tommynomad Posted May 30, 2014 ID:836118 Share Posted May 30, 2014 Good day, I've been saddled with the dreaded scrollover links (double-underlined, usually for Bargainfinder & the like) for a fortnight. I've been counselled to use MBAM, but when I try it force quits after 2-5 seconds. I have run MBAM as an administrator, in safe mode, and as an admin in safe mode, all with the same result. I tried installing & running MBAM using Chameleon, with the same result. Based on the advice in these forums, I've run the Farbar Recovery Scan Tool. Here is the log, followed by the Addition file. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014Ran by 토미혜경 (administrator) on 토미혜경-PC on 31-05-2014 06:14:14Running from C:\Users\토미혜경\DownloadsPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: 0412Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe(MarkAny) C:\Windows\ImageSAFERSvc.exe(MarkAny) C:\Windows\System32\ImageSAFERStart_X86.exe(MarkAny) C:\Windows\System32\ImageSAFERStart_X64.exe(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe(INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npkcmsvc.exe(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe(Dropbox, Inc.) C:\Users\토미혜경\AppData\Roaming\Dropbox\bin\Dropbox.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\audiodg.exe() C:\Program Files (x86)\Everything\Everything.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)HKLM-x32\...\RunOnce: [1] - C:\Users\토미혜경\Downloads\mbam-chameleon.exe /r /p [218184 2012-08-15] ()Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnkShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)Startup: C:\Users\토미혜경\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\토미혜경\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.jooyon.co.krHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {52A08339-E735-42A7-B952-01B3E889BDFB} URL = SearchScopes: HKCU - {9793F4C5-78F5-48EF-9DA0-65B8D786EF61} URL = http://kr.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}SearchScopes: HKCU - {E50C722E-A4A8-4A3B-9CBF-70BADBFC3F3A} URL = http://kr.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: No Name - {AD65D410-9475-41eb-B0BB-4B75F2967B13} - No FileBHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: No Name - {F5BEA1B9-FEF6-4093-846D-753C42A1B00A} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)DPF: HKLM {6CE20149-ABE3-462E-A1B4-5B549971AA38} Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler: wlmailhtml - No CLSID Value - Handler: wlpg - No CLSID Value - Handler-x32: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11014.dll (© INITECH)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: wlmailhtml - No CLSID Value - Handler-x32: wlpg - No CLSID Value - Tcpip\Parameters: [DhcpNameServer] 168.126.63.1 168.126.63.2 FireFox:========FF ProfilePath: C:\Users\토미혜경\AppData\Roaming\Mozilla\Firefox\Profiles\ah4btwdd.default-1400886471837FF Homepage: hxxp://www.tsn.ca/nhl/FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 - C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_535\npaosmgr.dll (AhnLab, Inc.)FF Plugin-x32: @ahnlab.com/asp/npmkd25sp - C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)FF Plugin-x32: @gomtv.com/gomtvx-plugin - C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)FF Plugin-x32: @initech.com/moasign_s - C:\Program Files (x86)\INITECH\INISAFE MoaSignS\npMoasignMime.dll ()FF Plugin-x32: @interezen.co.kr/npi3gmanager - C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll (Interezen © Interezen.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nprotect.com/npEfdsWPlugin - C:\Users\토미혜경\AppData\LocalLow\nProtect\npEfdsWCtrl\npEfdsWPlugin.dll (INCA Internet Co., Ltd)FF Plugin-x32: @softforum.com/npKeyPro - C:\Windows\system32\npKeyPro.dll No FileFF Plugin-x32: @softforum.com/npXecureMacuxNPPlugin - C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll (Softforum, Inc.)FF Plugin-x32: @softforum.com/npxwebplugins - C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)FF Plugin-x32: @softforum.com/npxwebplugins_file - C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)FF Plugin-x32: @spaceinter.com/EZKeytecPlugin - C:\Program Files (x86)\Space International\Easykeytec v2.0\npEZKeytecPlugin.dll (Space International, Inc. )FF Plugin-x32: @spaceinter.com/EZKeytecPlugins - C:\Program Files (x86)\Space International\Easykeytec v2.0\npEZKeytecPlugins.dll (Space International, Inc. )FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @wizvera.com/npdolphin - C:\Program Files (x86)\Wizvera\Delfino\npdelfinoplugin.dll (Wizvera)FF Plugin-x32: @wizvera.com/npVeraport20 - C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: secureholic.co.kr/SecureHolicPNPPlugin - C:\Program Files (x86)\SecureHolic\PNPPlugin\npSecureHolicPNPPlugin.dll (Secure Holic Co.,Ltd.)FF Plugin HKCU: @ahnlab.com/asp/npmkd25sp - C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)FF Plugin HKCU: @iniline.com/npCrossWeb - C:\Users\토미혜경\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0AB9084F-0EF8-499a-A461-DE46D3C4A45B}\plugins\npCrossWeb.dll (INITECH Co., Ltd.)FF Plugin HKCU: @initech.com/moasign_s - C:\Program Files (x86)\INITECH\INISAFE MoaSignS\npMoasignMime.dll ()FF Plugin HKCU: @initech.com/npSandBox - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.10043.dll (Initech Co., Ltd.)FF Plugin HKCU: @ktbsol.co.kr/KTBRealIPDGB_ctl - C:\Program Files (x86)\KTBRealIPDGB\npKTBRealIPDGB_ctl.dll (KTB Solutions)FF Plugin HKCU: @softforum.com/npxwebplugins - C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)FF Plugin HKCU: @softforum.com/npxwebplugins_file - C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)FF Plugin HKCU: @www.inicis.com/application/x-INIwallet61-INICIS - C:\Program Files (x86)\INICIS61\plugins\npINIwallet61.dll (INICIS)FF Plugin HKCU: ktbsol.co.kr/KTBRealIPDGB_ctl - C:\Program Files (x86)\KTBRealIPDGB\npKTBRealIPDGB_ctl.dll (KTB Solutions)FF Plugin HKCU: secureholic.co.kr/SecureHolicPNPPlugin - C:\Program Files (x86)\SecureHolic\PNPPlugin\npSecureHolicPNPPlugin.dll (Secure Holic Co.,Ltd.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npINISAFEWeb60.dll (INITECH ©)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xmlFF Extension: INISAFE CrossWeb - C:\Users\토미혜경\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0AB9084F-0EF8-499a-A461-DE46D3C4A45B} [2013-01-14] Chrome: =======CHR HomePage: www.google.comCHR StartupUrls: "https://plus.google.com/stream/circles/p5f909b280a98dfed"CHR Extension: (Google Docs) - C:\Users\토미혜경\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-15]CHR Extension: (Google Drive) - C:\Users\토미혜경\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\토미혜경\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-05-14]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\토미혜경\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]CHR Extension: (YouTube) - C:\Users\토미혜경\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-15]CHR Extension: (Google Search) - C:\Users\토미혜경\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]CHR Extension: (Google Wallet) - C:\Users\토미혜경\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15]CHR Extension: (Gmail) - C:\Users\토미혜경\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-15]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)R2 Image Protection; C:\Windows\ImageSAFERSvc.exe [237568 2011-12-27] (MarkAny)S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 npkcmsvc; C:\Windows\SysWOW64\npkcmsvc.exe [209248 2012-08-22] (INCA Internet Co., Ltd.)S2 npkfxsvc; C:\Windows\SysWow64\npkfxsvc.exe [197888 2013-05-20] (INCA Internet Co., Ltd.)R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2014-02-14] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [118072 2012-09-14] (AhnLab, Inc.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)S3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [58368 2009-06-25] (Atheros Communications, Inc.)S3 CdmDrvNt; C:\Windows\system32\Drivers\CdmDrvNt.sys [25656 2009-07-21] (AhnLab, Inc.)R2 f_npm; C:\Windows\SYSTEM32\DRIVERS\f_npm.sys [22848 2012-11-08] (Fasoo.com)R2 f_npm; C:\Windows\SysWOW64\DRIVERS\f_npm.sys [17600 2012-11-08] (Fasoo.com)R3 ISMgr; C:\Windows\system32\ImageSAFERDrv64.sys [11256 2009-11-26] ()S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2014-05-20] (Kings Information & Network)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-31] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99800 2014-02-14] (Intel Corporation)S3 MfFWEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [126072 2010-06-28] (AhnLab, Inc.)S3 MfIPSEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [155256 2010-06-28] (AhnLab, Inc.)S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [98104 2012-08-17] (AhnLab, Inc.)S3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [107832 2012-08-17] (AhnLab, Inc.)S3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [166200 2012-09-24] (AhnLab, Inc.)S3 NPFW; C:\Windows\system32\NPFWVT64.sys [154376 2013-09-09] (INCA Internet Co.,Ltd.)S3 NPFW; C:\Windows\SysWOW64\NPFWVT64.sys [154376 2013-09-09] (INCA Internet Co.,Ltd.)S3 NPIDS; C:\Windows\system32\NpIdsVt64.sys [89352 2013-09-09] (INCA Internet Co.,Ltd.)S3 NPIDS; C:\Windows\SysWOW64\NpIdsVt64.sys [89352 2013-09-09] (INCA Internet Co.,Ltd.)S3 npkcft64; C:\Windows\SysWOW64\npkcft64.sys [48992 2012-11-16] (INCA Internet Co., Ltd.)S3 npkfxs; c:\windows\syswow64\npkfxs.sys [24416 2014-02-21] (INCA Internet Co.,Ltd.)S3 ProMDefense; C:\Windows\system32\Drivers\ProMDefense.sys [58192 2014-04-03] (Kings Information & Network Co., Ltd.)R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)S3 scsk5; C:\Windows\SysWow64\drivers\scsk5.sys [50608 2014-05-20] ()R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-06-21] (Anchorfree Inc.)S3 x64kdss; C:\Windows\SysWow64\Drivers\x64kdss.sys [58752 2014-04-03] (Kings Information & Network)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 ezty2; \??\C:\Windows\system32\ezty2.sys [X]S2 fs_kbfilter; \??\C:\Windows\SYSTEM32\DRIVERS\fs_kbdrv.sys [X]S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-31 06:14 - 2014-05-31 06:14 - 00019371 _____ () C:\Users\토미혜경\Downloads\FRST.txt2014-05-31 06:13 - 2014-05-31 06:14 - 00000000 ____D () C:\FRST2014-05-31 06:13 - 2014-05-31 06:13 - 02066944 _____ (Farbar) C:\Users\토미혜경\Downloads\FRST64.exe2014-05-31 06:09 - 2014-05-31 06:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-31 06:08 - 2014-05-31 06:08 - 00000909 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-31 06:08 - 2014-05-31 06:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-31 06:08 - 2014-05-31 06:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-31 06:08 - 2014-05-12 07:55 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-31 06:08 - 2014-05-12 07:54 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-31 05:49 - 2012-08-15 08:48 - 00218184 _____ () C:\Users\토미혜경\Downloads\winlogon.exe2014-05-31 05:49 - 2012-08-15 08:48 - 00218184 _____ () C:\Users\토미혜경\Downloads\svchost.exe2014-05-31 05:49 - 2012-08-15 08:48 - 00218184 _____ () C:\Users\토미혜경\Downloads\rundll32.exe2014-05-31 05:49 - 2012-08-15 08:48 - 00218184 _____ () C:\Users\토미혜경\Downloads\mbam-chameleon.scr2014-05-31 05:49 - 2012-08-15 08:48 - 00218184 _____ () C:\Users\토미혜경\Downloads\mbam-chameleon.pif2014-05-31 05:49 - 2012-08-15 08:48 - 00218184 _____ () C:\Users\토미혜경\Downloads\mbam-chameleon.exe2014-05-31 05:49 - 2012-08-15 08:48 - 00218184 _____ () C:\Users\토미혜경\Downloads\mbam-chameleon.com2014-05-31 05:49 - 2012-08-15 08:48 - 00218184 _____ () C:\Users\토미혜경\Downloads\iexplore.exe2014-05-31 05:49 - 2012-08-15 08:48 - 00218184 _____ () C:\Users\토미혜경\Downloads\firefox.scr2014-05-31 05:49 - 2012-08-15 08:48 - 00218184 _____ () C:\Users\토미혜경\Downloads\firefox.pif2014-05-31 05:49 - 2012-08-15 08:48 - 00218184 _____ () C:\Users\토미혜경\Downloads\firefox.exe2014-05-31 05:49 - 2012-08-15 08:48 - 00218184 _____ () C:\Users\토미혜경\Downloads\firefox.com2014-05-31 05:49 - 2012-03-03 11:32 - 00186068 _____ () C:\Users\토미혜경\Downloads\chameleon.chm2014-05-31 05:47 - 2014-05-31 05:47 - 01440846 _____ () C:\Users\토미혜경\Downloads\mbam-chameleon-1.62.1.1000 (1).zip2014-05-31 05:46 - 2014-05-31 05:46 - 01440846 _____ () C:\Users\토미혜경\Downloads\mbam-chameleon-1.62.1.1000.zip2014-05-30 19:39 - 2014-05-30 19:39 - 00066344 _____ () C:\Users\토미혜경\AppData\Local\GDIPFONTCACHEV1.DAT2014-05-30 16:08 - 2014-05-30 16:08 - 06144272 _____ (Adobe Systems Incorporated) C:\Users\토미혜경\Downloads\ADE_3.0_Installer.exe2014-05-30 16:06 - 2014-05-30 16:06 - 07944501 _____ () C:\Users\토미혜경\Downloads\gtk2-runtime-2.24.10-2012-10-10-ash.exe2014-05-30 06:46 - 2014-05-30 06:46 - 00001490 _____ () C:\Users\토미혜경\Desktop\abs.lnk2014-05-30 06:41 - 2014-05-30 06:41 - 17291728 _____ (Malwarebytes Corporation ) C:\Users\토미혜경\Downloads\mbam-setup-majorgeeks-2.0.2.1012.exe2014-05-30 04:43 - 2014-05-30 04:43 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\OpenOffice2014-05-30 