224768----a-w-C:\Windows\SysWow64\msvcm90.dll
2013-04-10 11:25:1844544----a-w-C:\Windows\SysWow64\msxml4a.dll
2013-04-10 11:25:1753248----a-w-C:\Windows\SysWow64\CommonDL.dll
2013-04-10 11:25:14--------d-----w-C:\ProgramData\LGMOBILEAX
2013-04-10 11:25:08--------d-----w-C:\LGMobileUpgrade
2013-04-09 13:10:10--------d-----w-C:\Users\FamilyCom\AppData\Local\Bandizip
2013-04-08 03:18:06--------d-----w-C:\Users\FamilyCom\AppData\Roaming\NVIDIA
2013-04-08 02:10:55--------d-----w-C:\Users\FamilyCom\AppData\Roaming\LG Electronics
2013-04-08 02:08:26--------d-----w-C:\Users\FamilyCom\AppData\Local\LG Electronics
2013-04-08 02:06:53--------d-----w-C:\Program Files (x86)\LG Electronics
2013-04-07 05:51:11118072----a-w-C:\Windows\System32\drivers\AmonTDLh.sys
2013-04-07 05:49:48--------d-----w-C:\Program Files (x86)\AhnLab
2013-04-07 05:49:46--------d-----w-C:\Program Files\NPKI
2013-04-07 05:49:43--------d-----w-C:\Program Files (x86)\Softforum
2013-04-07 05:49:26--------d-----w-C:\Program Files (x86)\Wizvera
2013-04-06 13:25:14--------d--h--w-C:\VTRoot
2013-04-06 13:16:32--------d-----w-C:\Program Files\COMODO
2013-04-06 13:16:19--------d-----w-C:\ProgramData\Comodo Downloader
2013-04-06 12:40:28--------d-----w-C:\Users\FamilyCom\AppData\Roaming\DAEMON Tools Lite
2013-04-06 12:40:27--------d-----w-C:\ProgramData\DAEMON Tools Lite
2013-04-06 12:36:57--------d-----w-C:\Users\FamilyCom\AppData\Local\Diagnostics
2013-04-06 12:30:12564824----a-w-C:\Windows\System32\drivers\sptd.sys
2013-04-06 08:23:59206336----a-w-C:\Windows\System32\unrar64.dll
2013-04-06 08:23:59148992----a-w-C:\Windows\System32\lagarith.dll
2013-04-06 08:23:58127488----a-w-C:\Windows\System32\ff_vfw.dll
2013-04-06 08:23:57--------d-----w-C:\Program Files\K-Lite Codec Pack x64
2013-04-06 08:22:49650752----a-w-C:\Windows\SysWow64\xvidcore.dll
2013-04-06 08:22:4939936----a-w-C:\Windows\SysWow64\huffyuv.dll
2013-04-06 08:22:493649536----a-w-C:\Windows\SysWow64\x264vfw.dll
2013-04-06 08:22:49243200----a-w-C:\Windows\SysWow64\xvidvfw.dll
2013-04-06 08:22:49216064----a-w-C:\Windows\SysWow64\lagarith.dll
2013-04-06 08:22:49178688----a-w-C:\Windows\SysWow64\unrar.dll
2013-04-06 08:22:49151552----a-w-C:\Windows\SysWow64\ac3acm.acm
2013-04-06 08:22:47112640----a-w-C:\Windows\SysWow64\ff_vfw.dll
2013-04-06 08:22:46--------d-----w-C:\Program Files (x86)\K-Lite Codec Pack
2013-04-06 08:22:20--------d-----w-C:\Users\FamilyCom\AppData\Local\Programs
2013-04-06 07:16:55--------d-----w-C:\Users\FamilyCom\AppData\Local\Adobe
2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin6.dll
2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin5.dll
2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin4.dll
2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin3.dll
2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin2.dll
2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin.dll
2013-04-06 02:58:56--------d-----w-C:\Users\FamilyCom\AppData\Local\Apple
2013-04-06 02:57:22--------d-----w-C:\Users\FamilyCom\AppData\Roaming\RealNetworks
2013-04-06 02:57:09--------d-----w-C:\Program Files (x86)\RealNetworks
2013-04-06 02:57:08--------d-----w-C:\ProgramData\RealNetworks
2013-04-06 02:57:02--------d-----w-C:\Program Files (x86)\Common Files\xing shared
2013-04-06 02:18:46--------d-----w-C:\Program Files (x86)\Common Files\COMODO
2013-04-06 02:13:28--------d-----w-C:\ProgramData\COMODO
2013-04-06 02:13:12--------d-----w-C:\Program Files (x86)\Comodo
2013-04-06 02:05:33--------d-----w-C:\Users\FamilyCom\AppData\Roaming\uTorrent
2013-04-06 02:04:04861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-04-06 02:04:04782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-04-05 13:28:20--------d-----w-C:\Users\FamilyCom\AppData\Local\CrashDumps
2013-04-05 11:14:59--------d-----w-C:\Users\FamilyCom\AppData\Local\Google
2013-04-05 11:14:50--------d-----w-C:\Users\FamilyCom\AppData\Local\Apps
2013-04-05 11:14:49--------d-----w-C:\Users\FamilyCom\AppData\Local\Deployment
2013-04-05 06:44:483045104----a-w-C:\Windows\System32\btscan.exe
2013-04-05 06:44:47--------d-----w-C:\Program Files\Common Files\AhnLab
2013-04-05 06:43:1825656----a-w-C:\Windows\System32\drivers\CdmDrvNt.sys
2013-04-05 06:43:16--------d-----w-C:\Program Files\AhnLab
2013-04-05 06:42:13--------d-----w-C:\ProgramData\AhnLab
2013-04-05 06:19:27--------d-----w-C:\Program Files (x86)\Etron Technology
2013-04-05 06:18:58--------d-----w-C:\Users\FamilyCom\AppData\Roaming\Estsoft
2013-04-05 06:18:56--------d-----w-C:\Users\FamilyCom\AppData\Local\ECRSC
2013-04-05 06:17:53--------d-----w-C:\Users\FamilyCom\AppData\Roaming\HNC
2013-04-05 06:17:0965136----a-w-C:\Windows\System32\HNCE2PPRMON80.dll
2013-04-05 06:14:45667136----a-w-C:\Windows\SysWow64\OGACheckControl.dll
2013-04-05 06:14:45667136----a-w-C:\Windows\System32\OGACheckControl.dll
2013-04-05 06:04:52--------d-----w-C:\Program Files (x86)\Microsoft Synchronization Services
2013-04-05 06:04:41--------d-----w-C:\Windows\PCHEALTH
2013-04-05 06:04:41--------d-----w-C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-04-05 06:04:00--------d-----w-C:\Program Files (x86)\Microsoft Visual Studio 8
2013-04-05 06:02:33--------d-----w-C:\Program Files (x86)\Microsoft Analysis Services
2013-04-05 06:02:18--------d-----w-C:\Users\FamilyCom\AppData\Local\Microsoft Help
2013-04-05 05:12:02--------d-sh--r-C:\Windows Activation Technologies
2013-04-05 05:11:23405881----a-w-C:\Windows\KJ.exe
2013-04-05 05:11:13--------d-----w-C:\Windows\KJ
2013-04-05 04:44:07--------d-----w-C:\NVIDIA
2013-04-05 04:41:04--------d-----w-C:\Program Files (x86)\ASM104xUSB3
2013-04-05 04:40:48--------d-----w-C:\Windows\System32\appmgmt
2013-04-05 04:39:2534752----a-w-C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-04-05 04:38:07--------d-----w-C:\Windows\SysWow64\RTCOM
2013-04-05 04:38:07--------d-----w-C:\Program Files\Realtek
2013-04-05 04:38:01--------d-----w-C:\ProgramData\Downloaded Installations
2013-04-05 04:36:5274272----a-w-C:\Windows\System32\RtNicProp64.dll
2013-04-05 04:36:52107552----a-w-C:\Windows\System32\RTNUninst64.dll
2013-04-05 04:36:46--------d-----w-C:\Program Files (x86)\Realtek
2013-04-05 04:36:0915128----a-w-C:\Windows\System32\drivers\IntelMEFWVer.dll
2013-04-05 04:35:4253248----a-w-C:\Windows\SysWow64\CSVer.dll
2013-04-05 04:35:29--------d-----w-C:\Intel
2013-04-05 04:26:53--------d-sh--w-C:\Recovery
2013-04-05 04:26:52--------d-sh--weC:\ProgramData\시작 메뉴
2013-04-05 04:26:52--------d-sh--weC:\ProgramData\바탕 화면
.
==================== Find3M ====================
.
2013-04-16 23:10:5171048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-16 23:10:51691592----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-06 12:40:33283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
2013-04-06 02:56:55499712----a-w-C:\Windows\SysWow64\msvcp71.dll
2013-04-06 02:56:55348160----a-w-C:\Windows\SysWow64\msvcr71.dll
2013-03-15 04:16:183477280----a-w-C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:176398240----a-w-C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10877856----a-w-C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:1063776----a-w-C:\Windows\System32\nvshext.dll
2013-03-15 04:16:102555680----a-w-C:\Windows\System32\nvsvcr.dll
2013-03-15 04:16:10237856----a-w-C:\Windows\System32\nvmctray.dll
2013-03-14 13:07:52559904----a-w-C:\Windows\SysWow64\nvStreaming.exe
2013-03-13 16:24:013065455----a-w-C:\Windows\System32\nvcoproc.bin
2013-03-11 16:10:56282744------w-C:\Windows\System32\MpSigStub.exe
2013-02-23 16:26:0729480----a-w-C:\Windows\SysWow64\msxml3a.dll
2013-02-22 06:27:492312704----a-w-C:\Windows\System32\jscript9.dll
2013-02-22 06:20:511392128----a-w-C:\Windows\System32\wininet.dll
2013-02-22 06:19:371494528----a-w-C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48173056----a-w-C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23599040----a-w-C:\Windows\System32\vbscript.dll
2013-02-22 06:12:412382848----a-w-C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:001800704----a-w-C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:001129472----a-w-C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:501427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03420864----a-w-C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:462382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-12 04:12:0519968----a-w-C:\Windows\System32\drivers\usb8023.sys
2013-02-10 03:25:271807136----a-w-C:\Windows\System32\nvdispco6420294.dll
2013-02-10 03:25:271510176----a-w-C:\Windows\System32\nvdispgenco6420162.dll
2013-01-24 13:43:0443216----a-w-C:\Windows\System32\cmdcsr.dll
2013-01-24 13:43:02461384----a-w-C:\Windows\System32\guard64.dll
2013-01-24 13:43:02354752----a-w-C:\Windows\SysWow64\guard32.dll
2013-01-24 13:42:5445776----a-w-C:\Windows\System32\cmdkbd64.dll
2013-01-24 13:42:54326352----a-w-C:\Windows\System32\cmdvrt64.dll
2013-01-24 13:42:5040656----a-w-C:\Windows\SysWow64\cmdkbd32.dll
2013-01-24 13:42:50263888----a-w-C:\Windows\SysWow64\cmdvrt32.dll
.
============= FINISH: 9:22:51.60 ===============