04:39 - 2014-05-30 04:39 - 00008445 _____ () C:\Users\토미혜경\Downloads\hijackthis32014-05-30 04:38 - 2014-05-30 04:38 - 00003120 _____ () C:\Windows\System32\Tasks\{0BB49B97-B0A6-4BC0-AF76-41B849029F56}2014-05-30 04:24 - 2014-05-30 04:24 - 00000000 ____D () C:\Users\토미혜경\Downloads\backups2014-05-29 20:32 - 2014-05-30 04:38 - 00000003 _____ () C:\Users\토미혜경\Downloads\~dummy.tmp2014-05-29 07:27 - 2014-05-29 07:27 - 00259224 _____ () C:\Windows\msxml4-KB2758694-enu.LOG2014-05-29 07:01 - 2014-05-29 07:01 - 00001089 _____ () C:\Users\Public\Desktop\Opera.lnk2014-05-29 06:59 - 2014-05-29 06:59 - 28041256 _____ (Opera Software ASA) C:\Users\토미혜경\Downloads\Opera_21.0.1432.67_Setup.exe2014-05-29 06:56 - 2014-05-31 04:37 - 00000504 _____ () C:\Windows\setupact.log2014-05-29 06:56 - 2014-05-29 06:56 - 00000000 _____ () C:\Windows\setuperr.log2014-05-29 06:55 - 2014-05-29 06:56 - 00300216 _____ () C:\Windows\system32\FNTCACHE.DAT2014-05-29 06:55 - 2014-05-29 06:55 - 00000334 _____ () C:\Windows\PFRO.log2014-05-29 00:52 - 2014-05-29 00:52 - 00067246 _____ () C:\ProgramData\cc_20140529_005221.reg2014-05-28 23:04 - 2014-05-28 23:04 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.02014-05-28 23:03 - 2014-05-28 23:03 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 42014-05-28 22:07 - 2014-05-28 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-05-28 22:07 - 2014-05-28 22:07 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-05-28 21:47 - 2014-05-28 21:47 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk2014-05-28 21:47 - 2014-05-28 21:47 - 00000000 ____D () C:\Users\토미혜경\AppData\Local\Secunia PSI2014-05-28 21:47 - 2014-05-28 21:47 - 00000000 ____D () C:\Program Files (x86)\Secunia2014-05-28 21:46 - 2014-05-28 21:46 - 05329480 _____ (Secunia) C:\Users\토미혜경\Downloads\PSISetup.exe2014-05-27 08:15 - 2014-05-27 08:15 - 00185800 _____ (Лаборатория Касперского) C:\Users\토미혜경\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe2014-05-26 18:44 - 2014-05-26 18:44 - 00043790 _____ () C:\ComboFix.txt2014-05-26 18:44 - 2014-05-26 18:44 - 00000000 ____D () C:\Users\Public\AppData\Local\temp2014-05-26 18:44 - 2014-05-26 18:44 - 00000000 ____D () C:\Users\Default\AppData\Local\temp2014-05-26 18:44 - 2014-05-26 18:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp2014-05-26 18:44 - 2014-05-26 18:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp2014-05-26 18:44 - 2014-05-26 18:44 - 00000000 ____D () C:\Users\Åä¹ÌÇý°æ\AppData\Local\temp2014-05-26 12:46 - 2014-05-28 21:45 - 00000000 ____D () C:\Windows\erdnt2014-05-26 12:46 - 2014-05-28 21:45 - 00000000 ____D () C:\Qoobox2014-05-26 00:39 - 2014-05-31 04:40 - 00305517 _____ () C:\Windows\WindowsUpdate.log2014-05-25 21:14 - 2014-05-25 21:14 - 00009852 _____ () C:\ProgramData\cc_20140525_211420.reg2014-05-25 08:37 - 2014-05-25 08:37 - 04527616 _____ () C:\Users\토미혜경\Downloads\RogueKillerX64.exe2014-05-24 12:49 - 2014-05-24 12:49 - 00315392 _____ (Malwarebytes Corporation) C:\Users\토미혜경\Downloads\mbam-clean-2.0.2.0.exe2014-05-24 07:53 - 2014-05-24 07:54 - 10971424 _____ (SurfRight B.V.) C:\Users\토미혜경\Downloads\HitmanPro_x64.exe2014-05-24 07:52 - 2014-05-24 08:01 - 00000000 ____D () C:\ProgramData\HitmanPro2014-05-24 06:02 - 2014-05-24 06:03 - 00000000 ____D () C:\Users\토미혜경\Downloads\Opera Stable2014-05-23 20:11 - 2014-05-23 20:12 - 00000000 ____D () C:\Users\토미혜경\Downloads\SQLiteManager-1.2.42014-05-23 20:11 - 2010-03-02 21:11 - 02887680 _____ () C:\Users\토미혜경\Downloads\SQliteManager-1.2.4.tar2014-05-23 07:08 - 2014-05-23 07:08 - 01326389 _____ () C:\Users\토미혜경\Downloads\AdwCleaner.exe2014-05-23 07:07 - 2014-05-23 07:07 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled2014-05-22 04:27 - 2014-05-22 04:27 - 00000000 _____ () C:\asc_rdflag2014-05-21 18:01 - 2014-05-30 04:38 - 00008445 _____ () C:\Users\토미혜경\Downloads\hijackthis.log2014-05-20 19:03 - 2014-05-20 19:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\토미혜경\Downloads\HijackThis.exe2014-05-20 15:26 - 2014-05-20 15:26 - 00050608 _____ () C:\Windows\SysWOW64\Drivers\SCSK5.sys2014-05-20 15:22 - 2014-05-20 15:22 - 00159240 ____R (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\CKAgent.exe2014-05-20 15:22 - 2014-05-20 15:22 - 00159240 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\CKAgent.exe2014-05-15 20:10 - 2014-05-06 13:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-15 20:10 - 2014-05-06 13:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-15 20:10 - 2014-05-06 12:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-15 20:10 - 2014-05-06 12:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-15 20:10 - 2014-05-06 12:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-15 20:10 - 2014-05-06 11:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-15 19:46 - 2014-04-12 11:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-05-15 19:46 - 2014-03-04 18:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-05-15 19:46 - 2014-03-04 18:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-05-15 19:46 - 2014-03-04 18:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll2014-05-15 19:46 - 2014-03-04 18:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-05-15 19:46 - 2014-03-04 18:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-05-15 19:46 - 2014-03-04 18:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-05-15 19:46 - 2014-03-04 18:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-05-15 19:46 - 2014-03-04 18:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-05-15 19:46 - 2014-03-04 18:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-05-15 19:45 - 2014-04-12 11:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-05-15 19:45 - 2014-04-12 11:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2014-05-15 19:45 - 2014-04-12 11:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2014-05-15 19:45 - 2014-04-12 11:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2014-05-15 19:45 - 2014-04-12 11:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2014-05-15 19:45 - 2014-04-12 11:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2014-05-15 19:45 - 2014-04-12 11:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-05-15 19:45 - 2014-04-12 11:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-05-15 19:45 - 2014-03-04 18:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-05-15 19:45 - 2014-03-04 18:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-05-15 19:45 - 2014-03-04 18:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-05-15 19:45 - 2014-03-04 18:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-05-15 19:45 - 2014-03-04 18:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll2014-05-15 19:45 - 2014-03-04 18:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll2014-05-15 19:45 - 2014-03-04 18:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll2014-05-15 19:45 - 2014-03-04 18:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll2014-05-15 19:45 - 2014-03-04 18:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll2014-05-15 19:45 - 2014-03-04 18:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll2014-05-15 19:45 - 2014-03-04 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-05-15 19:45 - 2014-03-04 18:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll2014-05-15 19:45 - 2014-03-04 18:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-05-15 19:45 - 2014-03-04 18:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-05-15 19:45 - 2014-03-04 18:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-05-15 19:45 - 2014-03-04 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll2014-05-15 19:45 - 2014-03-04 18:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll2014-05-15 19:45 - 2014-03-04 18:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll2014-05-15 19:45 - 2014-03-04 18:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll2014-05-15 19:45 - 2014-03-04 18:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll2014-05-15 19:45 - 2014-03-04 18:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll2014-05-15 19:45 - 2014-03-04 18:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-05-15 19:45 - 2014-03-04 18:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2014-05-15 19:25 - 2014-03-25 11:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-05-15 19:24 - 2014-05-09 15:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-05-15 19:24 - 2014-05-09 15:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-15 19:24 - 2014-03-25 11:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-05-14 06:59 - 2014-05-14 06:59 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\ProductData2014-05-14 05:14 - 2014-05-14 05:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-05-13 18:11 - 2014-05-13 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip2014-05-13 18:11 - 2014-05-13 18:11 - 00000000 ____D () C:\Program Files\7-Zip2014-05-11 18:35 - 2014-05-11 18:35 - 00001570 _____ () C:\ProgramData\cc_20140511_183520.reg2014-05-09 17:53 - 2014-05-09 17:53 - 00000000 ____D () C:\Users\Default\AppData\Local\Google2014-05-09 17:53 - 2014-05-09 17:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google2014-05-09 06:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-05-09 06:15 - 2014-05-23 07:13 - 00000000 ____D () C:\AdwCleaner2014-05-07 07:29 - 2014-05-07 07:29 - 00000000 ____D () C:\ProgramData\BitDefender ==================== One Month Modified Files and Folders ======= 2014-05-31 06:14 - 2014-05-31 06:14 - 00019371 _____ () C:\Users\토미혜경\Downloads\FRST.txt2014-05-31 06:14 - 2014-05-31 06:13 - 00000000 ____D () C:\FRST2014-05-31 06:14 - 2011-10-05 17:10 - 00000000 ____D () C:\Users\토미혜경\AppData\Local\Temp2014-05-31 06:13 - 2014-05-31 06:13 - 02066944 _____ (Farbar) C:\Users\토미혜경\Downloads\FRST64.exe2014-05-31 06:10 - 2011-11-10 12:45 - 00000000 ____D () C:\Users\토미혜경\AppData\Local\CrashDumps2014-05-31 06:09 - 2014-05-31 06:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-31 06:08 - 2014-05-31 06:08 - 00000909 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-31 06:08 - 2014-05-31 06:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-31 06:08 - 2014-05-31 06:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-31 06:01 - 2014-04-21 23:12 - 00000622 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-05-31 05:52 - 2014-03-15 23:34 - 00000680 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-31 05:51 - 2014-03-15 23:34 - 00000676 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-31 05:49 - 2011-11-27 14:48 - 00000000 ____D () C:\Program Files (x86)\Everything2014-05-31 05:47 - 2014-05-31 05:47 - 01440846 _____ () C:\Users\토미혜경\Downloads\mbam-chameleon-1.62.1.1000 (1).zip2014-05-31 05:46 - 2014-05-31 05:46 - 01440846 _____ () C:\Users\토미혜경\Downloads\mbam-chameleon-1.62.1.1000.zip2014-05-31 04:44 - 2009-07-14 13:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-05-31 04:44 - 2009-07-14 13:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-05-31 04:40 - 2014-05-26 00:39 - 00305517 _____ () C:\Windows\WindowsUpdate.log2014-05-31 04:38 - 2011-11-15 09:33 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\Dropbox2014-05-31 04:37 - 2014-05-29 06:56 - 00000504 _____ () C:\Windows\setupact.log2014-05-31 04:37 - 2014-03-28 07:41 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\DropboxMaster2014-05-31 04:37 - 2011-11-15 09:37 - 00000000 ___RD () C:\Users\토미혜경\Dropbox2014-05-31 04:37 - 2009-07-14 14:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-05-31 04:37 - 2009-07-14 14:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-05-30 19:39 - 2014-05-30 19:39 - 00066344 _____ () C:\Users\토미혜경\AppData\Local\GDIPFONTCACHEV1.DAT2014-05-30 19:38 - 2011-11-15 09:36 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-05-30 19:38 - 2011-10-05 17:11 - 00000000 ___RD () C:\Users\토미혜경\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-30 19:31 - 2014-03-30 20:17 - 00000000 ___RD () C:\Users\토미혜경\Google 드라이브2014-05-30 16:10 - 2013-07-08 15:01 - 00000000 ____D () C:\Users\토미혜경\Documents\My Digital Editions2014-05-30 16:10 - 2011-11-01 13:26 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-05-30 16:09 - 2013-07-08 15:08 - 00000000 ____D () C:\Users\토미혜경\AppData\Local\Adobe_Systems_Incorporate2014-05-30 16:08 - 2014-05-30 16:08 - 06144272 _____ (Adobe Systems Incorporated) C:\Users\토미혜경\Downloads\ADE_3.0_Installer.exe2014-05-30 16:07 - 2012-12-12 05:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTK2 Runtime2014-05-30 16:07 - 2012-12-12 05:16 - 00000000 ____D () C:\Program Files (x86)\GTK2-Runtime2014-05-30 16:06 - 2014-05-30 16:06 - 07944501 _____ () C:\Users\토미혜경\Downloads\gtk2-runtime-2.24.10-2012-10-10-ash.exe2014-05-30 06:46 - 2014-05-30 06:46 - 00001490 _____ () C:\Users\토미혜경\Desktop\abs.lnk2014-05-30 06:41 - 2014-05-30 06:41 - 17291728 _____ (Malwarebytes Corporation ) C:\Users\토미혜경\Downloads\mbam-setup-majorgeeks-2.0.2.1012.exe2014-05-30 06:39 - 2012-04-26 06:50 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\IObit2014-05-30 06:39 - 2011-12-17 19:02 - 00000000 ____D () C:\Program Files (x86)\IObit2014-05-30 04:43 - 2014-05-30 04:43 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\OpenOffice2014-05-30 04:39 - 2014-05-30 04:39 - 00008445 _____ () C:\Users\토미혜경\Downloads\hijackthis32014-05-30 04:38 - 2014-05-30 04:38 - 00003120 _____ () C:\Windows\System32\Tasks\{0BB49B97-B0A6-4BC0-AF76-41B849029F56}2014-05-30 04:38 - 2014-05-29 20:32 - 00000003 _____ () C:\Users\토미혜경\Downloads\~dummy.tmp2014-05-30 04:38 - 2014-05-21 18:01 - 00008445 _____ () C:\Users\토미혜경\Downloads\hijackthis.log2014-05-30 04:24 - 2014-05-30 04:24 - 00000000 ____D () C:\Users\토미혜경\Downloads\backups2014-05-30 04:24 - 2014-03-20 09:00 - 00000000 ____D () C:\ProgramData\ISSAC_LG_UPLUS2014-05-30 04:24 - 2014-02-21 17:28 - 00001001 _____ () C:\Users\토미혜경\AppData\Local\issacweb.log2014-05-30 04:24 - 2014-01-17 00:03 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum2014-05-30 04:24 - 2012-09-15 11:56 - 00000000 ____D () C:\Windows\SysWOW64\InternetDISK2014-05-30 04:24 - 2012-04-25 22:23 - 00000000 ____D () C:\ProgramData\ISSAC_WEB_KCMVP2014-05-29 20:07 - 2011-10-06 08:01 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\vlc2014-05-29 15:58 - 2011-10-06 09:56 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\Skype2014-05-29 15:13 - 2011-11-26 22:39 - 03334656 ___SH () C:\Users\토미혜경\Documents\Thumbs.db2014-05-29 15:10 - 2012-05-31 17:31 - 00000000 ____D () C:\Program Files (x86)\GRETECH2014-05-29 15:10 - 2011-12-17 19:02 - 00000000 ____D () C:\ProgramData\IObit2014-05-29 07:27 - 2014-05-29 07:27 - 00259224 _____ () C:\Windows\msxml4-KB2758694-enu.LOG2014-05-29 07:01 - 2014-05-29 07:01 - 00001089 _____ () C:\Users\Public\Desktop\Opera.lnk2014-05-29 07:01 - 2011-10-05 22:29 - 00000000 ____D () C:\Program Files (x86)\Opera2014-05-29 06:59 - 2014-05-29 06:59 - 28041256 _____ (Opera Software ASA) C:\Users\토미혜경\Downloads\Opera_21.0.1432.67_Setup.exe2014-05-29 06:56 - 2014-05-29 06:56 - 00000000 _____ () C:\Windows\setuperr.log2014-05-29 06:56 - 2014-05-29 06:55 - 00300216 _____ () C:\Windows\system32\FNTCACHE.DAT2014-05-29 06:55 - 2014-05-29 06:55 - 00000334 _____ () C:\Windows\PFRO.log2014-05-29 00:52 - 2014-05-29 00:52 - 00067246 _____ () C:\ProgramData\cc_20140529_005221.reg2014-05-28 23:04 - 2014-05-28 23:04 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.02014-05-28 23:03 - 2014-05-28 23:03 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 42014-05-28 23:03 - 2012-04-09 18:16 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 32014-05-28 22:51 - 2011-11-01 13:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2014-05-28 22:51 - 2011-11-01 13:26 - 00000000 ____D () C:\ProgramData\Adobe2014-05-28 22:07 - 2014-05-28 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-05-28 22:07 - 2014-05-28 22:07 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-05-28 22:07 - 2011-12-28 23:07 - 00000000 ____D () C:\ProgramData\Apple Computer2014-05-28 21:51 - 2012-06-20 17:43 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.02014-05-28 21:47 - 2014-05-28 21:47 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk2014-05-28 21:47 - 2014-05-28 21:47 - 00000000 ____D () C:\Users\토미혜경\AppData\Local\Secunia PSI2014-05-28 21:47 - 2014-05-28 21:47 - 00000000 ____D () C:\Program Files (x86)\Secunia2014-05-28 21:47 - 2009-07-14 12:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup2014-05-28 21:46 - 2014-05-28 21:46 - 05329480 _____ (Secunia) C:\Users\토미혜경\Downloads\PSISetup.exe2014-05-28 21:45 - 2014-05-26 12:46 - 00000000 ____D () C:\Windows\erdnt2014-05-28 21:45 - 2014-05-26 12:46 - 00000000 ____D () C:\Qoobox2014-05-28 21:44 - 2011-10-05 22:40 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster2014-05-27 19:01 - 2010-11-22 02:21 - 00428322 _____ () C:\Windows\system32\perfh012.dat2014-05-27 19:01 - 2010-11-22 02:21 - 00120416 _____ () C:\Windows\system32\perfc012.dat2014-05-27 19:01 - 2009-07-14 14:13 - 01323168 _____ () C:\Windows\system32\PerfStringBackup.INI2014-05-27 08:15 - 2014-05-27 08:15 - 00185800 _____ (Лаборатория Касперского) C:\Users\토미혜경\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe2014-05-27 08:00 - 2011-10-05 22:32 - 00000000 ____D () C:\ProgramData\AVAST Software2014-05-27 06:31 - 2013-10-17 21:11 - 00000000 ____D () C:\Program Files (x86)\KTBRealIPDGB2014-05-26 18:44 - 2014-05-26 18:44 - 00043790 _____ () C:\ComboFix.txt2014-05-26 18:44 - 2014-05-26 18:44 - 00000000 ____D () C:\Users\Public\AppData\Local\temp2014-05-26 18:44 - 2014-05-26 18:44 - 00000000 ____D () C:\Users\Default\AppData\Local\temp2014-05-26 18:44 - 2014-05-26 18:44 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp2014-05-26 18:44 - 2014-05-26 18:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp2014-05-26 18:44 - 2014-05-26 18:44 - 00000000 ____D () C:\Users\Åä¹ÌÇý°æ\AppData\Local\temp2014-05-26 18:40 - 2009-07-14 11:34 - 00000215 _____ () C:\Windows\system.ini2014-05-26 18:38 - 2009-07-14 11:34 - 63467520 _____ () C:\Windows\system32\config\SOFTWARE.bak2014-05-26 18:38 - 2009-07-14 11:34 - 17301504 _____ () C:\Windows\system32\config\SYSTEM.bak2014-05-26 18:38 - 2009-07-14 11:34 - 01028096 _____ () C:\Windows\system32\config\DEFAULT.bak2014-05-26 18:38 - 2009-07-14 11:34 - 00061440 _____ () C:\Windows\system32\config\SAM.bak2014-05-26 18:38 - 2009-07-14 11:34 - 00032768 _____ () C:\Windows\system32\config\SECURITY.bak2014-05-26 13:06 - 2009-07-14 12:20 - 00000000 __RHD () C:\Users\Default2014-05-25 21:14 - 2014-05-25 21:14 - 00009852 _____ () C:\ProgramData\cc_20140525_211420.reg2014-05-25 20:48 - 2012-09-11 05:33 - 00000000 ____D () C:\Program Files\CCleaner2014-05-25 08:37 - 2014-05-25 08:37 - 04527616 _____ () C:\Users\토미혜경\Downloads\RogueKillerX64.exe2014-05-24 14:01 - 2009-07-14 12:20 - 00000000 __RSD () C:\Windows\Media2014-05-24 14:00 - 2011-11-01 22:53 - 00000000 ____D () C:\Program Files (x86)\VP2014-05-24 13:10 - 2012-03-01 04:02 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-24 12:49 - 2014-05-24 12:49 - 00315392 _____ (Malwarebytes Corporation) C:\Users\토미혜경\Downloads\mbam-clean-2.0.2.0.exe2014-05-24 08:01 - 2014-05-24 07:52 - 00000000 ____D () C:\ProgramData\HitmanPro2014-05-24 07:54 - 2014-05-24 07:53 - 10971424 _____ (SurfRight B.V.) C:\Users\토미혜경\Downloads\HitmanPro_x64.exe2014-05-24 06:03 - 2014-05-24 06:02 - 00000000 ____D () C:\Users\토미혜경\Downloads\Opera Stable2014-05-24 05:50 - 2013-11-08 07:42 - 00000000 ____D () C:\ProgramData\ProductData2014-05-23 20:12 - 2014-05-23 20:11 - 00000000 ____D () C:\Users\토미혜경\Downloads\SQLiteManager-1.2.42014-05-23 07:13 - 2014-05-09 06:15 - 00000000 ____D () C:\AdwCleaner2014-05-23 07:08 - 2014-05-23 07:08 - 01326389 _____ () C:\Users\토미혜경\Downloads\AdwCleaner.exe2014-05-23 07:07 - 2014-05-23 07:07 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled2014-05-22 04:27 - 2014-05-22 04:27 - 00000000 _____ () C:\asc_rdflag2014-05-22 04:27 - 2014-02-16 07:31 - 63467520 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak2014-05-22 04:27 - 2014-02-16 07:31 - 01028096 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak2014-05-22 04:27 - 2014-02-16 07:31 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak2014-05-22 04:27 - 2014-02-16 07:31 - 00032768 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak2014-05-22 04:27 - 2011-10-05 17:10 - 00000000 ____D () C:\Users\토미혜경2014-05-21 13:59 - 2014-03-29 13:41 - 00000000 ____D () C:\Users\토미혜경\Documents\Read it!2014-05-21 06:47 - 2013-07-21 08:58 - 00000000 ____D () C:\Users\토미혜경\Documents\Boardgaming2014-05-20 19:03 - 2014-05-20 19:03 - 00388608 _____ (Trend Micro Inc.) C:\Users\토미혜경\Downloads\HijackThis.exe2014-05-20 19:02 - 2011-12-17 19:35 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\Ashampoo2014-05-20 17:32 - 2013-03-10 06:58 - 00000000 ____D () C:\Users\토미혜경\Documents\tumblr2014-05-20 15:38 - 2012-04-25 21:31 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts_tmp2014-05-20 15:29 - 2012-04-25 21:49 - 00000000 ____D () C:\Program Files (x86)\Wizvera2014-05-20 15:26 - 2014-05-20 15:26 - 00050608 _____ () C:\Windows\SysWOW64\Drivers\SCSK5.sys2014-05-20 15:25 - 2011-10-07 16:38 - 00000000 ____D () C:\Program Files (x86)\INITECH2014-05-20 15:22 - 2014-05-20 15:22 - 00159240 ____R (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\CKAgent.exe2014-05-20 15:22 - 2014-05-20 15:22 - 00159240 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\CKAgent.exe2014-05-20 15:22 - 2013-03-17 01:43 - 00376328 _____ (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\npKeyPro.dll2014-05-20 15:22 - 2013-02-25 22:29 - 02428424 _____ (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\CKSetup32.exe2014-05-20 15:22 - 2013-02-15 21:10 - 00327176 _____ (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\CKApp.dll2014-05-20 15:22 - 2013-01-09 15:54 - 00183816 _____ (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\Jrsoftcp.dll2014-05-20 15:22 - 2012-09-12 21:32 - 01936904 _____ (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\XecureCK.dll2014-05-20 15:22 - 2012-09-12 21:32 - 01936904 _____ (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\TouchEnKey.dll2014-05-20 15:22 - 2011-11-27 11:45 - 01252872 _____ (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\CKSetup64.exe2014-05-20 15:22 - 2011-11-27 11:45 - 00141848 _____ (Kings Information & Network) C:\Windows\system32\kcrtx64.sys2014-05-16 20:19 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\rescache2014-05-16 03:41 - 2011-10-05 17:11 - 00000000 ___RD () C:\Users\토미혜경\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-16 03:38 - 2014-04-28 04:27 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-05-15 20:09 - 2013-08-15 15:25 - 00000000 ____D () C:\Windows\system32\MRT2014-05-15 20:06 - 2011-10-09 06:50 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-05-15 19:11 - 2011-11-25 21:32 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\dvdcss2014-05-14 17:50 - 2012-10-19 16:40 - 03327704 _____ (AhnLab, Inc.) C:\Windows\system32\btscan.exe2014-05-14 14:01 - 2014-04-21 23:12 - 00003560 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-05-14 14:01 - 2014-04-21 14:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-05-14 14:01 - 2014-04-21 14:25 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-14 06:59 - 2014-05-14 06:59 - 00000000 ____D () C:\Users\토미혜경\AppData\Roaming\ProductData2014-05-14 05:14 - 2014-05-14 05:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-05-13 18:11 - 2014-05-13 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip2014-05-13 18:11 - 2014-05-13 18:11 - 00000000 ____D () C:\Program Files\7-Zip2014-05-12 17:17 - 2011-10-05 22:40 - 00000000 ____D () C:\ProgramData\TEMP2014-05-12 11:29 - 2014-04-22 20:38 - 00495616 _____ () C:\Windows\SysWOW64\KvpUpCom.dll2014-05-12 11:29 - 2014-04-02 21:58 - 00000647 _____ () C:\Windows\SysWOW64\KvpVer.tbl2014-05-12 07:55 - 2014-05-31 06:08 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-12 07:54 - 2014-05-31 06:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-11 18:35 - 2014-05-11 18:35 - 00001570 _____ () C:\ProgramData\cc_20140511_183520.reg2014-05-09 17:53 - 2014-05-09 17:53 - 00000000 ____D () C:\Users\Default\AppData\Local\Google2014-05-09 17:53 - 2014-05-09 17:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google2014-05-09 17:53 - 2014-03-30 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2014-05-09 15:14 - 2014-05-15 19:24 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-05-09 15:11 - 2014-05-15 19:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-09 05:47 - 2014-03-15 23:34 - 00003676 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-09 05:46 - 2014-03-15 23:34 - 00003424 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-07 23:24 - 2014-04-03 22:11 - 00000000 ____D () C:\Program Files (x86)\DEVPIA2014-05-07 16:29 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\system32\NDF2014-05-07 07:29 - 2014-05-07 07:29 - 00000000 ____D () C:\ProgramData\BitDefender2014-05-06 21:30 - 2014-03-28 07:37 - 43876352 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak2014-05-06 13:40 - 2014-05-15 20:10 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-06 13:17 - 2014-05-15 20:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-06 12:25 - 2014-05-15 20:10 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-06 12:07 - 2014-05-15 20:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-06 12:00 - 2014-05-15 20:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-06 11:10 - 2014-05-15 20:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-01 06:41 - 2014-04-30 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird Files to move or delete:====================C:\ProgramData\cc_20120911_053354.regC:\ProgramData\cc_20120925_203130.regC:\ProgramData\cc_20121005_204933.regC:\ProgramData\cc_20121023_210338.regC:\ProgramData\cc_20121126_074638.regC:\ProgramData\cc_20130110_142401.regC:\ProgramData\cc_20130206_054302.regC:\ProgramData\cc_20130324_201400.regC:\ProgramData\cc_20130510_151642.regC:\ProgramData\cc_20130905_062324.regC:\ProgramData\cc_20130910_065522.regC:\ProgramData\cc_20130922_195259.regC:\ProgramData\cc_20131203_231332.regC:\ProgramData\cc_20140119_224436.regC:\ProgramData\cc_20140312_192250.regC:\ProgramData\cc_20140328_073345.regC:\ProgramData\cc_20140428_215955.regC:\ProgramData\cc_20140430_183730.regC:\ProgramData\cc_20140511_183520.regC:\ProgramData\cc_20140525_211420.regC:\ProgramData\cc_20140529_005221.regC:\Users\토미혜경\Everything-1.2.1.371.exe Some content of TEMP:====================C:\Users\토미혜경\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf4h3qa.