MBAM:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

DB 버전: v2013.04.17.01

Windows 7 Service Pack 1 x64 NTFS
인터넷 익스플로러 9.0.8112.16421
FamilyCom :: FAMILYCOM-PC [관리자]

2013-04-17 오전 9:18:17
mbam-log-2013-04-17 (09-18-17).txt

검사 방식: 빠른 검사
활성화된 검사 옵션: 메모리 | 시작 프로그램 | 레지스트리 | 파일 시스템 | 휴리스틱/Extra | 휴리스틱/Shuriken | PUP | PUM
비활성화된 검사 옵션: P2P
검사 대상: 235754
경과 시간: 2 분, 12 초

메모리 프로세스 감염: 0
(탐지된 악성 항목이 없음)

메모리 모듈 감염: 0
(탐지된 악성 항목이 없음)

레지스트리 키 감염: 0
(탐지된 악성 항목이 없음)

레지스트리 값 감염: 0
(탐지된 악성 항목이 없음)

레지스트리 데이터 항목 감염: 0
(탐지된 악성 항목이 없음)

폴더 감염: 0
(탐지된 악성 항목이 없음)

파일 감염: 0
(탐지된 악성 항목이 없음)

(완료)

 

[Broni]

Hmmm....one more time....

Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[neowing]

Updated in previous post.

 

[Broni]

Download RogueKiller on the desktop

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[neowing]

RogueKiller 1st:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
메일 : tigzyRK<at>gmail<dot>com
피드백 : https://www.techspot.com/downloads/5562-roguekiller.html
웹사이트 : http://tigzy.geekstogo.com/roguekiller.php
블로그 : http://tigzyrk.blogspot.com/

운영 체제 : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
시작 모드: : 일반 모드
사용자 : FamilyCom [관리자 권한]
방식 : 검사 -- 날짜 : 04/17/2013 11:17:48
| ARK || FAK || MBR |

¤¤¤ 악성 프로세스 : 0 ¤¤¤

¤¤¤ 레지스트리 항목 : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 발견
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 발견

¤¤¤ 특정 파일 / 폴더: ¤¤¤

¤¤¤ 드라이버 : [호출 안됨] ¤¤¤

¤¤¤ 호스트 파일: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
[...]


¤¤¤ MBR 검사: ¤¤¤

+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 249cf3bd6a26e88d09311de924e0a94d
[BSP] 4ff846e52f11ebb6cbc8e6d709fc0dc6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476934 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 976762880 | Size: 476932 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD322HJ ATA Device +++++
--- User ---
[MBR] 4096895ae983853347ee11e923737ec6
[BSP] e0469f37ee10b211566cff4bb39ace3c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

마침 : << RKreport[1]_S_04172013_02d1117.txt >>
RKreport[1]_S_04172013_02d1117.txt


RogueKiller 2nd:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
메일 : tigzyRK<at>gmail<dot>com
피드백 : https://www.techspot.com/downloads/5562-roguekiller.html
웹사이트 : http://tigzy.geekstogo.com/roguekiller.php
블로그 : http://tigzyrk.blogspot.com/

운영 체제 : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
시작 모드: : 일반 모드
사용자 : FamilyCom [관리자 권한]
방식 : 제거 -- 날짜 : 04/17/2013 11:19:07
| ARK || FAK || MBR |

¤¤¤ 악성 프로세스 : 0 ¤¤¤

¤¤¤ 레지스트리 항목 : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 대체됨 (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 대체됨 (0)

¤¤¤ 특정 파일 / 폴더: ¤¤¤

¤¤¤ 드라이버 : [호출 안됨] ¤¤¤

¤¤¤ 호스트 파일: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
[...]


¤¤¤ MBR 검사: ¤¤¤

+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 249cf3bd6a26e88d09311de924e0a94d
[BSP] 4ff846e52f11ebb6cbc8e6d709fc0dc6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476934 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 976762880 | Size: 476932 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD322HJ ATA Device +++++
--- User ---
[MBR] 4096895ae983853347ee11e923737ec6
[BSP] e0469f37ee10b211566cff4bb39ace3c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

마침 : << RKreport[2]_D_04172013_02d1119.txt >>
RKreport[1]_S_04172013_02d1117.txt ; RKreport[2]_D_04172013_02d1119.txt


MB 1st:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.17.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
FamilyCom :: FAMILYCOM-PC [administrator]

2013-04-17 오전 11:47:09
mbar-log-2013-04-17 (11-47-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30773
Time elapsed: 16 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MB 2nd:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.17.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
FamilyCom :: FAMILYCOM-PC [administrator]

2013-04-17 오후 12:00:35
mbar-log-2013-04-17 (12-00-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30772
Time elapsed: 11 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[neowing]

System Log:


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8549584896, free: 6719782912

------------ Kernel report ------------
04/17/2013 11:29:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\??\C:\Windows\system32\Drivers\AMonTDLH.sys
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ISCTD64.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\VirtualDVD.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\??\C:\Windows\system32\JRSUKD25.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WPRO_41_2001.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\advapi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007865060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP6T0L0-8\
Lower Device Object: 0xfffffa800759c060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa800995b540
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007864060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-6\
Lower Device Object: 0xfffffa8007582060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa8006d1a090
Downloaded database version: v2013.04.17.01
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007864060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007864b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007864060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007582060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00f47ea80, 0xfffffa8007864060, 0xfffffa800a0ca680
Lower DeviceData: 0xfffff8a00f795150, 0xfffffa8007582060, 0xfffffa8006d1a090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A644CBDA

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 976760832
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 976762880 Numsec = 976756736

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007865060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007865ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007865060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800759c060, DeviceName: \Device\Ide\IdeDeviceP6T0L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00687e730, 0xfffffa8007865060, 0xfffffa8006ecf4f0
Lower DeviceData: 0xfffff8a00f0e9ac0, 0xfffffa800759c060, 0xfffffa800995b540
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FCC0FCC0

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 625137664

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.292000 GHz
Memory total: 8549584896, free: 6712016896

------------ Kernel report ------------
04/17/2013 11:48:40
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\??\C:\Windows\system32\Drivers\AMonTDLH.sys
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\inspect.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ISCTD64.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\VirtualDVD.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\??\C:\Windows\system32\JRSUKD25.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WPRO_41_2001.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\difxapi.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\advapi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007865060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP6T0L0-8\
Lower Device Object: 0xfffffa800759c060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa800995b540
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007864060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-6\
Lower Device Object: 0xfffffa8007582060
Lower Device Driver Name: \Driver\atapi\
Device already Exists: 0xfffffa8006d1a090
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007864060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007864b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007864060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007582060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00e397510, 0xfffffa8007864060, 0xfffffa800a0ca680
Lower DeviceData: 0xfffff8a00e3ed4a0, 0xfffffa8007582060, 0xfffffa8006d1a090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A644CBDA

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 976760832
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 976762880 Numsec = 976756736

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007865060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007865ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007865060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800759c060, DeviceName: \Device\Ide\IdeDeviceP6T0L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00e41f010, 0xfffffa8007865060, 0xfffffa8006ecf4f0
Lower DeviceData: 0xfffff8a006386d80, 0xfffffa800759c060, 0xfffffa800995b540
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FCC0FCC0

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 625137664

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

 

[Broni]

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[neowing]

Where is your_name.exe ?

 

[neowing]

ComboFix Log:

ComboFix 13-04-15.01 - FamilyCom 2013-04-17 13:50:56.1.4 - x64
Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.8154.6452 [GMT 9:00]
Running from: C:\Users\FamilyCom\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\Common Files\337
C:\Program Files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak
C:\Windows\SysWow64\CKAgent.dat

Infected copy of C:\Windows\System32\winver.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe


((((((((((((((((((((((((( Files Created from 2013-03-17 to 2013-04-17 )))))))))))))))))))))))))))))))