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-29 02:42 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014Ran by 토미혜경 at 2014-05-31 06:14:46Running from C:\Users\토미혜경\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) HiddenAdobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)Adobe Reader X (10.1.8) - Korean (HKLM-x32\...\{AC76BA86-7AD7-1042-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version: - AhnLab, Inc)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Apple 응용 프로그램 지원 (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)AxSignGATE 3.0 (HKLM-x32\...\AxSignGATE) (Version: 3.0 - 한국정보인증(주))Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version: - )D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDAEGU BANK Real IP 보안프로그램 2.3 (HKCU\...\DAEGU BANK Real IP 보안프로그램) (Version: 2.3 - KTB Solution Co., LTD)Daum ActiveX 컨트롤 - Daum 메일 파일업로더 (HKLM-x32\...\{A21E6CD8-70E4-45CF-A1A8-FC1584D8523E}) (Version: - Daum Communications Corp.)Defraggler (HKLM\...\Defraggler) (Version: 2.12 - Piriform)Delfino-x86 버전 1.1.6.0 (HKLM-x32\...\{E48E2437-FB9B-4596-9525-00DAFC7AABED}_is1) (Version: 1.1.6.0 - Wizvera)Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)EasyKeytec (키보드 보안 프로그램) (HKLM-x32\...\Easykeytec) (Version: - )Evernote v. 4.6.6 (HKLM-x32\...\{6146B9DC-C33D-11E2-BDE1-984BE15F174E}) (Version: 4.6.6.8360 - Evernote Corp.)Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - )FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) HiddenGTK2-Runtime (HKLM-x32\...\GTK2-Runtime) (Version: 2.24.10-2012-10-10-ash - Alexander Shaduri)INISAFE Mail v4 (HKLM-x32\...\INISAFE Mail v4) (Version: 4.2.0.3 - initech, Inc.)INISAFE MoaSign S v1.0 (HKLM-x32\...\INISAFE MoaSign S) (Version: 1.0.34 - INITECH, Inc.)INISAFE SandBox 1.0 (HKLM-x32\...\INISAFE SandBox) (Version: 1.0 - Initech, Inc.)INISAFE Web v6.4 (HKLM-x32\...\UnINISafeWeb64) (Version: 6 - Initech ©.)INISafeWeb 6.3 (HKLM-x32\...\UnINISafeWeb6) (Version: 6 - Initech ©.)INISafeWeb 7.0 (SFilter v1.0) (HKLM-x32\...\UnINISafeWeb7) (Version: - )Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)Internet Certification Issue System(rxCert) 3.1.0.70 SP3 (HKLM-x32\...\{55348CD3-C561-4F54-944B-8AC4E6AA8ACD}_is1) (Version: 3.1.0.70 - Cabsoft)IPinside Agent (HKLM-x32\...\IPinside Agent) (Version: 1.0.1.23 - interezen)IssacWebProCMS 4.3.3.5 KCMVP (HKLM-x32\...\IssacWebProCMS_KCMVP_is1) (Version: - Penta Security Systems, Inc.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenK-Defense R6 : Anti-Keylogger (HKLM-x32\...\kdefense) (Version: - Kings Information & Network)Malwarebytes Anti-Malware 버전 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)MaPrintModule_BCCard(remove only) (HKLM-x32\...\MaPrintModule_BCCard) (Version: - )Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (KOR) (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1(한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) HiddenMicrosoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) HiddenMicrosoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Mozilla Firefox 29.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-GB)) (Version: 29.0.1 - Mozilla)Mozilla Thunderbird 24.5.0 (x86 nl) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 nl)) (Version: 24.5.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)npEfdsWCtrl (HKLM-x32\...\npEfdsWCtrl) (Version: - INCA Internet Co., Ltd.)nProtect KeyCrypt (HKLM-x32\...\npkcxp) (Version: - )nProtect KeyCrypt V6.0 (HKLM-x32\...\npkfx) (Version: - )nProtect Netizen SVC (remove only) (HKLM-x32\...\npn5) (Version: - )nProtect Netizen v5.5 (HKLM-x32\...\nProtect Netizen v5.5) (Version: - INCA Internet Co., Ltd.)NTSMagicLineMBX (HKLM-x32\...\NTSMagicLineMBX) (Version: 1.0.8.5 - Dreamsecurity Inc.)OpenOffice 4.0.0 (HKLM-x32\...\{EA1DC8F8-C357-44CA-A332-AB9762DF698C}) (Version: 4.00.9702 - Apache Software Foundation)Opera Stable 21.0.1432.67 (HKLM-x32\...\Opera 21.0.1432.67) (Version: 21.0.1432.67 - Opera Software ASA)Platform (x32 Version: 1.34 - VIA Technologies, Inc.) HiddenQuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)SafeSignOn Client Module (HKLM-x32\...\SafeSignOn Client Module) (Version: - )Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)Secure Holic PNP Plugin (HKLM-x32\...\{5FF747B1-D6B3-4736-A37D-E7DDC54F0FEB}) (Version: 1.14.1270 - SecureHolic)SignGATE EWS v4.0 (HKLM-x32\...\SignGATE EWS) (Version: - )Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)SoftCamp Secure KeyStroke 4.0 (HKLM-x32\...\SoftcampSCSK) (Version: - )SoftForum (HKLM-x32\...\{516B7F32-9851-45C8-BC31-E28C40727327}) (Version: - )SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com)The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.124 - PandoraTV)TouchEn key with E2E for 32bit (HKLM-x32\...\TouchEn_key) (Version: - RaonSecure Co., Ltd.)UniSign-스마트폰 인증서 이동 (HKLM-x32\...\UniSign) (Version: - )VeraPort (보안모듈관리 프로그램) (HKLM-x32\...\VeraPort) (Version: - )Veraport20(보안모듈 관리 프로그램) - 2,5,5,0 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 2,5,5,0 - Wizvera)VIA 플랫폼 장치 관리자 (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)Winamp (HKLM-x32\...\Winamp) (Version: 5.64 - Nullsoft, Inc)Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenXecureWeb Control (HKLM-x32\...\XecureWeb Control) (Version: - )XecureWeb UnifiedPlugin (HKLM-x32\...\XecureWeb UnifiedPlugin) (Version: - )x-INIpay Plugin v.1.0.0.3 (HKLM-x32\...\{CA0EE02C-0EF3-4127-BC88-D68F6F456FA5}_is1) (Version: - INICIS)Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.1 - Xvid Team)yessign7 ActiveX Control (HKLM-x32\...\yessign7ActiveX) (Version: 1.0.0.13 - 금융결제원)곰TV 플러그인 (HKLM-x32\...\GomTV Launcher Plugin) (Version: 1.0.0.3 - Gretech Corporation)농협 Quick조회이체 바로가기 1.0.0.0 (HKLM-x32\...\농협 Quick조회이체 바로가기) (Version: 1.0.0.0 - 농협인터넷뱅킹.)원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤 (HKLM-x32\...\{61920449-0393-4707-B7DD-E6C0013C8B2C}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Restore Points ========================= 28-05-2014 17:48:52 예약된 검사점28-05-2014 22:27:03 Windows Update ==================== Hosts content: ========================== 2009-07-14 11:34 - 2014-05-26 18:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {42B6E81C-360C-4144-8317-0E236112F723} - System32\Tasks\Driver Booster SkipUAC (토미혜경) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exeTask: {6335116F-CEAE-4EEB-8759-362A1F82956C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)Task: {BC548613-7947-4E22-A445-6673D3C201FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc)Task: {D26D9F90-9A2A-4E12-B865-B6250BBF9B94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)Task: {DD22FB09-41AC-43BF-A16E-1CC722099BC4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {E72807F7-F182-4003-96DE-3A9E7D459BBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15] (Google Inc)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-03-13 10:18 - 2009-03-13 10:18 - 00602624 _____ () C:\Program Files (x86)\Everything\Everything.exe2014-05-31 04:37 - 2014-05-31 04:37 - 00043008 _____ () c:\users\토미혜경\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf4h3qa.dll2013-08-24 04:01 - 2013-08-24 04:01 - 25100288 _____ () C:\Users\토미혜경\AppData\Roaming\Dropbox\bin\libcef.dll2014-05-23 06:16 - 2014-05-14 08:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll2014-05-23 06:16 - 2014-05-14 08:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll2014-05-23 06:16 - 2014-05-14 08:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll2014-05-23 06:16 - 2014-05-14 08:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll2014-05-23 06:16 - 2014-05-14 08:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:5C321E34AlternateDataStreams: C:\ProgramData\TEMP:98353363 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\f_Packager => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\f_PolicyManager => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\f_Packager => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\f_PolicyManager => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: AdAwareTray => MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: HDAudDeck => c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe -rMSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"MSCONFIG\startupreg: IgfxTray => c:\windows\system32\igfxtray.exeMSCONFIG\startupreg: LifeCam => c:\program files (x86)\microsoft lifecam\lifeexp.exeMSCONFIG\startupreg: Persistence => c:\windows\system32\igfxpers.exeMSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exeMSCONFIG\startupreg: Trend Micro Browser Guard => ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (05/31/2014 06:09:56 AM) (Source: Application Error) (EventID: 1000) (User: )Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e예외 코드: 0x40000015오류 오프셋: 0x0008d6fd오류 있는 프로세스 ID: 0xd08오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0오류 있는 응용 프로그램 경로: mbam.exe1오류 있는 모듈 경로: mbam.exe2보고서 ID: mbam.exe3 Error: (05/31/2014 04:59:15 AM) (Source: Application Error) (EventID: 1000) (User: )Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e예외 코드: 0x40000015오류 오프셋: 0x0008d6fd오류 있는 프로세스 ID: 0x8f8오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0오류 있는 응용 프로그램 경로: mbam.exe1오류 있는 모듈 경로: mbam.exe2보고서 ID: mbam.exe3 Error: (05/31/2014 04:39:16 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 08:01:21 PM) (Source: Application Error) (EventID: 1000) (User: )Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e예외 코드: 0x40000015오류 오프셋: 0x0008d6fd오류 있는 프로세스 ID: 0x64c오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0오류 있는 응용 프로그램 경로: mbam.exe1오류 있는 모듈 경로: mbam.exe2보고서 ID: mbam.exe3 Error: (05/30/2014 07:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 04:04:37 PM) (Source: Application Error) (EventID: 1000) (User: )Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e예외 코드: 0x40000015오류 오프셋: 0x0008d6fd오류 있는 프로세스 ID: 0x788오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0오류 있는 응용 프로그램 경로: mbam.exe1오류 있는 모듈 경로: mbam.exe2보고서 ID: mbam.exe3 Error: (05/30/2014 03:41:27 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 03:38:49 PM) (Source: Application Error) (EventID: 1000) (User: )Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e예외 코드: 0x40000015오류 오프셋: 0x0008d6fd오류 있는 프로세스 ID: 0x41c오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0오류 있는 응용 프로그램 경로: mbam.exe1오류 있는 모듈 경로: mbam.exe2보고서 ID: mbam.exe3 Error: (05/30/2014 03:35:58 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 03:35:55 PM) (Source: Application Error) (EventID: 1000) (User: )Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e예외 코드: 0x40000015오류 오프셋: 0x0008d6fd오류 있는 프로세스 ID: 0x7d8오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0오류 있는 응용 프로그램 경로: mbam.exe1오류 있는 모듈 경로: mbam.exe2보고서 ID: mbam.exe3 System errors:=============Error: (05/31/2014 04:37:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: 다음 오류로 인해 DRM ONE Upper Class Keyboard filter 서비스를 시작하지 못했습니다. %%2 Error: (05/30/2014 07:27:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: 다음 오류로 인해 DRM ONE Upper Class Keyboard filter 서비스를 시작하지 못했습니다. %%2 Error: (05/30/2014 03:39:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: 다음 오류로 인해 DRM ONE Upper Class Keyboard filter 서비스를 시작하지 못했습니다. %%2 Error: (05/30/2014 03:35:21 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F} Error: (05/30/2014 03:35:21 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF} Error: (05/30/2014 03:34:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Computer Browser 서비스는 다음 오류 때문에 시작하지 못한 Server 서비스에 종속됩니다. %%1068 Error: (05/30/2014 03:34:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Computer Browser 서비스는 다음 오류 때문에 시작하지 못한 Server 서비스에 종속됩니다. %%1068 Error: (05/30/2014 03:34:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Computer Browser 서비스는 다음 오류 때문에 시작하지 못한 Server 서비스에 종속됩니다. %%1068 Error: (05/30/2014 03:34:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Computer Browser 서비스는 다음 오류 때문에 시작하지 못한 Server 서비스에 종속됩니다. %%1068 Error: (05/30/2014 03:34:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Computer Browser 서비스는 다음 오류 때문에 