2013-04-17 04:57:55 . 2013-04-17 04:57:5594656----a-w-C:\Windows\system32\WPRO_41_2001woem.tmp
2013-04-17 04:56:56 . 2013-04-17 04:56:56--------d-----w-C:\Users\Default\AppData\Local\temp
2013-04-16 23:07:46 . 2013-04-04 05:50:3225928----a-w-C:\Windows\system32\drivers\mbam.sys
2013-04-16 23:05:49 . 2013-04-16 23:05:49--------d-----w-C:\Program Files (x86)\Common Files\Java
2013-04-16 23:05:39 . 2013-04-03 20:35:0595648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 12:19:51 . 2013-04-16 12:19:51--------d-----w-C:\Program Files (x86)\Common Files\Wrye Bash
2013-04-16 12:19:44 . 2012-10-27 14:26:468192----a-w-C:\Windows\SysWow64\pythoncomloader27.dll
2013-04-16 12:19:44 . 2012-10-27 14:22:08364544----a-w-C:\Windows\SysWow64\pythoncom27.dll
2013-04-16 12:19:44 . 2012-10-27 14:20:08110080----a-w-C:\Windows\SysWow64\pywintypes27.dll
2013-04-16 11:57:16 . 2013-03-06 23:33:21377920----a-w-C:\Windows\system32\drivers\aswSP.sys
2013-04-16 11:57:16 . 2013-03-06 23:33:2033400----a-w-C:\Windows\system32\drivers\aswFsBlk.sys
2013-04-16 11:57:14 . 2013-03-06 23:33:2170992----a-w-C:\Windows\system32\drivers\aswRdr2.sys
2013-04-16 11:57:13 . 2013-03-06 23:33:2168920----a-w-C:\Windows\system32\drivers\aswTdi.sys
2013-04-16 11:57:13 . 2013-03-06 23:33:211025808----a-w-C:\Windows\system32\drivers\aswSnx.sys
2013-04-16 11:57:12 . 2013-03-06 23:33:2165336----a-w-C:\Windows\system32\drivers\aswRvrt.sys
2013-04-16 11:57:12 . 2013-03-06 23:33:21178624----a-w-C:\Windows\system32\drivers\aswVmm.sys
2013-04-16 11:57:07 . 2013-03-06 23:33:2080816----a-w-C:\Windows\system32\drivers\aswMonFlt.sys
2013-04-16 11:57:07 . 2013-03-06 23:32:22287840----a-w-C:\Windows\system32\aswBoot.exe
2013-04-16 11:56:02 . 2013-03-06 23:32:5141664----a-w-C:\Windows\avastSS.scr
2013-04-16 11:55:53 . 2013-04-16 11:55:53--------d-----w-C:\Program Files\AVAST Software
2013-04-16 11:53:58 . 2013-04-16 11:55:53--------d-----w-C:\ProgramData\AVAST Software
2013-04-16 11:06:30 . 2013-02-15 06:06:113717632----a-w-C:\Windows\system32\mstscax.dll
2013-04-16 11:06:28 . 2013-02-15 06:02:26158720----a-w-C:\Windows\system32\aaclient.dll
2013-04-16 11:06:28 . 2013-02-15 04:37:103217408----a-w-C:\Windows\SysWow64\mstscax.dll
2013-04-16 11:06:28 . 2013-02-15 04:34:10131584----a-w-C:\Windows\SysWow64\aaclient.dll
2013-04-16 11:06:27 . 2013-02-15 06:08:4044032----a-w-C:\Windows\system32\tsgqec.dll
2013-04-16 11:06:27 . 2013-02-15 03:25:5136864----a-w-C:\Windows\SysWow64\tsgqec.dll
2013-04-16 11:00:17 . 2013-03-15 06:28:529311288----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C2C9FC5-FC98-45AC-9B7C-E2A123FF3274}\mpengine.dll
2013-04-16 10:58:36 . 2013-03-01 03:36:043153408----a-w-C:\Windows\system32\win32k.sys
2013-04-16 10:56:59 . 2013-03-19 06:04:065550424----a-w-C:\Windows\system32\ntoskrnl.exe
2013-04-16 10:56:58 . 2013-03-19 05:46:5643520----a-w-C:\Windows\system32\csrsrv.dll
2013-04-16 10:56:58 . 2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-16 10:56:58 . 2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-04-16 10:56:58 . 2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-04-16 10:56:58 . 2013-03-19 03:06:33112640----a-w-C:\Windows\system32\smss.exe
2013-04-16 10:32:28 . 2013-04-16 10:32:32--------d-----w-C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-16 09:24:42 . 2013-04-16 12:51:02--------d-----w-C:\Program Files\CCleaner
2013-04-16 08:47:21 . 2013-04-16 08:47:21--------d-----w-C:\ProgramData\Malwarebytes
2013-04-16 08:47:20 . 2013-04-16 23:07:47--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-16 08:27:40 . 2013-04-16 08:30:03--------d-----w-C:\ProgramData\eSafe
2013-04-14 11:18:08 . 2013-04-14 11:18:08--------d-----w-C:\Program Files (x86)\Skyrim Mods
2013-04-13 02:52:45 . 2013-04-13 02:52:45--------d-----w-C:\Program Files (x86)\Banktown
2013-04-13 01:49:28 . 2013-04-13 02:52:47--------d-----w-C:\Program Files (x86)\INICIS61
2013-04-12 12:55:56 . 2013-04-16 12:33:23--------d-----w-C:\BOSS
2013-04-12 09:17:24 . 2013-04-16 12:19:41--------d-----w-C:\Python27
2013-04-12 09:03:47 . 2013-04-12 09:04:04--------d-----w-C:\Games
2013-04-12 09:02:57 . 2013-04-16 10:30:11--------d-----w-C:\Program Files\Nexus Mod Manager
2013-04-12 08:36:59 . 2008-07-31 01:41:5272200----a-w-C:\Windows\system32\XAPOFX1_1.dll
2013-04-12 08:25:16 . 2013-04-12 08:25:16--------d-----w-C:\ProgramData\regid.1986-12.com.adobe
2013-04-12 08:20:32 . 2013-04-12 08:20:32--------d-----w-C:\ProgramData\ALM
2013-04-12 08:08:20 . 2013-04-12 08:08:20--------d-----w-C:\Program Files (x86)\Adobe Story
2013-04-12 08:03:45 . 2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\My Company Name
2013-04-12 08:03:45 . 2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\Common Files\Sonic Shared
2013-04-12 08:03:45 . 2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\Common Files\PX Storage Engine
2013-04-12 08:03:45 . 2009-07-08 18:00:0055280------w-C:\Windows\system32\drivers\PxHlpa64.sys
2013-04-12 08:03:45 . 2009-06-22 18:00:0010224------w-C:\Windows\system32\drivers\cdralw2k.sys
2013-04-12 08:03:45 . 2009-06-22 18:00:0010224------w-C:\Windows\system32\drivers\cdr4_xp.sys
2013-04-12 08:01:11 . 2013-04-12 08:22:52--------d-----w-C:\Program Files\Common Files\Adobe
2013-04-12 08:01:10 . 2013-04-12 08:22:52--------d-----w-C:\Program Files\Adobe
2013-04-12 08:00:13 . 2013-04-16 23:11:12--------d-----w-C:\Program Files (x86)\Common Files\Adobe AIR
2013-04-12 07:45:18 . 2013-04-12 07:45:19--------d-----w-C:\Program Files (x86)\VirtualDVD
2013-04-12 07:45:18 . 2013-04-12 07:45:18--------d-----w-C:\Windows\SysWow64\VirtualDVD InstallData
2013-04-12 07:45:18 . 2013-01-03 04:05:24184320----a-w-C:\Windows\system32\drivers\VirtualDVD.sys
2013-04-10 11:27:19 . 2012-07-03 02:58:0031744----a-w-C:\Windows\system32\drivers\lgandnetadb.sys
2013-04-10 11:27:18 . 2012-07-03 02:50:0036352----a-w-C:\Windows\system32\drivers\lgandnetmodem64.sys
2013-04-10 11:27:14 . 2012-07-03 02:50:0029184----a-w-C:\Windows\system32\drivers\lgandnetdiag64.sys
2013-04-10 11:27:14 . 2012-07-03 02:50:0029184----a-w-C:\Windows\system32\drivers\lgandnetdiag264.sys
2013-04-10 11:25:20 . 2011-05-10 04:37:38655872----a-w-C:\Windows\SysWow64\msvcr90.dll
2013-04-10 11:25:20 . 2011-05-10 04:37:38568832----a-w-C:\Windows\SysWow64\msvcp90.dll
2013-04-10 11:25:20 . 2011-05-10 04:37:38224768----a-w-C:\Windows\SysWow64\msvcm90.dll
2013-04-10 11:25:18 . 2005-10-03 16:39:5844544----a-w-C:\Windows\SysWow64\msxml4a.dll
2013-04-10 11:25:17 . 2006-05-03 23:33:4253248----a-w-C:\Windows\SysWow64\CommonDL.dll
2013-04-10 11:25:14 . 2013-04-10 11:26:31--------d-----w-C:\ProgramData\LGMOBILEAX
2013-04-10 11:25:08 . 2013-04-10 11:25:08--------d-----w-C:\LGMobileUpgrade
2013-04-08 02:06:53 . 2013-04-10 11:27:24--------d-----w-C:\Program Files (x86)\LG Electronics
2013-04-07 05:51:11 . 2012-09-14 07:42:00118072----a-w-C:\Windows\system32\drivers\AmonTDLh.sys
2013-04-07 05:49:48 . 2013-04-07 05:49:48--------d-----w-C:\Program Files (x86)\AhnLab
2013-04-07 05:49:46 . 2013-04-07 05:49:46--------d-----w-C:\Program Files\NPKI
2013-04-07 05:49:43 . 2013-04-07 05:49:43--------d-----w-C:\Program Files (x86)\Softforum
2013-04-07 05:49:26 . 2013-04-07 05:49:26--------d-----w-C:\Program Files (x86)\Wizvera
2013-04-06 13:25:14 . 2013-04-06 13:25:14--------d-----w-C:\VTRoot
2013-04-06 13:16:32 . 2013-04-06 13:16:32--------d-----w-C:\Program Files\COMODO
2013-04-06 13:16:19 . 2013-04-06 13:16:19--------d-----w-C:\ProgramData\Comodo Downloader
2013-04-06 12:40:27 . 2013-04-12 07:34:19--------d-----w-C:\ProgramData\DAEMON Tools Lite
2013-04-06 12:30:12 . 2013-04-06 12:30:12564824----a-w-C:\Windows\system32\drivers\sptd.sys
2013-04-06 08:23:59 . 2012-06-09 17:21:50206336----a-w-C:\Windows\system32\unrar64.dll
2013-04-06 08:23:59 . 2011-12-07 17:37:18148992----a-w-C:\Windows\system32\lagarith.dll
2013-04-06 08:23:58 . 2013-04-04 18:00:00127488----a-w-C:\Windows\system32\ff_vfw.dll
2013-04-06 08:23:57 . 2013-04-06 08:23:59--------d-----w-C:\Program Files\K-Lite Codec Pack x64
2013-04-06 08:22:49 . 2013-03-17 16:21:303649536----a-w-C:\Windows\SysWow64\x264vfw.dll
2013-04-06 08:22:49 . 2012-06-09 17:21:56178688----a-w-C:\Windows\SysWow64\unrar.dll
2013-04-06 08:22:49 . 2011-12-21 17:14:02151552----a-w-C:\Windows\SysWow64\ac3acm.acm
2013-04-06 08:22:49 . 2011-12-07 17:32:24216064----a-w-C:\Windows\SysWow64\lagarith.dll
2013-04-06 08:22:49 . 2011-06-24 14:44:30243200----a-w-C:\Windows\SysWow64\xvidvfw.dll
2013-04-06 08:22:49 . 2011-06-24 14:28:22650752----a-w-C:\Windows\SysWow64\xvidcore.dll
2013-04-06 08:22:49 . 2004-05-18 18:16:4239936----a-w-C:\Windows\SysWow64\huffyuv.dll
2013-04-06 08:22:47 . 2013-04-04 18:00:00112640----a-w-C:\Windows\SysWow64\ff_vfw.dll
2013-04-06 08:22:46 . 2013-04-06 08:22:48--------d-----w-C:\Program Files (x86)\K-Lite Codec Pack
2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin6.dll
2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin5.dll
2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin4.dll
2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin3.dll
2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin2.dll
2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin.dll
2013-04-06 02:59:51 . 2013-04-06 03:00:08--------d-----w-C:\Program Files (x86)\QuickTime
2013-04-06 02:59:51 . 2013-04-06 02:59:51--------d-----w-C:\ProgramData\Apple Computer
2013-04-06 02:59:02 . 2013-04-06 02:59:02--------d-----w-C:\Program Files (x86)\Common Files\Apple
2013-04-06 02:58:55 . 2013-04-06 02:58:56--------d-----w-C:\Program Files (x86)\Apple Software Update
2013-04-06 02:58:55 . 2013-04-06 02:58:55--------d-----w-C:\ProgramData\Apple
2013-04-06 02:57:02 . 2013-04-06 02:57:02--------d-----w-C:\Program Files (x86)\Common Files\xing shared
2013-04-06 02:56:53 . 2013-04-06 02:57:06--------d-----w-C:\Program Files (x86)\Real
2013-04-06 02:18:46 . 2013-04-06 02:18:46--------d-----w-C:\Program Files (x86)\Common Files\COMODO
2013-04-06 02:13:28 . 2013-04-06 13:17:19--------d-----w-C:\ProgramData\COMODO
2013-04-06 02:13:12 . 2013-04-07 11:49:14--------d-----w-C:\Program Files (x86)\Comodo
2013-04-06 02:05:14 . 2013-04-06 02:05:14--------d-----w-C:\Program Files\7-Zip
2013-04-06 02:04:28 . 2013-04-06 02:04:37--------d-----w-C:\Program Files\WinRAR
2013-04-06 02:04:04 . 2013-04-06 02:03:53861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-04-06 02:04:04 . 2013-04-06 02:03:53782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-04-06 02:03:53 . 2013-04-16 23:05:39--------d-----w-C:\Program Files (x86)\Java
2013-04-05 11:15:02 . 2013-04-16 10:19:08--------d-----w-C:\Program Files (x86)\Google
2013-04-05 06:44:48 . 2013-04-09 12:30:003045104----a-w-C:\Windows\system32\btscan.exe
2013-04-05 06:44:47 . 2013-04-16 11:55:08--------d-----w-C:\Program Files\Common Files\AhnLab
2013-04-05 06:43:18 . 2009-07-21 01:00:2525656----a-w-C:\Windows\system32\drivers\CdmDrvNt.sys
2013-04-05 06:43:16 . 2013-04-07 05:50:39--------d-----w-C:\Program Files\AhnLab
2013-04-05 06:42:13 . 2013-04-05 06:43:35--------d-----w-C:\ProgramData\AhnLab


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


rKill Log:

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/17/2013 02:09:52 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Possibly Patched Files.

* C:\Windows\system32\winlogon.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Base Filtering Engine (BFE) is not Running.
Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Network Store Interface Service (nsi) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* NetIO 레거시 TDI 지원 드라이버 (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* C:\Windows\System32\user32.dll [NoSig]
+-> C:\Windows\KJ\Pirate\P\SysWOW64P\user32.dll : 833,024 : 11/20/2010 00:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
+-> C:\Windows\KJ\Pirate\P\x64P\user32.dll : 1,008,128 : 11/20/2010 00:27 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
+-> C:\Windows\KJ\Pirate\P\x86P\user32.dll : 811,520 : 11/20/2010 00:21 AM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]
+-> C:\Windows\KJ\Pirate\T\SysWOW64T\user32.dll : 833,024 : 11/20/2010 00:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
+-> C:\Windows\KJ\Pirate\T\x64T\user32.dll : 1,008,640 : 01/16/2011 00:01 AM : 0b864e15a0badff0e7bb8b59009fddcf [Pos Repl]
+-> C:\Windows\KJ\Pirate\T\x86T\user32.dll : 812,032 : 11/20/2010 00:21 AM : cf97d64d7ec169c53c93b0a192218b29 [Pos Repl]
+-> C:\Windows\SysWOW64\user32.dll : 833,024 : 11/20/2010 00:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/21/2010 00:24 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/21/2010 00:24 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

* C:\Windows\System32\winlogon.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe : 390,656 : 11/21/2010 00:24 AM : 1151b1baa6f350b1db6598e0fea7c457 [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 04/17/2013 02:11:10 PM
Execution time: 0 hours(s), 1 minute(s), and 17 seconds(s)

 

[Broni]

Combofix log is incomplete.
There is more after this line:
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

It it was all you got re-run Combofix.

 

[neowing]

Yes, that is all.

should I call "new restore point" and do the combofix again ?

 

[Broni]

Yes, please.

 

[neowing]

When I finished call "new restore point" AVAST 8 FREE turn into pro.
As a result, I uninstall it.
Then I do the combo / rkill.

When I looked log, it is same as previous log

So I am going to redownload AVAST 8 Free.

 

[neowing]

However, Here is "rKill Log"

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/18/2013 08:54:50 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Possibly Patched Files.

* C:\Windows\system32\winlogon.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Base Filtering Engine (BFE) is not Running.
Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Network Connections (Netman) is not Running.
Startup Type set to: Manual

* Network Store Interface Service (nsi) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.
Startup Type set to: System

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* NetBT (NetBT) is not Running.
Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.
Startup Type set to: System

* NetIO 레거시 TDI 지원 드라이버 (tdx) is not Running.
Startup Type set to: System

Searching for Missing Digital Signatures:

* C:\Windows\System32\user32.dll [NoSig]
+-> C:\Windows\KJ\Pirate\P\SysWOW64P\user32.dll : 833,024 : 11/20/2010 00:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
+-> C:\Windows\KJ\Pirate\P\x64P\user32.dll : 1,008,128 : 11/20/2010 00:27 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
+-> C:\Windows\KJ\Pirate\P\x86P\user32.dll : 811,520 : 11/20/2010 00:21 AM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl]
+-> C:\Windows\KJ\Pirate\T\SysWOW64T\user32.dll : 833,024 : 11/20/2010 00:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
+-> C:\Windows\KJ\Pirate\T\x64T\user32.dll : 1,008,640 : 01/16/2011 00:01 AM : 0b864e15a0badff0e7bb8b59009fddcf [Pos Repl]
+-> C:\Windows\KJ\Pirate\T\x86T\user32.dll : 812,032 : 11/20/2010 00:21 AM : cf97d64d7ec169c53c93b0a192218b29 [Pos Repl]
+-> C:\Windows\SysWOW64\user32.dll : 833,024 : 11/20/2010 00:08 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1,008,128 : 11/21/2010 00:24 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833,024 : 11/21/2010 00:24 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]

* C:\Windows\System32\winlogon.exe [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe : 390,656 : 11/21/2010 00:24 AM : 1151b1baa6f350b1db6598e0fea7c457 [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 04/18/2013 08:56:19 AM
Execution time: 0 hours(s), 1 minute(s), and 28 seconds(s)

 

[neowing]

Here is New ComboFix log:

ComboFix 13-04-17.01 - FamilyCom 2013-04-18 8:58:09.2.4 - x64 MINIMAL
Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.8154.6525 [GMT 9:00]
Running from: C:\Users\FamilyCom\Desktop\your_name.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


---- Previous Run -------

C:\Windows\SysWow64\CKAgent.dat

-- Previous Run --

Infected copy of C:\Windows\System32\winver.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe

--------

Infected copy of C:\Windows\System32\winver.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe


((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))