시작하지 못한 Server 서비스에 종속됩니다. %%1068 Microsoft Office Sessions:=========================Error: (05/31/2014 06:09:56 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd0801cf7c4b7bc0436fC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllbff21f1a-e83e-11e3-bb98-1078d228f280 Error: (05/31/2014 04:59:15 AM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd8f801cf7c3e9b72f3eeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle02a5f0b-e834-11e3-bb98-1078d228f280 Error: (05/31/2014 04:39:16 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 08:01:21 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd64c01cf7bf1b6cd5c36C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllbb573a55-e7e9-11e3-b239-1078d228f280 Error: (05/30/2014 07:28:52 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 04:04:37 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd78801cf7bd1f156db2aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlla8c12486-e7c8-11e3-b500-1078d228f280 Error: (05/30/2014 03:41:27 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 03:38:49 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd41c01cf7bd1bca8592cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll0e52b299-e7c5-11e3-83e2-1078d228f280 Error: (05/30/2014 03:35:58 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/30/2014 03:35:55 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd7d801cf7bd156cdb7b2C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlla6c213ed-e7c4-11e3-83e2-1078d228f280 CodeIntegrity Errors:=================================== Date: 2014-05-26 18:37:38.974 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-26 18:37:38.834 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-26 18:37:38.693 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-26 18:37:38.553 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-26 18:29:32.336 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-26 18:29:32.212 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-26 18:29:32.071 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-26 18:29:31.931 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-26 12:58:39.668 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-05-26 12:58:39.527 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 35%Total physical RAM: 4003.7 MBAvailable physical RAM: 2571.49 MBTotal Pagefile: 8005.59 MBAvailable Pagefile: 6246.57 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:27.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: () (Fixed) (Total:821.37 GB) (Free:296.68 GB) NTFSDrive e: (L3-5) (CDROM) (Total:0.34 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 932 GB) (Disk ID: 32B619E2)Partition 1: (Not Active) - (Size=10 GB) - (Type=12)Partition 2: (Active) - (Size=100 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=821 GB) - (Type=07 NTFS) ==================== End Of Log ============================ I'd be grateful for any assistance or advice. Link to post Share on other sites More sharing options...
kevinf80 Posted May 30, 2014 ID:836138 Share Posted May 30, 2014 Are you already receiving help at Webuser? Link to post Share on other sites More sharing options...
tommynomad Posted June 1, 2014 Author ID:836700 Share Posted June 1, 2014 Yes, I am. But their last suggestion was to come here. When those steps did not work, I thought it worthwhile to ask here specifically about getting MBAM to work. Link to post Share on other sites More sharing options...
kevinf80 Posted June 1, 2014 ID:836708 Share Posted June 1, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Next, Read the following link before we continue and run Combofix: ComboFix usage, Questions, Help? - Look here Next, Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :- http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.infospyware.net/antimalware/combofix/ Ensure that Combofix is saved directly to the Desktop <--- Very important Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask. Close any open browsers and any other programs you might have running Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator) Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze **** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended. *EXTRA NOTES* If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so. If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted) Post those logs in next reply please... Kevin Link to post Share on other sites More sharing options...
tommynomad Posted June 1, 2014 Author ID:836782 Share Posted June 1, 2014 Thanks for the advice. Here's the AdwCleaner log: # AdwCleaner v3.211 - Report created 02/06/2014 at 07:09:39# Updated 26/05/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : 토미혜경 - 토미혜경-PC# Running from : C:\Users\토미혜경\Desktop\AdwCleaner (1).exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\AppDataLow\Software ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0.1 (en-GB) [ File : C:\Users\토미혜경\AppData\Roaming\Mozilla\Firefox\Profiles\ah4btwdd.default-1400886471837\prefs.js ] -\\ Google Chrome v35.0.1916.114 [ File : C:\Users\토미혜경\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [6379 octets] - [09/05/2014 06:16:01]AdwCleaner[R1].txt - [1047 octets] - [09/05/2014 06:19:41]AdwCleaner[R2].txt - [1344 octets] - [23/05/2014 07:09:23]AdwCleaner[R3].txt - [1397 octets] - [02/06/2014 07:07:00]AdwCleaner[s0].txt - [6269 octets] - [09/05/2014 06:18:27]AdwCleaner[s1].txt - [1109 octets] - [09/05/2014 06:21:12]AdwCleaner[s2].txt - [1411 octets] - [23/05/2014 07:12:55]AdwCleaner[s3].txt - [1263 octets] - [02/06/2014 07:09:39] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1323 octets] ########## One pertinent issue is that AdwC does not appear (to me) to clean Opera, which is my primary browser and where the problem is most acute. Link to post Share on other sites More sharing options...
tommynomad Posted June 1, 2014 Author ID:836785 Share Posted June 1, 2014 Here is the logfile for JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Home Premium x64Ran by 토미혜경 on 2014-06-02 at 8:39:24.91~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\토미혜경\appdata\local\{1351E84D-43CD-426A-B418-C087E925F429}Successfully deleted: [Empty Folder] C:\Users\토미혜경\appdata\local\{35001F93-8DEF-4B81-9096-DB1A27C839E4}Successfully deleted: [Empty Folder] C:\Users\토미혜경\appdata\local\{77921022-4B16-45B3-A84B-40364C12C589} ~~~ FireFox Emptied folder: C:\Users\토미혜경\AppData\Roaming\mozilla\firefox\profiles\ah4btwdd.default-1400886471837\minidumps [2 files] ~~~ Chrome Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [blacklisted Policy] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 2014-06-02 at 8:46:40.47End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
tommynomad Posted June 2, 2014 Author ID:836795 Share Posted June 2, 2014 Here is the ComboFix log: ComboFix 14-05-29.01 - 토미혜경 2014-06-02 9:02.3.2 - x64Microsoft Windows 7 Home Premium K 6.1.7601.1.949.82.1042.18.4004.2767 [GMT 9:00]Running from: c:\users\토미혜경\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\prefs.jsc:\windows\Downloaded Program Files\XPayPluginc:\windows\Downloaded Program Files\XPayPlugin\LGDacomPaymentView.ocxc:\windows\msxml4-KB2758694-enu.LOGc:\windows\PFRO.logc:\windows\SysWow64\CKAgent.datc:\windows\SysWow64\f_crypto.dllc:\windows\SysWow64\f_kpi.dllc:\windows\SysWow64\f_pbrc09.dllc:\windows\SysWow64\f_pbrc12.dllc:\windows\SysWow64\f_swrc09.dllc:\windows\SysWow64\f_swrc12.dllc:\windows\SysWow64\npkpdb.dllc:\windows\Uninstall.ini..((((((((((((((((((((((((( Files Created from 2014-05-02 to 2014-06-02 )))))))))))))))))))))))))))))))..2014-06-02 00:21 . 2014-06-02 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-02 00:21 . 2014-06-02 00:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp2014-06-02 00:21 . 2014-06-02 00:21 -------- d-----w- c:\users\AA¹IC~1\AppData\Local\temp2014-06-01 23:39 . 2014-06-01 23:39 -------- d-----w- c:\windows\ERUNT2014-06-01 22:43 . 2014-06-01 22:43 -------- d-----w- c:\program files (x86)\Common Files\Skype2014-05-30 21:13 . 2014-05-30 21:15 -------- d-----w- C:\FRST2014-05-30 21:09 . 2014-06-01 23:58 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-05-30 21:08 . 2014-05-11 22:55 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-30 21:08 . 2014-05-11 22:54 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-05-30 21:08 . 2014-05-30 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-05-29 19:43 . 2014-05-29 19:43 -------- d-----w- c:\users\토미혜경\AppData\Roaming\OpenOffice2014-05-28 15:52 . 2014-05-28 15:52 67246 ----a-w- c:\programdata\cc_20140529_005221.reg2014-05-28 14:03 . 2014-05-28 14:03 -------- d-----w- c:\program files (x86)\OpenOffice 42014-05-28 13:08 . 2014-05-28 13:08 159744 ----a-w- c:\program files\Internet Explorer\플러그인\npqtplugin5.dll2014-05-28 13:08 . 2014-05-28 13:08 159744 ----a-w- c:\program files\Internet Explorer\플러그인\npqtplugin4.dll2014-05-28 13:08 . 2014-05-28 13:08 159744 ----a-w- c:\program files\Internet Explorer\플러그인\npqtplugin3.dll2014-05-28 13:08 . 2014-05-28 13:08 159744 ----a-w- c:\program files\Internet Explorer\플러그인\npqtplugin2.dll2014-05-28 13:08 . 2014-05-28 13:07 159744 ----a-w- c:\program files\Internet Explorer\플러그인\npqtplugin.dll2014-05-28 13:07 . 2014-05-28 13:07 -------- d-----w- c:\program files (x86)\QuickTime2014-05-28 12:47 . 2014-05-28 12:47 -------- d-----w- c:\users\토미혜경\AppData\Local\Secunia PSI2014-05-28 12:47 . 2014-05-28 12:47 -------- d-----w- c:\program files (x86)\Secunia2014-05-26 19:27 . 2014-05-26 19:27 -------- d-s---w- c:\windows\SysWow64\Microsoft2014-05-25 12:14 . 2014-05-25 12:14 9852 ----a-w- c:\programdata\cc_20140525_211420.reg2014-05-23 22:52 . 2014-05-23 23:01 -------- d-----w- c:\programdata\HitmanPro2014-05-20 06:26 . 2014-05-20 06:26 50608 ----a-w- c:\windows\SysWow64\drivers\SCSK5.sys2014-05-20 06:22 . 2014-05-20 06:22 159240 ----a-r- c:\windows\SysWow64\CKAgent.exe2014-05-20 06:22 . 2014-05-20 06:22 159240 ----a-r- c:\windows\system32\CKAgent.exe2014-05-15 11:10 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll2014-05-15 11:10 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll2014-05-15 11:10 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb2014-05-15 11:10 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2014-05-15 10:46 . 2014-04-12 02:19 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-05-15 10:46 . 2014-03-04 09:44 728064 ----a-w- c:\windows\system32\kerberos.dll2014-05-15 10:46 . 2014-03-04 09:44 314880 ----a-w- c:\windows\system32\msv1_0.dll2014-05-15 10:46 . 2014-03-04 09:43 455168 ----a-w- c:\windows\system32\winlogon.exe2014-05-15 10:46 . 2014-03-04 09:20 3969984 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2014-05-15 10:46 . 2014-03-04 09:20 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2014-05-15 10:46 . 2014-03-04 09:17 550912 ----a-w- c:\windows\SysWow64\kerberos.dll2014-05-15 10:46 . 2014-03-04 09:47 5550016 ----a-w- c:\windows\system32\ntoskrnl.exe2014-05-15 10:46 . 2014-03-04 09:44 722944 ----a-w- c:\windows\system32\objsel.dll2014-05-15 10:46 . 2014-03-04 09:17 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll2014-05-15 10:25 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll2014-05-15 10:24 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll2014-05-15 10:24 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll2014-05-13 21:59 . 2014-05-13 21:59 -------- d-----w- c:\users\토미혜경\AppData\Roaming\ProductData2014-05-13 09:11 . 2014-05-13 09:11 -------- d-----w- c:\program files\7-Zip2014-05-11 09:35 . 2014-05-11 09:35 1570 ----a-w- c:\programdata\cc_20140511_183520.reg2014-05-09 08:53 . 2014-05-09 08:53 -------- d-----w- c:\users\Default\AppData\Local\Google2014-05-08 21:16 . 2010-08-29 23:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-05-08 21:15 . 2014-06-01 22:09 -------- d-----w- C:\AdwCleaner2014-05-06 22:29 . 2014-05-06 22:29 -------- d-----w- c:\programdata\BitDefender...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-20 06:22 . 2012-09-12 12:32 1936904 ----a-w- c:\windows\SysWow64\TouchEnKey.dll2014-05-20 06:22 . 2013-03-16 16:43 376328 ----a-w- c:\windows\SysWow64\npKeyPro.dll2014-05-20 06:22 . 2013-02-15 12:10 327176 ----a-w- c:\windows\SysWow64\CKApp.dll2014-05-20 06:22 . 2013-01-09 06:54 183816 ----a-w- c:\windows\SysWow64\Jrsoftcp.dll2014-05-20 06:22 . 2012-09-12 12:32 1936904 ----a-w- c:\windows\SysWow64\XecureCK.dll2014-05-20 06:22 . 2011-11-27 02:45 1252872 ----a-w- c:\windows\SysWow64\CKSetup64.exe2014-05-20 06:22 . 2011-11-27 02:45 141848 ----a-w- c:\windows\system32\kcrtx64.sys2014-05-20 06:22 . 2013-02-25 13:29 2428424 ----a-w- c:\windows\SysWow64\CKSetup32.exe2014-05-15 11:06 . 2011-10-08 21:50 93223848 ----a-w- c:\windows\system32\MRT.exe2014-05-14 08:50 . 2012-10-19 07:40 3327704 ----a-w- c:\windows\system32\btscan.exe2014-05-14 05:01 . 2014-04-21 05:25 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-14 05:01 . 