2013-04-18 00:02:22 . 2013-04-18 00:02:2294656----a-w-C:\Windows\system32\WPRO_41_2001woem.tmp
2013-04-18 00:01:31 . 2013-04-18 00:01:31--------d-----w-C:\Users\Default\AppData\Local\temp
2013-04-16 23:07:46 . 2013-04-04 05:50:3225928----a-w-C:\Windows\system32\drivers\mbam.sys
2013-04-16 23:05:49 . 2013-04-16 23:05:49--------d-----w-C:\Program Files (x86)\Common Files\Java
2013-04-16 23:05:39 . 2013-04-03 20:35:0595648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 12:19:51 . 2013-04-16 12:19:51--------d-----w-C:\Program Files (x86)\Common Files\Wrye Bash
2013-04-16 12:19:44 . 2012-10-27 14:26:468192----a-w-C:\Windows\SysWow64\pythoncomloader27.dll
2013-04-16 12:19:44 . 2012-10-27 14:22:08364544----a-w-C:\Windows\SysWow64\pythoncom27.dll
2013-04-16 12:19:44 . 2012-10-27 14:20:08110080----a-w-C:\Windows\SysWow64\pywintypes27.dll
2013-04-16 11:57:12 . 2013-03-06 23:33:2165336----a-w-C:\Windows\system32\drivers\aswRvrt.sys
2013-04-16 11:57:12 . 2013-03-06 23:33:21178624----a-w-C:\Windows\system32\drivers\aswVmm.sys
2013-04-16 11:57:07 . 2012-07-04 14:18:39258560----a-w-C:\Windows\system32\aswBoot.exe
2013-04-16 11:55:53 . 2013-04-16 11:55:53--------d-----w-C:\Program Files\AVAST Software
2013-04-16 11:53:58 . 2013-04-17 23:49:38--------d-----w-C:\ProgramData\AVAST Software
2013-04-16 11:06:30 . 2013-02-15 06:06:113717632----a-w-C:\Windows\system32\mstscax.dll
2013-04-16 11:06:28 . 2013-02-15 06:02:26158720----a-w-C:\Windows\system32\aaclient.dll
2013-04-16 11:06:28 . 2013-02-15 04:37:103217408----a-w-C:\Windows\SysWow64\mstscax.dll
2013-04-16 11:06:28 . 2013-02-15 04:34:10131584----a-w-C:\Windows\SysWow64\aaclient.dll
2013-04-16 11:06:27 . 2013-02-15 06:08:4044032----a-w-C:\Windows\system32\tsgqec.dll
2013-04-16 11:06:27 . 2013-02-15 03:25:5136864----a-w-C:\Windows\SysWow64\tsgqec.dll
2013-04-16 11:00:17 . 2013-03-15 06:28:529311288----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C2C9FC5-FC98-45AC-9B7C-E2A123FF3274}\mpengine.dll
2013-04-16 10:58:36 . 2013-03-01 03:36:043153408----a-w-C:\Windows\system32\win32k.sys
2013-04-16 10:56:59 . 2013-03-19 06:04:065550424----a-w-C:\Windows\system32\ntoskrnl.exe
2013-04-16 10:56:58 . 2013-03-19 05:46:5643520----a-w-C:\Windows\system32\csrsrv.dll
2013-04-16 10:56:58 . 2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-16 10:56:58 . 2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-04-16 10:56:58 . 2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-04-16 10:56:58 . 2013-03-19 03:06:33112640----a-w-C:\Windows\system32\smss.exe
2013-04-16 10:32:28 . 2013-04-16 10:32:32--------d-----w-C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-16 09:24:42 . 2013-04-16 12:51:02--------d-----w-C:\Program Files\CCleaner
2013-04-16 08:47:21 . 2013-04-16 08:47:21--------d-----w-C:\ProgramData\Malwarebytes
2013-04-16 08:47:20 . 2013-04-16 23:07:47--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-16 08:27:40 . 2013-04-16 08:30:03--------d-----w-C:\ProgramData\eSafe
2013-04-14 11:18:08 . 2013-04-14 11:18:08--------d-----w-C:\Program Files (x86)\Skyrim Mods
2013-04-13 02:52:45 . 2013-04-13 02:52:45--------d-----w-C:\Program Files (x86)\Banktown
2013-04-13 01:49:28 . 2013-04-13 02:52:47--------d-----w-C:\Program Files (x86)\INICIS61
2013-04-12 12:55:56 . 2013-04-16 12:33:23--------d-----w-C:\BOSS
2013-04-12 09:17:24 . 2013-04-16 12:19:41--------d-----w-C:\Python27
2013-04-12 09:03:47 . 2013-04-12 09:04:04--------d-----w-C:\Games
2013-04-12 09:02:57 . 2013-04-16 10:30:11--------d-----w-C:\Program Files\Nexus Mod Manager
2013-04-12 08:36:59 . 2008-07-31 01:41:5272200----a-w-C:\Windows\system32\XAPOFX1_1.dll
2013-04-12 08:25:16 . 2013-04-12 08:25:16--------d-----w-C:\ProgramData\regid.1986-12.com.adobe
2013-04-12 08:20:32 . 2013-04-12 08:20:32--------d-----w-C:\ProgramData\ALM
2013-04-12 08:08:20 . 2013-04-12 08:08:20--------d-----w-C:\Program Files (x86)\Adobe Story
2013-04-12 08:03:45 . 2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\My Company Name
2013-04-12 08:03:45 . 2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\Common Files\Sonic Shared
2013-04-12 08:03:45 . 2013-04-12 08:03:45--------d-----w-C:\Program Files (x86)\Common Files\PX Storage Engine
2013-04-12 08:03:45 . 2009-07-08 18:00:0055280------w-C:\Windows\system32\drivers\PxHlpa64.sys
2013-04-12 08:03:45 . 2009-06-22 18:00:0010224------w-C:\Windows\system32\drivers\cdralw2k.sys
2013-04-12 08:03:45 . 2009-06-22 18:00:0010224------w-C:\Windows\system32\drivers\cdr4_xp.sys
2013-04-12 08:01:11 . 2013-04-12 08:22:52--------d-----w-C:\Program Files\Common Files\Adobe
2013-04-12 08:01:10 . 2013-04-12 08:22:52--------d-----w-C:\Program Files\Adobe
2013-04-12 08:00:13 . 2013-04-16 23:11:12--------d-----w-C:\Program Files (x86)\Common Files\Adobe AIR
2013-04-12 07:45:18 . 2013-04-12 07:45:19--------d-----w-C:\Program Files (x86)\VirtualDVD
2013-04-12 07:45:18 . 2013-04-12 07:45:18--------d-----w-C:\Windows\SysWow64\VirtualDVD InstallData
2013-04-12 07:45:18 . 2013-01-03 04:05:24184320----a-w-C:\Windows\system32\drivers\VirtualDVD.sys
2013-04-10 11:27:19 . 2012-07-03 02:58:0031744----a-w-C:\Windows\system32\drivers\lgandnetadb.sys
2013-04-10 11:27:18 . 2012-07-03 02:50:0036352----a-w-C:\Windows\system32\drivers\lgandnetmodem64.sys
2013-04-10 11:27:14 . 2012-07-03 02:50:0029184----a-w-C:\Windows\system32\drivers\lgandnetdiag64.sys
2013-04-10 11:27:14 . 2012-07-03 02:50:0029184----a-w-C:\Windows\system32\drivers\lgandnetdiag264.sys
2013-04-10 11:25:20 . 2011-05-10 04:37:38655872----a-w-C:\Windows\SysWow64\msvcr90.dll
2013-04-10 11:25:20 . 2011-05-10 04:37:38568832----a-w-C:\Windows\SysWow64\msvcp90.dll
2013-04-10 11:25:20 . 2011-05-10 04:37:38224768----a-w-C:\Windows\SysWow64\msvcm90.dll
2013-04-10 11:25:18 . 2005-10-03 16:39:5844544----a-w-C:\Windows\SysWow64\msxml4a.dll
2013-04-10 11:25:17 . 2006-05-03 23:33:4253248----a-w-C:\Windows\SysWow64\CommonDL.dll
2013-04-10 11:25:14 . 2013-04-10 11:26:31--------d-----w-C:\ProgramData\LGMOBILEAX
2013-04-10 11:25:08 . 2013-04-10 11:25:08--------d-----w-C:\LGMobileUpgrade
2013-04-08 02:06:53 . 2013-04-10 11:27:24--------d-----w-C:\Program Files (x86)\LG Electronics
2013-04-07 05:51:11 . 2012-09-14 07:42:00118072----a-w-C:\Windows\system32\drivers\AmonTDLh.sys
2013-04-07 05:49:48 . 2013-04-07 05:49:48--------d-----w-C:\Program Files (x86)\AhnLab
2013-04-07 05:49:46 . 2013-04-07 05:49:46--------d-----w-C:\Program Files\NPKI
2013-04-07 05:49:43 . 2013-04-07 05:49:43--------d-----w-C:\Program Files (x86)\Softforum
2013-04-07 05:49:26 . 2013-04-07 05:49:26--------d-----w-C:\Program Files (x86)\Wizvera
2013-04-06 13:25:14 . 2013-04-06 13:25:14--------d-----w-C:\VTRoot
2013-04-06 13:16:32 . 2013-04-06 13:16:32--------d-----w-C:\Program Files\COMODO
2013-04-06 13:16:19 . 2013-04-06 13:16:19--------d-----w-C:\ProgramData\Comodo Downloader
2013-04-06 12:40:27 . 2013-04-12 07:34:19--------d-----w-C:\ProgramData\DAEMON Tools Lite
2013-04-06 12:30:12 . 2013-04-06 12:30:12564824----a-w-C:\Windows\system32\drivers\sptd.sys
2013-04-06 08:23:59 . 2012-06-09 17:21:50206336----a-w-C:\Windows\system32\unrar64.dll
2013-04-06 08:23:59 . 2011-12-07 17:37:18148992----a-w-C:\Windows\system32\lagarith.dll
2013-04-06 08:23:58 . 2013-04-04 18:00:00127488----a-w-C:\Windows\system32\ff_vfw.dll
2013-04-06 08:23:57 . 2013-04-06 08:23:59--------d-----w-C:\Program Files\K-Lite Codec Pack x64
2013-04-06 08:22:49 . 2013-03-17 16:21:303649536----a-w-C:\Windows\SysWow64\x264vfw.dll
2013-04-06 08:22:49 . 2012-06-09 17:21:56178688----a-w-C:\Windows\SysWow64\unrar.dll
2013-04-06 08:22:49 . 2011-12-21 17:14:02151552----a-w-C:\Windows\SysWow64\ac3acm.acm
2013-04-06 08:22:49 . 2011-12-07 17:32:24216064----a-w-C:\Windows\SysWow64\lagarith.dll
2013-04-06 08:22:49 . 2011-06-24 14:44:30243200----a-w-C:\Windows\SysWow64\xvidvfw.dll
2013-04-06 08:22:49 . 2011-06-24 14:28:22650752----a-w-C:\Windows\SysWow64\xvidcore.dll
2013-04-06 08:22:49 . 2004-05-18 18:16:4239936----a-w-C:\Windows\SysWow64\huffyuv.dll
2013-04-06 08:22:47 . 2013-04-04 18:00:00112640----a-w-C:\Windows\SysWow64\ff_vfw.dll
2013-04-06 08:22:46 . 2013-04-06 08:22:48--------d-----w-C:\Program Files (x86)\K-Lite Codec Pack
2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin6.dll
2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin5.dll
2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin4.dll
2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin3.dll
2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin2.dll
2013-04-06 03:00:08 . 2013-04-06 03:00:08159744----a-w-C:\Program Files (x86)\Internet Explorer\플러그인\npqtplugin.dll
2013-04-06 02:59:51 . 2013-04-06 03:00:08--------d-----w-C:\Program Files (x86)\QuickTime
2013-04-06 02:59:51 . 2013-04-06 02:59:51--------d-----w-C:\ProgramData\Apple Computer
2013-04-06 02:59:02 . 2013-04-06 02:59:02--------d-----w-C:\Program Files (x86)\Common Files\Apple
2013-04-06 02:58:55 . 2013-04-06 02:58:56--------d-----w-C:\Program Files (x86)\Apple Software Update
2013-04-06 02:58:55 . 2013-04-06 02:58:55--------d-----w-C:\ProgramData\Apple
2013-04-06 02:57:02 . 2013-04-06 02:57:02--------d-----w-C:\Program Files (x86)\Common Files\xing shared
2013-04-06 02:56:53 . 2013-04-06 02:57:06--------d-----w-C:\Program Files (x86)\Real
2013-04-06 02:18:46 . 2013-04-06 02:18:46--------d-----w-C:\Program Files (x86)\Common Files\COMODO
2013-04-06 02:13:28 . 2013-04-06 13:17:19--------d-----w-C:\ProgramData\COMODO
2013-04-06 02:13:12 . 2013-04-07 11:49:14--------d-----w-C:\Program Files (x86)\Comodo
2013-04-06 02:05:14 . 2013-04-06 02:05:14--------d-----w-C:\Program Files\7-Zip
2013-04-06 02:04:28 . 2013-04-06 02:04:37--------d-----w-C:\Program Files\WinRAR
2013-04-06 02:04:04 . 2013-04-06 02:03:53861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-04-06 02:04:04 . 2013-04-06 02:03:53782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-04-06 02:03:53 . 2013-04-16 23:05:39--------d-----w-C:\Program Files (x86)\Java
2013-04-05 11:15:02 . 2013-04-16 10:19:08--------d-----w-C:\Program Files (x86)\Google
2013-04-05 06:44:48 . 2013-04-09 12:30:003045104----a-w-C:\Windows\system32\btscan.exe
2013-04-05 06:44:47 . 2013-04-16 11:55:08--------d-----w-C:\Program Files\Common Files\AhnLab
2013-04-05 06:43:18 . 2009-07-21 01:00:2525656----a-w-C:\Windows\system32\drivers\CdmDrvNt.sys
2013-04-05 06:43:16 . 2013-04-07 05:50:39--------d-----w-C:\Program Files\AhnLab
2013-04-05 06:42:13 . 2013-04-05 06:43:35--------d-----w-C:\ProgramData\AhnLab
2013-04-05 06:19:27 . 2013-04-05 06:19:27--------d-----w-C:\Program Files (x86)\Etron Technology
2013-04-05 06:17:09 . 2012-10-24 08:52:1265136----a-w-C:\Windows\system32\HNCE2PPRMON80.dll
2013-04-05 06:14:45 . 2009-09-06 17:30:02667136----a-w-C:\Windows\SysWow64\OGACheckControl.dll
2013-04-05 06:14:45 . 2009-09-06 17:30:02667136----a-w-C:\Windows\system32\OGACheckControl.dll
2013-04-05 06:04:52 . 2013-04-05 06:04:52--------d-----w-C:\Program Files (x86)\Microsoft Synchronization Services
2013-04-05 06:04:41 . 2013-04-05 06:04:41--------d-----w-C:\Windows\PCHEALTH
2013-04-05 06:04:41 . 2013-04-05 06:04:41--------d-----w-C:\Program Files (x86)\Microsoft.NET


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

[Broni]

Please re-run Combofix from safe mode.

 

[neowing]

I re-run ComboFix in Safe Mode.
This time, when ComboFix automaticaly close windows in the safe mode.
Computer run into the Normal mode, however, it showed the Small box that ComboFix is doing "3M"
Previous Attempt didn't show that.


Now here is Only ComboFix Log:



ComboFix 13-04-18.01 - FamilyCom 2013-04-18 10:22:24.4.4 - x64 MINIMAL
Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.8154.6431 [GMT 9:00]
Running from: c:\users\FamilyCom\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-- Previous Run --
.
Infected copy of c:\windows\System32\winver.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
.
-- Previous Run --
.
Infected copy of c:\windows\System32\winver.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
.
--------
.
Infected copy of c:\windows\System32\winver.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
.
-- Previous Run --
.
Infected copy of c:\windows\System32\winver.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
.
-- Previous Run --
.
Infected copy of c:\windows\System32\winver.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
.
--------
.
Infected copy of c:\windows\System32\winver.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
.
--------
.
Infected copy of c:\windows\System32\winver.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
.
--------
.
Infected copy of c:\windows\System32\winver.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))
.
.
2013-04-18 01:26 . 2013-04-18 01:2694656----a-w-c:\windows\system32\WPRO_41_2001woem.tmp
2013-04-18 01:25 . 2013-04-18 01:25--------d-----w-c:\users\Default\AppData\Local\temp
2013-04-18 00:34 . 2013-04-18 00:34--------d-----w-c:\program files (x86)\Common Files\COMODO
2013-04-18 00:17 . 2013-03-06 23:3322600----a-w-c:\windows\system32\drivers\aswKbd.sys
2013-04-18 00:11 . 2013-03-06 23:3333400----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2013-04-18 00:11 . 2013-03-06 23:33377920----a-w-c:\windows\system32\drivers\aswSP.sys
2013-04-18 00:11 . 2013-03-06 23:3370992----a-w-c:\windows\system32\drivers\aswRdr2.sys
2013-04-18 00:11 . 2013-03-06 23:3368920----a-w-c:\windows\system32\drivers\aswTdi.sys
2013-04-18 00:11 . 2013-03-06 23:331025808----a-w-c:\windows\system32\drivers\aswSnx.sys
2013-04-18 00:11 . 2013-03-06 23:3380816----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2013-04-18 00:11 . 2013-03-06 23:3241664----a-w-c:\windows\avastSS.scr
2013-04-16 23:07 . 2013-04-04 05:5025928----a-w-c:\windows\system32\drivers\mbam.sys
2013-04-16 23:05 . 2013-04-16 23:05--------d-----w-c:\program files (x86)\Common Files\Java
2013-04-16 23:05 . 2013-04-03 20:3595648----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-16 12:19 . 2013-04-16 12:19--------d-----w-c:\program files (x86)\Common Files\Wrye Bash
2013-04-16 12:19 . 2012-10-27 14:268192----a-w-c:\windows\SysWow64\pythoncomloader27.dll
2013-04-16 12:19 . 2012-10-27 14:22364544----a-w-c:\windows\SysWow64\pythoncom27.dll
2013-04-16 12:19 . 2012-10-27 14:20110080----a-w-c:\windows\SysWow64\pywintypes27.dll
2013-04-16 11:57 . 2013-03-06 23:3365336----a-w-c:\windows\system32\drivers\aswRvrt.sys
2013-04-16 11:57 . 2013-03-06 23:33178624----a-w-c:\windows\system32\drivers\aswVmm.sys
2013-04-16 11:57 . 2013-03-06 23:32287840----a-w-c:\windows\system32\aswBoot.exe
2013-04-16 11:55 . 2013-04-18 00:11--------d-----w-c:\program files\AVAST Software
2013-04-16 11:53 . 2013-04-18 00:11--------d-----w-c:\programdata\AVAST Software
2013-04-16 11:06 . 2013-02-15 06:063717632----a-w-c:\windows\system32\mstscax.dll
2013-04-16 11:06 . 2013-02-15 06:02158720----a-w-c:\windows\system32\aaclient.dll
2013-04-16 11:06 . 2013-02-15 04:373217408----a-w-c:\windows\SysWow64\mstscax.dll
2013-04-16 11:06 . 2013-02-15 04:34131584----a-w-c:\windows\SysWow64\aaclient.dll
2013-04-16 11:06 . 2013-02-15 06:0844032----a-w-c:\windows\system32\tsgqec.dll
2013-04-16 11:06 . 2013-02-15 03:2536864----a-w-c:\windows\SysWow64\tsgqec.dll
2013-04-16 11:00 . 2013-03-15 06:289311288----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C2C9FC5-FC98-45AC-9B7C-E2A123FF3274}\mpengine.dll
2013-04-16 10:58 . 2013-03-01 03:363153408----a-w-c:\windows\system32\win32k.sys
2013-04-16 10:56 . 2013-03-19 06:045550424----a-w-c:\windows\system32\ntoskrnl.exe
2013-04-16 10:56 . 2013-03-19 05:4643520----a-w-c:\windows\system32\csrsrv.dll
2013-04-16 10:56 . 2013-03-19 05:043968856----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2013-04-16 10:56 . 2013-03-19 05:043913560----a-w-c:\windows\SysWow64\ntoskrnl.exe
2013-04-16 10:56 . 2013-03-19 04:476656----a-w-c:\windows\SysWow64\apisetschema.dll
2013-04-16 10:56 . 2013-03-19 03:06112640----a-w-c:\windows\system32\smss.exe
2013-04-16 10:32 . 2013-04-16 10:32--------d-----w-c:\program files (x86)\Mozilla Maintenance Service
2013-04-16 09:24 . 2013-04-16 12:51--------d-----w-c:\program files\CCleaner
2013-04-16 08:47 . 2013-04-16 08:47--------d-----w-c:\programdata\Malwarebytes
2013-04-16 08:47 . 2013-04-16 23:07--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-16 08:27 . 2013-04-16 08:30--------d-----w-c:\programdata\eSafe
2013-04-14 11:18 . 2013-04-14 11:18--------d-----w-c:\program files (x86)\Skyrim Mods
2013-04-13 02:52 . 2013-04-13 02:52--------d-----w-c:\program files (x86)\Banktown
2013-04-13 01:49 . 2013-04-13 02:52--------d-----w-c:\program files (x86)\INICIS61
2013-04-12 12:55 . 2013-04-16 12:33--------d-----w-C:\BOSS
2013-04-12 09:17 . 2013-04-16 12:19--------d-----w-C:\Python27
2013-04-12 09:03 . 2013-04-12 09:04--------d-----w-C:\Games
2013-04-12 09:02 . 2013-04-16 10:30--------d-----w-c:\program files\Nexus Mod Manager
2013-04-12 08:36 . 2008-07-31 01:4172200----a-w-c:\windows\system32\XAPOFX1_1.dll
2013-04-12 08:25 . 2013-04-12 08:25--------d-----w-c:\programdata\regid.1986-12.com.adobe
2013-04-12 08:20 . 2013-04-12 08:20--------d-----w-c:\programdata\ALM
2013-04-12 08:08 . 2013-04-12 08:08--------d-----w-c:\program files (x86)\Adobe Story
2013-04-12 08:03 . 2013-04-12 08:03--------d-----w-c:\program files (x86)\My Company Name
2013-04-12 08:03 . 2013-04-12 08:03--------d-----w-c:\program files (x86)\Common Files\Sonic Shared
2013-04-12 08:03 . 2013-04-12 08:03--------d-----w-c:\program files (x86)\Common Files\PX Storage Engine
2013-04-12 08:03 . 2009-07-08 18:0055280------w-c:\windows\system32\drivers\PxHlpa64.sys
2013-04-12 08:03 . 2009-06-22 18:0010224------w-c:\windows\system32\drivers\cdralw2k.sys
2013-04-12 08:03 . 2009-06-22 18:0010224------w-c:\windows\system32\drivers\cdr4_xp.sys
2013-04-12 08:01 . 2013-04-12 08:22--------d-----w-c:\program files\Common Files\Adobe
2013-04-12 08:01 . 2013-04-12 08:22--------d-----w-c:\program files\Adobe
2013-04-12 08:00 . 2013-04-16 23:11--------d-----w-c:\program files (x86)\Common Files\Adobe AIR
2013-04-12 07:45 . 2013-04-12 07:45--------d-----w-c:\program files (x86)\VirtualDVD
2013-04-12 07:45 . 2013-04-12 07:45--------d-----w-c:\windows\SysWow64\VirtualDVD InstallData
2013-04-12 07:45 . 2013-01-03 04:05184320----a-w-c:\windows\system32\drivers\VirtualDVD.sys
2013-04-10 11:27 . 2012-07-03 02:5831744----a-w-c:\windows\system32\drivers\lgandnetadb.sys
2013-04-10 11:27 . 2012-07-03 02:5036352----a-w-c:\windows\system32\drivers\lgandnetmodem64.sys
2013-04-10 11:27 . 2012-07-03 02:5029184----a-w-c:\windows\system32\drivers\lgandnetdiag64.sys
2013-04-10 11:27 . 2012-07-03 02:5029184----a-w-c:\windows\system32\drivers\lgandnetdiag264.sys
2013-04-10 11:25 . 2011-05-10 04:37655872----a-w-c:\windows\SysWow64\msvcr90.dll
2013-04-10 11:25 . 2011-05-10 04:37568832----a-w-c:\windows\SysWow64\msvcp90.dll
2013-04-10 11:25 . 2011-05-10 04:37224768----a-w-c:\windows\SysWow64\msvcm90.dll
2013-04-10 11:25 . 2005-10-03 16:3944544----a-w-c:\windows\SysWow64\msxml4a.dll
2013-04-10 11:25 . 2006-05-03 23:3353248----a-w-c:\windows\SysWow64\CommonDL.dll
2013-04-10 11:25 . 2013-04-10 11:26--------d-----w-c:\programdata\LGMOBILEAX
2013-04-10 11:25 . 2013-04-10 11:25--------d-----w-C:\LGMobileUpgrade
2013-04-08 02:06 . 2013-04-10 11:27--------d-----w-c:\program files (x86)\LG Electronics
2013-04-07 05:51 . 2012-09-14 07:42118072----a-w-c:\windows\system32\drivers\AmonTDLh.sys
2013-04-07 05:49 . 2013-04-07 05:49--------d-----w-c:\program files (x86)\AhnLab
2013-04-07 05:49 . 2013-04-07 05:49--------d-----w-c:\program files\NPKI
2013-04-07 05:49 . 2013-04-07 05:49--------d-----w-c:\program files (x86)\Softforum
2013-04-07 05:49 . 2013-04-07 05:49--------d-----w-c:\program files (x86)\Wizvera
2013-04-06 13:25 . 2013-04-06 13:25--------d-----w-C:\VTRoot
2013-04-06 13:16 . 2013-04-06 13:16--------d-----w-c:\program files\COMODO
2013-04-06 13:16 . 2013-04-06 13:16--------d-----w-c:\programdata\Comodo Downloader
2013-04-06 12:40 . 2013-04-12 07:34--------d-----w-c:\programdata\DAEMON Tools Lite
2013-04-06 12:30 . 2013-04-06 12:30564824----a-w-c:\windows\system32\drivers\sptd.sys
2013-04-06 08:23 . 2012-06-09 17:21206336----a-w-c:\windows\system32\unrar64.dll
2013-04-06 08:23 . 2011-12-07 17:37148992----a-w-c:\windows\system32\lagarith.dll
2013-04-06 08:23 . 2013-04-04 18:00127488----a-w-c:\windows\system32\ff_vfw.dll
2013-04-06 08:23 . 2013-04-06 08:23--------d-----w-c:\program files\K-Lite Codec Pack x64
2013-04-06 08:22 . 2013-03-17 16:213649536----a-w-c:\windows\SysWow64\x264vfw.dll
2013-04-06 08:22 . 2012-06-09 17:21178688----a-w-c:\windows\SysWow64\unrar.dll
2013-04-06 08:22 . 2011-12-21 17:14151552----a-w-c:\windows\SysWow64\ac3acm.acm
2013-04-06 08:22 . 2011-12-07 17:32216064----a-w-c:\windows\SysWow64\lagarith.dll
2013-04-06 08:22 . 2011-06-24 14:44243200----a-w-c:\windows\SysWow64\xvidvfw.dll
2013-04-06 08:22 . 2011-06-24 14:28650752----a-w-c:\windows\SysWow64\xvidcore.dll
2013-04-06 08:22 . 2004-05-18 18:1639936----a-w-c:\windows\SysWow64\huffyuv.dll
2013-04-06 08:22 . 2013-04-04 18:00112640----a-w-c:\windows\SysWow64\ff_vfw.dll
2013-04-06 08:22 . 2013-04-06 08:22--------d-----w-c:\program files (x86)\K-Lite Codec Pack
2013-04-06 03:00 . 2013-04-06 03:00159744----a-w-c:\program files (x86)\Internet Explorer\플러그인\npqtplugin6.dll
2013-04-06 03:00 . 2013-04-06 03:00159744----a-w-c:\program files (x86)\Internet Explorer\플러그인\npqtplugin5.dll
2013-04-06 03:00 . 2013-04-06 03:00159744----a-w-c:\program files (x86)\Internet Explorer\플러그인\npqtplugin4.dll
2013-04-06 03:00 . 2013-04-06 03:00159744----a-w-c:\program files (x86)\Internet Explorer\플러그인\npqtplugin3.dll
2013-04-06 03:00 . 2013-04-06 03:00159744----a-w-c:\program files (x86)\Internet Explorer\플러그인\npqtplugin2.dll
2013-04-06 03:00 . 2013-04-06 03:00159744----a-w-c:\program files (x86)\Internet Explorer\플러그인\npqtplugin.dll
2013-04-06 02:59 . 2013-04-06 03:00--------d-----w-c:\program files (x86)\QuickTime
2013-04-06 02:59 . 2013-04-06 02:59--------d-----w-c:\programdata\Apple Computer
2013-04-06 02:59 . 2013-04-06 02:59--------d-----w-c:\program files (x86)\Common Files\Apple
2013-04-06 02:58 . 2013-04-06 02:58--------d-----w-c:\program files (x86)\Apple Software Update
2013-04-06 02:58 . 2013-04-06 02:58--------d-----w-c:\programdata\Apple
2013-04-06 02:57 . 2013-04-06 02:57--------d-----w-c:\program files (x86)\Common Files\xing shared
2013-04-06 02:56 . 2013-04-06 02:57--------d-----w-c:\program files (x86)\Real