2014-04-21 05:25 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-05-12 02:29 . 2014-04-22 11:38 495616 ----a-w- c:\windows\SysWow64\KvpUpCom.dll2014-04-30 09:43 . 2014-04-30 09:37 438 ----a-w- c:\programdata\cc_20140430_183730.reg2014-04-28 13:00 . 2014-04-28 13:00 4416 ----a-w- c:\programdata\cc_20140428_215955.reg2014-04-17 06:01 . 2014-04-17 06:01 80728 ----a-w- c:\windows\INISBDrvUnit.10003.dll2014-04-17 06:01 . 2014-04-17 06:01 1648984 ----a-w- c:\windows\INISandBoxMonitor.10031.exe2014-04-09 21:52 . 2014-04-09 21:52 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2014-04-09 21:52 . 2014-04-09 21:52 846336 ----a-w- c:\windows\system32\ieapfltr.dll2014-04-09 21:52 . 2014-04-09 21:52 752640 ----a-w- c:\windows\system32\jscript9diag.dll2014-04-09 21:52 . 2014-04-09 21:52 66048 ----a-w- c:\windows\system32\iesetup.dll2014-04-09 21:52 . 2014-04-09 21:52 628736 ----a-w- c:\windows\system32\msfeeds.dll2014-04-09 21:52 . 2014-04-09 21:52 61952 ----a-w- c:\windows\SysWow64\iesetup.dll2014-04-09 21:52 . 2014-04-09 21:52 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll2014-04-09 21:52 . 2014-04-09 21:52 586240 ----a-w- c:\windows\system32\ie4uinit.exe2014-04-09 21:52 . 2014-04-09 21:52 5784064 ----a-w- c:\windows\system32\jscript9.dll2014-04-09 21:52 . 2014-04-09 21:52 574976 ----a-w- c:\windows\system32\ieui.dll2014-04-09 21:52 . 2014-04-09 21:52 548352 ----a-w- c:\windows\system32\vbscript.dll2014-04-09 21:52 . 2014-04-09 21:52 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll2014-04-09 21:52 . 2014-04-09 21:52 51200 ----a-w- c:\windows\system32\jsproxy.dll2014-04-09 21:52 . 2014-04-09 21:52 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2014-04-09 21:52 . 2014-04-09 21:52 455168 ----a-w- c:\windows\SysWow64\vbscript.dll2014-04-09 21:52 . 2014-04-09 21:52 453120 ----a-w- c:\windows\system32\dxtmsft.dll2014-04-09 21:52 . 2014-04-09 21:52 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll2014-04-09 21:52 . 2014-04-09 21:52 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2014-04-09 21:52 . 2014-04-09 21:52 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2014-04-09 21:52 . 2014-04-09 21:52 33792 ----a-w- c:\windows\system32\iernonce.dll2014-04-09 21:52 . 2014-04-09 21:52 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2014-04-09 21:52 . 2014-04-09 21:52 296960 ----a-w- c:\windows\system32\dxtrans.dll2014-04-09 21:52 . 2014-04-09 21:52 2767360 ----a-w- c:\windows\system32\iertutil.dll2014-04-09 21:52 . 2014-04-09 21:52 2260480 ----a-w- c:\windows\system32\wininet.dll2014-04-09 21:52 . 2014-04-09 21:52 2043904 ----a-w- c:\windows\system32\inetcpl.cpl2014-04-09 21:52 . 2014-04-09 21:52 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl2014-04-09 21:52 . 2014-04-09 21:52 195584 ----a-w- c:\windows\system32\msrating.dll2014-04-09 21:52 . 2014-04-09 21:52 1789440 ----a-w- c:\windows\SysWow64\wininet.dll2014-04-09 21:52 . 2014-04-09 21:52 1400832 ----a-w- c:\windows\system32\urlmon.dll2014-04-09 21:52 . 2014-04-09 21:52 139264 ----a-w- c:\windows\system32\ieUnatt.exe2014-04-09 21:52 . 2014-04-09 21:52 13551104 ----a-w- c:\windows\system32\ieframe.dll2014-04-09 21:52 . 2014-04-09 21:52 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe2014-04-09 21:52 . 2014-04-09 21:52 111616 ----a-w- c:\windows\system32\ieetwcollector.exe2014-04-03 12:36 . 2014-04-03 12:36 58752 ----a-w- c:\windows\SysWow64\drivers\x64kdss.sys2014-04-03 12:36 . 2013-10-17 12:24 58464 ----a-w- c:\windows\SysWow64\drivers\kck64s.sys2014-04-03 12:36 . 2014-04-03 12:36 69992 ----a-w- c:\windows\SysWow64\kdfapi.dll2014-04-03 12:36 . 2014-04-03 12:36 100056 ----a-w- c:\windows\SysWow64\Kdfhok.dll2014-04-03 12:36 . 2011-11-24 00:04 137904 ----a-w- c:\windows\SysWow64\kcu86s.dll2014-04-03 12:36 . 2014-04-03 12:36 58192 ----a-w- c:\windows\system32\drivers\ProMDefense.sys2014-04-03 12:36 . 2014-04-03 12:36 246704 ----a-w- c:\windows\SysWow64\ProMDefense.dll2014-04-02 12:58 . 2014-04-02 12:58 708096 ----a-w- c:\windows\SysWow64\INIcrypto20.dll2014-04-02 12:58 . 2014-04-02 12:58 5765664 ----a-w- c:\windows\SysWow64\ISPPopUpDlg.exe2014-03-28 13:26 . 2011-11-01 11:12 502456 ----a-w- c:\windows\system32\TeCtrlu.dll2014-03-27 22:34 . 2014-03-27 22:34 3792 ----a-w- c:\programdata\cc_20140328_073345.reg2014-03-23 14:58 . 2014-03-23 14:58 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2014-03-23 14:58 . 2014-03-23 14:58 942592 ----a-w- c:\windows\system32\jsIntl.dll2014-03-23 14:58 . 2014-03-23 14:58 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2014-03-23 14:58 . 2014-03-23 14:58 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2014-03-23 14:58 . 2014-03-23 14:58 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2014-03-23 14:58 . 2014-03-23 14:58 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2014-03-23 14:58 . 2014-03-23 14:58 81408 ----a-w- c:\windows\system32\icardie.dll2014-03-23 14:58 . 2014-03-23 14:58 774144 ----a-w- c:\windows\system32\jscript.dll2014-03-23 14:58 . 2014-03-23 14:58 77312 ----a-w- c:\windows\system32\tdc.ocx2014-03-23 14:58 . 2014-03-23 14:58 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2014-03-23 14:58 . 2014-03-23 14:58 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2014-03-23 14:58 . 2014-03-23 14:58 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2014-03-23 14:58 . 2014-03-23 14:58 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2014-03-23 14:58 . 2014-03-23 14:58 62464 ----a-w- c:\windows\system32\pngfilt.dll2014-03-23 14:58 . 2014-03-23 14:58 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2014-03-23 14:58 . 2014-03-23 14:58 616104 ----a-w- c:\windows\system32\ieapfltr.dat2014-03-23 14:58 . 2014-03-23 14:58 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2014-03-23 14:58 . 2014-03-23 14:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2014-03-23 14:58 . 2014-03-23 14:58 48640 ----a-w- c:\windows\system32\mshtmler.dll2014-03-23 14:58 . 2014-03-23 14:58 48128 ----a-w- c:\windows\system32\imgutil.dll2014-03-23 14:58 . 2014-03-23 14:58 413696 ----a-w- c:\windows\system32\html.iec2014-03-23 14:58 . 2014-03-23 14:58 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2014-03-23 14:58 . 2014-03-23 14:58 337408 ----a-w- c:\windows\SysWow64\html.iec2014-03-23 14:58 . 2014-03-23 14:58 30208 ----a-w- c:\windows\system32\licmgr10.dll2014-03-23 14:58 . 2014-03-23 14:58 263376 ----a-w- c:\windows\system32\iedkcs32.dll2014-03-23 14:58 . 2014-03-23 14:58 247808 ----a-w- c:\windows\system32\msls31.dll2014-03-23 14:58 . 2014-03-23 14:58 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2014-03-23 14:58 . 2014-03-23 14:58 243200 ----a-w- c:\windows\system32\webcheck.dll2014-03-23 14:58 . 2014-03-23 14:58 235520 ----a-w- c:\windows\system32\url.dll2014-03-23 14:58 . 2014-03-23 14:58 235008 ----a-w- c:\windows\system32\elshyph.dll2014-03-23 14:58 . 2014-03-23 14:58 182272 ----a-w- c:\windows\SysWow64\msls31.dll2014-03-23 14:58 . 2014-03-23 14:58 167424 ----a-w- c:\windows\system32\iexpress.exe2014-03-23 14:58 . 2014-03-23 14:58 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2014-03-23 14:58 . 2014-03-23 14:58 147968 ----a-w- c:\windows\system32\occache.dll2014-03-23 14:58 . 2014-03-23 14:58 143872 ----a-w- c:\windows\system32\wextract.exe2014-03-23 14:58 . 2014-03-23 14:58 139264 ----a-w- c:\windows\SysWow64\wextract.exe2014-03-23 14:58 . 2014-03-23 14:58 13824 ----a-w- c:\windows\system32\mshta.exe2014-03-23 14:58 . 2014-03-23 14:58 135680 ----a-w- c:\windows\system32\iepeers.dll2014-03-23 14:58 . 2014-03-23 14:58 13312 ----a-w- c:\windows\SysWow64\mshta.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 131248 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 131248 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 131248 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904].c:\users\토미혜경\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\토미혜경\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 fs_kbfilter;DRM ONE Upper Class Keyboard filter;c:\windows\SYSTEM32\DRIVERS\fs_kbdrv.sys;c:\windows\SYSNATIVE\DRIVERS\fs_kbdrv.sys [x]R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]R2 npkfxsvc;npkfxsvc;c:\windows\SysWow64\npkfxsvc.exe;c:\windows\SysWow64\npkfxsvc.exe [x]R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\Drivers\CdmDrvNt.sys;c:\windows\SYSNATIVE\Drivers\CdmDrvNt.sys [x]R3 ezty2;ezty2;c:\windows\system32\ezty2.sys;c:\windows\SYSNATIVE\ezty2.sys [x]R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS;c:\windows\SYSNATIVE\JRSKD24.SYS [x]R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys;c:\windows\SYSNATIVE\kcrtx64.sys [x]R3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [x]R3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [x]R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys;c:\windows\SYSNATIVE\drivers\Mkd2Bthf.sys [x]R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys;c:\windows\SYSNATIVE\drivers\Mkd2Nadr.sys [x]R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys;c:\windows\SYSNATIVE\drivers\Mkd3kfNt.sys [x]R3 NPFW;NPFW;c:\windows\system32\NPFWVT64.sys;c:\windows\SYSNATIVE\NPFWVT64.sys [x]R3 NPIDS;NPIDS;c:\windows\system32\NpIdsVt64.sys;c:\windows\SYSNATIVE\NpIdsVt64.sys [x]R3 npkcft64;npkcft64;c:\windows\SysWOW64\npkcft64.sys;c:\windows\SysWOW64\npkcft64.sys [x]R3 npkfxs;npkfxs;c:\windows\syswow64\npkfxs.sys;c:\windows\syswow64\npkfxs.sys [x]R3 ProMDefense;ProMDefense;c:\windows\system32\Drivers\ProMDefense.sys;c:\windows\SYSNATIVE\Drivers\ProMDefense.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 scsk5;SCSK5 Driver Service;syswow64\drivers\scsk5.sys;syswow64\drivers\scsk5.sys [x]R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows 정품 인증 기술 서비스;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 x64kdss;x64kdss;syswow64\Drivers\x64kdss.sys;syswow64\Drivers\x64kdss.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys;c:\windows\SYSNATIVE\Drivers\AMonTDLH.sys [x]S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]S2 f_npm;Kernel Mode Service;c:\windows\SYSTEM32\DRIVERS\f_npm.sys;c:\windows\SYSNATIVE\DRIVERS\f_npm.sys [x]S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]S2 Image Protection;Image Protect Service;c:\windows\ImageSAFERSvc.exe;c:\windows\ImageSAFERSvc.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]S3 IntcDAud;인텔® 디스플레이 오디오;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 ISMgr;Image SAFER Process Managerment NT.;c:\windows\system32\ImageSAFERDrv64.sys;c:\windows\SYSNATIVE\ImageSAFERDrv64.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-22 20:53 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-21 05:01].2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15 14:34].2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15 14:34]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2014-04-25 01:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-04-25 01:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2014-04-25 01:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2014-04-25 01:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2014-04-25 01:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.daum.net/mLocal Page = c:\windows\SysWOW64\blank.htmIE: URL 클립 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: 새 노트 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: 선택 항목 클립 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: 이 페이지 스크랩 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: 이미지 클리핑 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4TCP: DhcpNameServer = 168.126.63.1 168.126.63.2FF - ProfilePath - c:\users\토미혜경\AppData\Roaming\Mozilla\Firefox\Profiles\ah4btwdd.default-1400886471837\FF - prefs.js: browser.startup.homepage - hxxp://www.tsn.ca/nhl/.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)SafeBoot-f_PackagerSafeBoot-f_PolicyManagerShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)AddRemove-AxSignGATE - c:\windows\system32\uninst.exeAddRemove-kdefense - c:\windows\system32\uninstallkdf8.exeAddRemove-MaPrintModule_BCCard - c:\windows\system32\MaPrintModule_BCCard_uninstall.exeAddRemove-npn5 - c:\windows\system32\npn5uninst.exeAddRemove-SoftcampSCSK - c:\windows\system32\UnSCSK.exeAddRemove-UnINISafeWeb7 - c:\windows\system32\UnINIS70.exeAddRemove-VeraPort - c:\windows\system32\VeraPortUninstall.exeAddRemove-yessign7ActiveX - c:\windows\system32\yessign7Clear.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,14,da,ff,b4,9a,fb,45,90,23,d0,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,14,da,ff,b4,9a,fb,45,90,23,d0,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.13".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-06-02 09:23:38ComboFix-quarantined-files.txt 2014-06-02 00:23ComboFix2.txt 2014-05-26 09:44.Pre-Run: 29,022,138,368 바이트 남음Post-Run: 28,893,179,904 바이트 남음.- - End Of File - - A56AC4E4A01DE002DE99E97D0C3C73DF4035DE5DAAB980D7013EE299F9E098AE Link to post Share on other sites More sharing options...