2013-04-06 02:13 . 2013-04-06 13:17--------d-----w-c:\programdata\COMODO
2013-04-06 02:13 . 2013-04-07 11:49--------d-----w-c:\program files (x86)\Comodo
2013-04-06 02:05 . 2013-04-06 02:05--------d-----w-c:\program files\7-Zip
2013-04-06 02:04 . 2013-04-06 02:04--------d-----w-c:\program files\WinRAR
2013-04-06 02:04 . 2013-04-06 02:03861088----a-w-c:\windows\SysWow64\npDeployJava1.dll
2013-04-06 02:04 . 2013-04-06 02:03782240----a-w-c:\windows\SysWow64\deployJava1.dll
2013-04-06 02:03 . 2013-04-16 23:05--------d-----w-c:\program files (x86)\Java
2013-04-05 11:15 . 2013-04-18 00:14--------d-----w-c:\program files (x86)\Google
2013-04-05 06:44 . 2013-04-09 12:303045104----a-w-c:\windows\system32\btscan.exe
2013-04-05 06:44 . 2013-04-16 11:55--------d-----w-c:\program files\Common Files\AhnLab
2013-04-05 06:43 . 2009-07-21 01:0025656----a-w-c:\windows\system32\drivers\CdmDrvNt.sys
2013-04-05 06:43 . 2013-04-07 05:50--------d-----w-c:\program files\AhnLab
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 23:10 . 2013-02-23 15:4971048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-16 23:10 . 2013-02-23 15:49691592----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-06 12:40 . 2013-03-06 03:04283200----a-w-c:\windows\system32\drivers\dtsoftbus01.sys
2013-04-06 02:56 . 2006-07-16 22:00499712----a-w-c:\windows\SysWow64\msvcp71.dll
2013-04-06 02:56 . 2006-07-16 22:00348160----a-w-c:\windows\SysWow64\msvcr71.dll
2013-04-01 10:58 . 2013-02-23 16:4872702784----a-w-c:\windows\system32\MRT.exe
2013-03-14 13:07 . 2013-03-14 13:07559904----a-w-c:\windows\SysWow64\nvStreaming.exe
2013-03-11 16:10 . 2010-11-21 03:27282744------w-c:\windows\system32\MpSigStub.exe
2013-02-23 16:43 . 2013-02-23 16:4391648----a-w-c:\windows\system32\SetIEInstalledDate.exe
2013-02-23 16:43 . 2013-02-23 16:4389088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
2013-02-23 16:43 . 2013-02-23 16:4389088----a-w-c:\windows\system32\ie4uinit.exe
2013-02-23 16:43 . 2013-02-23 16:4386528----a-w-c:\windows\SysWow64\iesysprep.dll
2013-02-23 16:43 . 2013-02-23 16:4385504----a-w-c:\windows\system32\iesetup.dll
2013-02-23 16:43 . 2013-02-23 16:4382432----a-w-c:\windows\system32\icardie.dll
2013-02-23 16:43 . 2013-02-23 16:4376800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2013-02-23 16:43 . 2013-02-23 16:4376800----a-w-c:\windows\system32\tdc.ocx
2013-02-23 16:43 . 2013-02-23 16:4374752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-23 16:43 . 2013-02-23 16:4374752----a-w-c:\windows\SysWow64\iesetup.dll
2013-02-23 16:43 . 2013-02-23 16:4365024----a-w-c:\windows\system32\pngfilt.dll
2013-02-23 16:43 . 2013-02-23 16:4363488----a-w-c:\windows\SysWow64\tdc.ocx
2013-02-23 16:43 . 2013-02-23 16:4355296----a-w-c:\windows\system32\msfeedsbs.dll
2013-02-23 16:43 . 2013-02-23 16:43534528----a-w-c:\windows\system32\ieapfltr.dll
2013-02-23 16:43 . 2013-02-23 16:4349664----a-w-c:\windows\system32\imgutil.dll
2013-02-23 16:43 . 2013-02-23 16:4348640----a-w-c:\windows\SysWow64\mshtmler.dll
2013-02-23 16:43 . 2013-02-23 16:4348640----a-w-c:\windows\system32\mshtmler.dll
2013-02-23 16:43 . 2013-02-23 16:43452608----a-w-c:\windows\system32\dxtmsft.dll
2013-02-23 16:43 . 2013-02-23 16:43448512----a-w-c:\windows\system32\html.iec
2013-02-23 16:43 . 2013-02-23 16:43403248----a-w-c:\windows\system32\iedkcs32.dll
2013-02-23 16:43 . 2013-02-23 16:4339936----a-w-c:\windows\system32\iernonce.dll
2013-02-23 16:43 . 2013-02-23 16:433695416----a-w-c:\windows\system32\ieapfltr.dat
2013-02-23 16:43 . 2013-02-23 16:43367104----a-w-c:\windows\SysWow64\html.iec
2013-02-23 16:43 . 2013-02-23 16:4335840----a-w-c:\windows\SysWow64\imgutil.dll
2013-02-23 16:43 . 2013-02-23 16:4330720----a-w-c:\windows\system32\licmgr10.dll
2013-02-23 16:43 . 2013-02-23 16:43282112----a-w-c:\windows\system32\dxtrans.dll
2013-02-23 16:43 . 2013-02-23 16:43267776----a-w-c:\windows\system32\ieaksie.dll
2013-02-23 16:43 . 2013-02-23 16:43249344----a-w-c:\windows\system32\webcheck.dll
2013-02-23 16:43 . 2013-02-23 16:4323552----a-w-c:\windows\SysWow64\licmgr10.dll
2013-02-23 16:43 . 2013-02-23 16:43222208----a-w-c:\windows\system32\msls31.dll
2013-02-23 16:43 . 2013-02-23 16:43197120----a-w-c:\windows\system32\msrating.dll
2013-02-23 16:43 . 2013-02-23 16:43165888----a-w-c:\windows\system32\iexpress.exe
2013-02-23 16:43 . 2013-02-23 16:43163840----a-w-c:\windows\system32\ieakui.dll
2013-02-23 16:43 . 2013-02-23 16:43161792----a-w-c:\windows\SysWow64\msls31.dll
2013-02-23 16:43 . 2013-02-23 16:43160256----a-w-c:\windows\system32\wextract.exe
2013-02-23 16:43 . 2013-02-23 16:43160256----a-w-c:\windows\system32\ieakeng.dll
2013-02-23 16:43 . 2013-02-23 16:43152064----a-w-c:\windows\SysWow64\wextract.exe
2013-02-23 16:43 . 2013-02-23 16:43150528----a-w-c:\windows\SysWow64\iexpress.exe
2013-02-23 16:43 . 2013-02-23 16:43149504----a-w-c:\windows\system32\occache.dll
2013-02-23 16:43 . 2013-02-23 16:43145920----a-w-c:\windows\system32\iepeers.dll
2013-02-23 16:43 . 2013-02-23 16:43135168----a-w-c:\windows\system32\IEAdvpack.dll
2013-02-23 16:43 . 2013-02-23 16:4312288----a-w-c:\windows\system32\mshta.exe
2013-02-23 16:43 . 2013-02-23 16:4311776----a-w-c:\windows\SysWow64\mshta.exe
2013-02-23 16:43 . 2013-02-23 16:43114176----a-w-c:\windows\system32\admparse.dll
2013-02-23 16:43 . 2013-02-23 16:43111616----a-w-c:\windows\system32\iesysprep.dll
2013-02-23 16:43 . 2013-02-23 16:43110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2013-02-23 16:43 . 2013-02-23 16:4310752----a-w-c:\windows\system32\msfeedssync.exe
2013-02-23 16:43 . 2013-02-23 16:43103936----a-w-c:\windows\system32\inseng.dll
2013-02-23 16:43 . 2013-02-23 16:43101888----a-w-c:\windows\SysWow64\admparse.dll
2013-02-23 16:26 . 2013-02-23 16:2629480----a-w-c:\windows\SysWow64\msxml3a.dll
2013-01-24 13:43 . 2013-01-24 13:4343216----a-w-c:\windows\system32\cmdcsr.dll
2013-01-24 13:43 . 2013-01-24 13:43461384----a-w-c:\windows\system32\guard64.dll
2013-01-24 13:43 . 2013-01-24 13:43354752----a-w-c:\windows\SysWow64\guard32.dll
2013-01-24 13:42 . 2013-01-24 13:4245776----a-w-c:\windows\system32\cmdkbd64.dll
2013-01-24 13:42 . 2013-01-24 13:42326352----a-w-c:\windows\system32\cmdvrt64.dll
2013-01-24 13:42 . 2013-01-24 13:4240656----a-w-c:\windows\SysWow64\cmdkbd32.dll
2013-01-24 13:42 . 2013-01-24 13:42263888----a-w-c:\windows\SysWow64\cmdvrt32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2011-01-16 . 81257415084B84F3C0D95C381A8D4C8F . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[-] 2011-01-16 . 0B864E15A0BADFF0E7BB8B59009FDDCF . 1008640 . . [6.1.7601.17514] .. c:\windows\KJ\Pirate\T\x64T\user32.dll
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2010-11-19 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\KJ\Pirate\P\x64P\user32.dll
[-] 2011-01-16 . 0B864E15A0BADFF0E7BB8B59009FDDCF . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\FamilyCom\AppData\Roaming\uTorrent\uTorrent.exe" [2013-04-16 802136]
"VirtualDVD"="c:\program files (x86)\VirtualDVD\VirtualDVD.exe" [2013-02-18 3253760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Korean IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IME14 KOR Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 80240]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"HncUpdate"="c:\program files (x86)\Hnc\HncUtils\HncChecker.exe" [2012-10-17 715624]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-04-06 295512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-04-17 1851088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe [2013-4-17 49352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
Ime FileREG_SZ IMKR14.IME
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
R3 AhnFlt2k;AhnFlt2k;c:\windows\system32\Drivers\AhnFlt2k.sys [x]
R3 AhnRec2k;AhnRec2k;c:\windows\system32\Drivers\AhnRec2k.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [2012-07-03 31744]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys [2012-07-03 29184]
R3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\DRIVERS\lgandnetdiag264.sys [2012-07-03 29184]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys [2012-07-03 36352]
R3 aswVmm;aswVmm; [x]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\Drivers\CdmDrvNt.sys [2009-07-21 25656]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-01-24 158928]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [x]
R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys [2013-04-07 141848]
R3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [2010-06-28 126072]
R3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [2010-06-28 155256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys [2012-09-14 118072]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-01-16 23176]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-01-16 699880]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-01-16 48360]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2008-02-01 32240]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [2013-04-17 70344]
S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-04-17 1851088]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-01-20 83312]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-05 39056]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-06 283200]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2013-04-07 19888]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 VirtualDVD;VirtualDVD;c:\windows\system32\DRIVERS\VirtualDVD.sys [2013-01-03 184320]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2013-04-18 34752]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 05:201642448----a-w-c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 23:10]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-05 11:15]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-05 11:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32133840----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 07:31776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 07:31776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 07:31776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 07:31776144----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"IME14 KOR Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 109424]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1451728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-29 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.naver.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Microsoft Excel로 내보내기(&X) - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: OneNote로 보내기(&N) - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 168.126.63.1 168.126.63.2
DPF: {1C3DB737-3814-495E-87D5-62968A2A1761} - hxxp://activex.off.co.kr/toolbar/DicoStarterX.cab
FF - ProfilePath - c:\users\FamilyCom\AppData\Roaming\Mozilla\Firefox\Profiles\0xr32m0f.default\
FF - ExtSQL: 2013-04-12 17:09; {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}; c:\program files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - ExtSQL: 2013-04-12 17:11; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-04-18 10:31:42 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-18 01:31
.
Pre-Run: 432,016,105,472 바이트 남음
Post-Run: 431,425,085,440 바이트 남음
.
- - End Of File - - 3F1F7A1758885E945E67CC3BA1B797F1