kevinf80 Posted June 2, 2014 ID:836851 Share Posted June 2, 2014 1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Open notepad and copy/paste the text in the Codebox below into it:ClearJavaCache Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Next, We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the add/on to be installedClick Start Make sure that the option "Remove found threats" is ticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Select "Change" next to Current scan targets A new window will open, select any extra drives, Flash drives etc as required.Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program Copy and paste the report in next reply. Next, Uninstall/reinstall Opera, use the following to uninstall: Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information) Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required. Run the tool, the main GUI will populate with installed programs list, Left click on Opera to highlight that entry. Select Action from the Menu bar, then Uninstall from there follow the prompts. If Uninstall fails open the "Action" menu one more time and use "Force Removal" option Link to post Share on other sites More sharing options...
tommynomad Posted June 2, 2014 Author ID:837071 Share Posted June 2, 2014 Here is the combofix log: ComboFix 14-05-29.01 - 토미혜경 2014-06-03 6:53.4.2 - x64Microsoft Windows 7 Home Premium K 6.1.7601.1.949.82.1042.18.4004.2831 [GMT 9:00]Running from: c:\users\토미혜경\Desktop\ComboFix.exeCommand switches used :: c:\users\토미혜경\Desktop\CFScript.txtSP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-05-02 to 2014-06-02 )))))))))))))))))))))))))))))))..2014-06-02 21:59 . 2014-06-02 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-02 21:59 . 2014-06-02 21:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp2014-06-02 21:59 . 2014-06-02 21:59 -------- d-----w- c:\users\AA¹IC~1\AppData\Local\temp2014-06-02 07:44 . 2014-06-02 07:44 -------- d-----w- c:\programdata\GRETECH2014-06-02 07:43 . 2014-06-02 07:43 -------- d-----w- c:\users\토미혜경\AppData\Roaming\GRETECH2014-06-01 23:39 . 2014-06-01 23:39 -------- d-----w- c:\windows\ERUNT2014-06-01 22:43 . 2014-06-01 22:43 -------- d-----w- c:\program files (x86)\Common Files\Skype2014-05-30 21:13 . 2014-05-30 21:15 -------- d-----w- C:\FRST2014-05-29 19:43 . 2014-05-29 19:43 -------- d-----w- c:\users\토미혜경\AppData\Roaming\OpenOffice2014-05-28 15:52 . 2014-05-28 15:52 67246 ----a-w- c:\programdata\cc_20140529_005221.reg2014-05-28 14:03 . 2014-05-28 14:03 -------- d-----w- c:\program files (x86)\OpenOffice 42014-05-28 13:08 . 2014-05-28 13:08 159744 ----a-w- c:\program files\Internet Explorer\플러그인\npqtplugin5.dll2014-05-28 13:08 . 2014-05-28 13:08 159744 ----a-w- c:\program files\Internet Explorer\플러그인\npqtplugin4.dll2014-05-28 13:08 . 2014-05-28 13:08 159744 ----a-w- c:\program files\Internet Explorer\플러그인\npqtplugin3.dll2014-05-28 13:08 . 2014-05-28 13:08 159744 ----a-w- c:\program files\Internet Explorer\플러그인\npqtplugin2.dll2014-05-28 13:08 . 2014-05-28 13:07 159744 ----a-w- c:\program files\Internet Explorer\플러그인\npqtplugin.dll2014-05-28 13:07 . 2014-05-28 13:07 -------- d-----w- c:\program files (x86)\QuickTime2014-05-28 12:47 . 2014-05-28 12:47 -------- d-----w- c:\users\토미혜경\AppData\Local\Secunia PSI2014-05-28 12:47 . 2014-05-28 12:47 -------- d-----w- c:\program files (x86)\Secunia2014-05-26 19:27 . 2014-05-26 19:27 -------- d-s---w- c:\windows\SysWow64\Microsoft2014-05-25 12:14 . 2014-05-25 12:14 9852 ----a-w- c:\programdata\cc_20140525_211420.reg2014-05-23 22:52 . 2014-05-23 23:01 -------- d-----w- c:\programdata\HitmanPro2014-05-20 06:26 . 2014-05-20 06:26 50608 ----a-w- c:\windows\SysWow64\drivers\SCSK5.sys2014-05-20 06:22 . 2014-05-20 06:22 159240 ----a-r- c:\windows\SysWow64\CKAgent.exe2014-05-20 06:22 . 2014-05-20 06:22 159240 ----a-r- c:\windows\system32\CKAgent.exe2014-05-15 11:10 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll2014-05-15 11:10 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll2014-05-15 11:10 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb2014-05-15 11:10 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2014-05-15 10:46 . 2014-04-12 02:19 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-05-15 10:46 . 2014-03-04 09:44 728064 ----a-w- c:\windows\system32\kerberos.dll2014-05-15 10:46 . 2014-03-04 09:44 314880 ----a-w- c:\windows\system32\msv1_0.dll2014-05-15 10:46 . 2014-03-04 09:43 455168 ----a-w- c:\windows\system32\winlogon.exe2014-05-15 10:46 . 2014-03-04 09:20 3969984 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2014-05-15 10:46 . 2014-03-04 09:20 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2014-05-15 10:46 . 2014-03-04 09:17 550912 ----a-w- c:\windows\SysWow64\kerberos.dll2014-05-15 10:46 . 2014-03-04 09:47 5550016 ----a-w- c:\windows\system32\ntoskrnl.exe2014-05-15 10:46 . 2014-03-04 09:44 722944 ----a-w- c:\windows\system32\objsel.dll2014-05-15 10:46 . 2014-03-04 09:17 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll2014-05-15 10:25 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll2014-05-15 10:24 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll2014-05-15 10:24 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll2014-05-13 21:59 . 2014-05-13 21:59 -------- d-----w- c:\users\토미혜경\AppData\Roaming\ProductData2014-05-13 09:11 . 2014-05-13 09:11 -------- d-----w- c:\program files\7-Zip2014-05-11 09:35 . 2014-05-11 09:35 1570 ----a-w- c:\programdata\cc_20140511_183520.reg2014-05-09 08:53 . 2014-05-09 08:53 -------- d-----w- c:\users\Default\AppData\Local\Google2014-05-08 21:16 . 2010-08-29 23:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-05-08 21:15 . 2014-06-01 22:09 -------- d-----w- C:\AdwCleaner2014-05-06 22:29 . 2014-05-06 22:29 -------- d-----w- c:\programdata\BitDefender...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-20 06:22 . 2012-09-12 12:32 1936904 ----a-w- c:\windows\SysWow64\TouchEnKey.dll2014-05-20 06:22 . 2013-03-16 16:43 376328 ----a-w- c:\windows\SysWow64\npKeyPro.dll2014-05-20 06:22 . 2013-02-15 12:10 327176 ----a-w- c:\windows\SysWow64\CKApp.dll2014-05-20 06:22 . 2013-01-09 06:54 183816 ----a-w- c:\windows\SysWow64\Jrsoftcp.dll2014-05-20 06:22 . 2012-09-12 12:32 1936904 ----a-w- c:\windows\SysWow64\XecureCK.dll2014-05-20 06:22 . 2011-11-27 02:45 1252872 ----a-w- c:\windows\SysWow64\CKSetup64.exe2014-05-20 06:22 . 2011-11-27 02:45 141848 ----a-w- c:\windows\system32\kcrtx64.sys2014-05-20 06:22 . 2013-02-25 13:29 2428424 ----a-w- c:\windows\SysWow64\CKSetup32.exe2014-05-15 11:06 . 2011-10-08 21:50 93223848 ----a-w- c:\windows\system32\MRT.exe2014-05-14 08:50 . 2012-10-19 07:40 3327704 ----a-w- c:\windows\system32\btscan.exe2014-05-14 05:01 . 2014-04-21 05:25 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-14 05:01 . 2014-04-21 05:25 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-05-12 02:29 . 2014-04-22 11:38 495616 ----a-w- c:\windows\SysWow64\KvpUpCom.dll2014-04-30 09:43 . 2014-04-30 09:37 438 ----a-w- c:\programdata\cc_20140430_183730.reg2014-04-28 13:00 . 2014-04-28 13:00 4416 ----a-w- c:\programdata\cc_20140428_215955.reg2014-04-17 06:01 . 2014-04-17 06:01 80728 ----a-w- c:\windows\INISBDrvUnit.10003.dll2014-04-17 06:01 . 2014-04-17 06:01 1648984 ----a-w- c:\windows\INISandBoxMonitor.10031.exe2014-04-09 21:52 . 2014-04-09 21:52 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2014-04-09 21:52 . 2014-04-09 21:52 846336 ----a-w- c:\windows\system32\ieapfltr.dll2014-04-09 21:52 . 2014-04-09 21:52 752640 ----a-w- c:\windows\system32\jscript9diag.dll2014-04-09 21:52 . 2014-04-09 21:52 66048 ----a-w- c:\windows\system32\iesetup.dll2014-04-09 21:52 . 2014-04-09 21:52 628736 ----a-w- c:\windows\system32\msfeeds.dll2014-04-09 21:52 . 2014-04-09 21:52 61952 ----a-w- c:\windows\SysWow64\iesetup.dll2014-04-09 21:52 . 2014-04-09 21:52 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll2014-04-09 21:52 . 2014-04-09 21:52 586240 ----a-w- c:\windows\system32\ie4uinit.exe2014-04-09 21:52 . 2014-04-09 21:52 5784064 ----a-w- c:\windows\system32\jscript9.dll2014-04-09 21:52 . 2014-04-09 21:52 574976 ----a-w- c:\windows\system32\ieui.dll2014-04-09 21:52 . 2014-04-09 21:52 548352 ----a-w- c:\windows\system32\vbscript.dll2014-04-09 21:52 . 2014-04-09 21:52 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll2014-04-09 21:52 . 2014-04-09 21:52 51200 ----a-w- c:\windows\system32\jsproxy.dll2014-04-09 21:52 . 2014-04-09 21:52 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2014-04-09 21:52 . 2014-04-09 21:52 455168 ----a-w- c:\windows\SysWow64\vbscript.dll2014-04-09 21:52 . 2014-04-09 21:52 453120 ----a-w- c:\windows\system32\dxtmsft.dll2014-04-09 21:52 . 2014-04-09 21:52 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll2014-04-09 21:52 . 2014-04-09 21:52 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2014-04-09 21:52 . 2014-04-09 21:52 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2014-04-09 21:52 . 2014-04-09 21:52 33792 ----a-w- c:\windows\system32\iernonce.dll2014-04-09 21:52 . 2014-04-09 21:52 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2014-04-09 21:52 . 2014-04-09 21:52 296960 ----a-w- c:\windows\system32\dxtrans.dll2014-04-09 21:52 . 2014-04-09 21:52 2767360 ----a-w- c:\windows\system32\iertutil.dll2014-04-09 21:52 . 2014-04-09 21:52 2260480 ----a-w- c:\windows\system32\wininet.dll2014-04-09 21:52 . 2014-04-09 21:52 2043904 ----a-w- c:\windows\system32\inetcpl.cpl2014-04-09 21:52 . 2014-04-09 21:52 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl2014-04-09 21:52 . 2014-04-09 21:52 195584 ----a-w- c:\windows\system32\msrating.dll2014-04-09 21:52 . 2014-04-09 21:52 1789440 ----a-w- c:\windows\SysWow64\wininet.dll2014-04-09 21:52 . 2014-04-09 21:52 1400832 ----a-w- c:\windows\system32\urlmon.dll2014-04-09 21:52 . 2014-04-09 21:52 139264 ----a-w- c:\windows\system32\ieUnatt.exe2014-04-09 21:52 . 2014-04-09 21:52 13551104 ----a-w- c:\windows\system32\ieframe.dll2014-04-09 21:52 . 2014-04-09 21:52 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe2014-04-09 21:52 . 2014-04-09 21:52 111616 ----a-w- c:\windows\system32\ieetwcollector.exe2014-04-03 12:36 . 2014-04-03 12:36 58752 ----a-w- c:\windows\SysWow64\drivers\x64kdss.sys2014-04-03 12:36 . 2013-10-17 12:24 58464 ----a-w- c:\windows\SysWow64\drivers\kck64s.sys2014-04-03 12:36 . 2014-04-03 12:36 69992 ----a-w- c:\windows\SysWow64\kdfapi.dll2014-04-03 12:36 . 2014-04-03 12:36 100056 ----a-w- c:\windows\SysWow64\Kdfhok.dll2014-04-03 12:36 . 2011-11-24 00:04 137904 ----a-w- c:\windows\SysWow64\kcu86s.dll2014-04-03 12:36 . 2014-04-03 12:36 58192 ----a-w- c:\windows\system32\drivers\ProMDefense.sys2014-04-03 12:36 . 2014-04-03 12:36 246704 ----a-w- c:\windows\SysWow64\ProMDefense.dll2014-04-02 12:58 . 2014-04-02 12:58 708096 ----a-w- c:\windows\SysWow64\INIcrypto20.dll2014-04-02 12:58 . 2014-04-02 12:58 5765664 ----a-w- c:\windows\SysWow64\ISPPopUpDlg.exe2014-03-28 13:26 . 2011-11-01 11:12 502456 ----a-w- c:\windows\system32\TeCtrlu.dll2014-03-27 22:34 . 2014-03-27 22:34 3792 ----a-w- c:\programdata\cc_20140328_073345.reg2014-03-23 14:58 . 2014-03-23 14:58 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2014-03-23 14:58 . 2014-03-23 14:58 942592 ----a-w- c:\windows\system32\jsIntl.dll2014-03-23 14:58 . 2014-03-23 14:58 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2014-03-23 14:58 . 