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll | c:\windows\system32\user32.dll

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[neowing]

Here is New Log:


ComboFix 13-04-18.01 - FamilyCom 2013-04-18 13:40:18.5.4 - x64
Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.8154.6246 [GMT 9:00]
Running from: C:\Users\FamilyCom\Desktop\ComboFix.exe
Command switches used :: C:\Users\FamilyCom\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


Infected copy of C:\Windows\System32\winver.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe


--------------- FCopy ---------------

c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll

((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))

 

[Broni]

The log is incomplete.
If this is all what you got re-run Combofix without my code.

 

[neowing]

I tried 2 times and result is the same.
I used your code.
This computer is having a difficult time with ComboFix.

Maybe I have to clean c:
Before I do that I want to ask one question.

My Main Harddrive is 1TB - It have 2 partition.
I am trying to move "Download" folder (Which is in C) into other partition.

If that happened, what will happened "resident Maware" that infected inside of my computer ?

---------
But if you want to see the log I put them below:



ComboFix 13-04-18.03 - FamilyCom 2013-04-19 8:29:12.7.4 - x64
Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.8154.6408 [GMT 9:00]
Running from: C:\Users\FamilyCom\Desktop\ComboFix.exe
Command switches used :: C:\Users\FamilyCom\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


-- Previous Run --

Infected copy of C:\Windows\System32\winver.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe

-- Previous Run --

Infected copy of C:\Windows\System32\winver.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe

--------

Infected copy of C:\Windows\System32\winver.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe

--------

Infected copy of C:\Windows\System32\winver.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe


--------------- FCopy ---------------

c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll

((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))