2014-03-23 14:58 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2014-03-23 14:58 . 2014-03-23 14:58 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2014-03-23 14:58 . 2014-03-23 14:58 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2014-03-23 14:58 . 2014-03-23 14:58 81408 ----a-w- c:\windows\system32\icardie.dll2014-03-23 14:58 . 2014-03-23 14:58 774144 ----a-w- c:\windows\system32\jscript.dll2014-03-23 14:58 . 2014-03-23 14:58 77312 ----a-w- c:\windows\system32\tdc.ocx2014-03-23 14:58 . 2014-03-23 14:58 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2014-03-23 14:58 . 2014-03-23 14:58 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2014-03-23 14:58 . 2014-03-23 14:58 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2014-03-23 14:58 . 2014-03-23 14:58 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2014-03-23 14:58 . 2014-03-23 14:58 62464 ----a-w- c:\windows\system32\pngfilt.dll2014-03-23 14:58 . 2014-03-23 14:58 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2014-03-23 14:58 . 2014-03-23 14:58 616104 ----a-w- c:\windows\system32\ieapfltr.dat2014-03-23 14:58 . 2014-03-23 14:58 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2014-03-23 14:58 . 2014-03-23 14:58 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2014-03-23 14:58 . 2014-03-23 14:58 48640 ----a-w- c:\windows\system32\mshtmler.dll2014-03-23 14:58 . 2014-03-23 14:58 48128 ----a-w- c:\windows\system32\imgutil.dll2014-03-23 14:58 . 2014-03-23 14:58 413696 ----a-w- c:\windows\system32\html.iec2014-03-23 14:58 . 2014-03-23 14:58 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2014-03-23 14:58 . 2014-03-23 14:58 337408 ----a-w- c:\windows\SysWow64\html.iec2014-03-23 14:58 . 2014-03-23 14:58 30208 ----a-w- c:\windows\system32\licmgr10.dll2014-03-23 14:58 . 2014-03-23 14:58 263376 ----a-w- c:\windows\system32\iedkcs32.dll2014-03-23 14:58 . 2014-03-23 14:58 247808 ----a-w- c:\windows\system32\msls31.dll2014-03-23 14:58 . 2014-03-23 14:58 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2014-03-23 14:58 . 2014-03-23 14:58 243200 ----a-w- c:\windows\system32\webcheck.dll2014-03-23 14:58 . 2014-03-23 14:58 235520 ----a-w- c:\windows\system32\url.dll2014-03-23 14:58 . 2014-03-23 14:58 235008 ----a-w- c:\windows\system32\elshyph.dll2014-03-23 14:58 . 2014-03-23 14:58 182272 ----a-w- c:\windows\SysWow64\msls31.dll2014-03-23 14:58 . 2014-03-23 14:58 167424 ----a-w- c:\windows\system32\iexpress.exe2014-03-23 14:58 . 2014-03-23 14:58 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2014-03-23 14:58 . 2014-03-23 14:58 147968 ----a-w- c:\windows\system32\occache.dll2014-03-23 14:58 . 2014-03-23 14:58 143872 ----a-w- c:\windows\system32\wextract.exe2014-03-23 14:58 . 2014-03-23 14:58 139264 ----a-w- c:\windows\SysWow64\wextract.exe2014-03-23 14:58 . 2014-03-23 14:58 13824 ----a-w- c:\windows\system32\mshta.exe2014-03-23 14:58 . 2014-03-23 14:58 135680 ----a-w- c:\windows\system32\iepeers.dll2014-03-23 14:58 . 2014-03-23 14:58 13312 ----a-w- c:\windows\SysWow64\mshta.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 131248 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 131248 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 131248 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904].c:\users\토미혜경\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\토미혜경\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 fs_kbfilter;DRM ONE Upper Class Keyboard filter;c:\windows\SYSTEM32\DRIVERS\fs_kbdrv.sys;c:\windows\SYSNATIVE\DRIVERS\fs_kbdrv.sys [x]R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]R2 npkfxsvc;npkfxsvc;c:\windows\SysWow64\npkfxsvc.exe;c:\windows\SysWow64\npkfxsvc.exe [x]R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\Drivers\CdmDrvNt.sys;c:\windows\SYSNATIVE\Drivers\CdmDrvNt.sys [x]R3 ezty2;ezty2;c:\windows\system32\ezty2.sys;c:\windows\SYSNATIVE\ezty2.sys [x]R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS;c:\windows\SYSNATIVE\JRSKD24.SYS [x]R3 kcrtx64;kcrtx64;c:\windows\system32\kcrtx64.sys;c:\windows\SYSNATIVE\kcrtx64.sys [x]R3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [x]R3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [x]R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys;c:\windows\SYSNATIVE\drivers\Mkd2Bthf.sys [x]R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys;c:\windows\SYSNATIVE\drivers\Mkd2Nadr.sys [x]R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys;c:\windows\SYSNATIVE\drivers\Mkd3kfNt.sys [x]R3 NPFW;NPFW;c:\windows\system32\NPFWVT64.sys;c:\windows\SYSNATIVE\NPFWVT64.sys [x]R3 NPIDS;NPIDS;c:\windows\system32\NpIdsVt64.sys;c:\windows\SYSNATIVE\NpIdsVt64.sys [x]R3 npkcft64;npkcft64;c:\windows\SysWOW64\npkcft64.sys;c:\windows\SysWOW64\npkcft64.sys [x]R3 npkfxs;npkfxs;c:\windows\syswow64\npkfxs.sys;c:\windows\syswow64\npkfxs.sys [x]R3 ProMDefense;ProMDefense;c:\windows\system32\Drivers\ProMDefense.sys;c:\windows\SYSNATIVE\Drivers\ProMDefense.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 scsk5;SCSK5 Driver Service;syswow64\drivers\scsk5.sys;syswow64\drivers\scsk5.sys [x]R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows 정품 인증 기술 서비스;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 x64kdss;x64kdss;syswow64\Drivers\x64kdss.sys;syswow64\Drivers\x64kdss.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys;c:\windows\SYSNATIVE\Drivers\AMonTDLH.sys [x]S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]S2 f_npm;Kernel Mode Service;c:\windows\SYSTEM32\DRIVERS\f_npm.sys;c:\windows\SYSNATIVE\DRIVERS\f_npm.sys [x]S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]S2 Image Protection;Image Protect Service;c:\windows\ImageSAFERSvc.exe;c:\windows\ImageSAFERSvc.exe [x]S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]S3 IntcDAud;인텔® 디스플레이 오디오;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 ISMgr;Image SAFER Process Managerment NT.;c:\windows\system32\ImageSAFERDrv64.sys;c:\windows\SYSNATIVE\ImageSAFERDrv64.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY*Deregistered* - MBAMWebAccessControl.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-22 20:53 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-21 05:01].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15 14:34].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-15 14:34]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-11 02:09 164016 ----a-w- c:\users\토미혜경\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2014-04-25 01:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-04-25 01:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2014-04-25 01:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2014-04-25 01:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2014-04-25 01:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.daum.net/mLocal Page = c:\windows\SysWOW64\blank.htmIE: URL 클립 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: 새 노트 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: 선택 항목 클립 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: 이 페이지 스크랩 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: 이미지 클리핑 - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4TCP: DhcpNameServer = 168.126.63.1 168.126.63.2FF - ProfilePath - c:\users\토미혜경\AppData\Roaming\Mozilla\Firefox\Profiles\ah4btwdd.default-1400886471837\FF - prefs.js: browser.startup.homepage - hxxp://www.tsn.ca/nhl/.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)AddRemove-AxSignGATE - c:\windows\system32\uninst.exeAddRemove-kdefense - c:\windows\system32\uninstallkdf8.exeAddRemove-MaPrintModule_BCCard - c:\windows\system32\MaPrintModule_BCCard_uninstall.exeAddRemove-npn5 - c:\windows\system32\npn5uninst.exeAddRemove-SoftcampSCSK - c:\windows\system32\UnSCSK.exeAddRemove-UnINISafeWeb7 - c:\windows\system32\UnINIS70.exeAddRemove-VeraPort - c:\windows\system32\VeraPortUninstall.exeAddRemove-yessign7ActiveX - c:\windows\system32\yessign7Clear.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,14,da,ff,b4,9a,fb,45,90,23,d0,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,34,14,da,ff,b4,9a,fb,45,90,23,d0,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.13".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-06-03 07:00:53ComboFix-quarantined-files.txt 2014-06-02 22:00ComboFix2.txt 2014-06-02 00:23ComboFix3.txt 2014-05-26 09:44.Pre-Run: 26,441,940,992 바이트 남음Post-Run: 26,132,021,248 바이트 남음.- - End Of File - - 0DD17C1ACE6FEDF81288A1E4E658E1A04035DE5DAAB980D7013EE299F9E098AE Link to post Share on other sites More sharing options...
kevinf80 Posted June 2, 2014 ID:837081 Share Posted June 2, 2014 Did you complete the other steps after Combofix? Link to post Share on other sites More sharing options...
tommynomad Posted June 4, 2014 Author ID:837417 Share Posted June 4, 2014 Uninstalled. Link to post Share on other sites More sharing options...
tommynomad Posted June 4, 2014 Author ID:837420 Share Posted June 4, 2014 Uninstalled Opera and reinstalled as instructed. The problem *appears* to be gone. I will report back in 48 hours. Thank you! Link to post Share on other sites More sharing options...
tommynomad Posted June 4, 2014 Author ID:837422 Share Posted June 4, 2014 Could you recommend a security suite/procedure that will best prevent this from happening again? Thanks again! Link to post Share on other sites More sharing options...
kevinf80 Posted June 4, 2014 ID:837531 Share Posted June 4, 2014 If your system is back to normal with no issues run the following to clean up: Remove Combofix now that we're done with itPlease press the Windows Key and R on your keyboard. This will bring up the Run... command.Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/") Please follow the prompts to uninstall Combofix. You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself. Next, Download "Delfix by Xplode" and save it to your desktop. "Delfix link mirror" Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Activate UAC Remove disinfection tools Create registry backup Purge System Restore Reset system settings Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Part of the routine will be to create a registry back up with ERUNT, the back up will be created here: C:\Windows\ERUNT When all is known to be well with your system you can delete that back up folder if you consider it as not needed... Next, Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 My own security set up is :- Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection. As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc.... Before using NoScript read from this link http://noscript.net/ makes it easy to understand.... Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100 Understanding WinPatrol - http://www.winpatrol.com/features.html I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!. I have also just started using CryptoGuard by Hitman Pro, once installed it will protect all Browsers against crypto ransomware infections, is also free. Go to following link for instructions, it will work with the set up I describe above.. http://www.surfright.nl/en/alert/cryptoguard'>http://www.surfright.nl/en/alert/cryptoguard If no remaining issues or concerns are we ok to close out Kevin.... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 13, 2014 Root Admin ID:840924 Share Posted June 13, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts