Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

[SOLVED] Malware Popped Back 2 days after Solved

This is a discussion on [SOLVED] Malware Popped Back 2 days after Solved within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I posted before under "Multiple CSRSS.exe running with Hanging Firefox" title. Today, I tried to open Firefox session, but


 
 
Thread Tools Search this Thread
Old 07-21-2014, 03:20 AM   #1
Registered Member
 
Join Date: Feb 2009
Posts: 48
OS: Win 7 Home Prem 64bit sp1



Hello,

I posted before under "Multiple CSRSS.exe running with Hanging Firefox" title. Today, I tried to open Firefox session, but it takes forever and was not able to open. After 2 attempts, popup box with 2 messages (I believe Windows Action Center??), "Windows Defender last scanned 3/30/14. Please check for updates." and "McAfee Total Protection is Turned Off". So I updated Windows Defender and enabled McAfee. After that my FireFox opened ok, it seemed. I logged off the machine (Toshiba laptop). Couple hours later, I turned the laptop on for Firefox session. I saw only a Trovi.com search site opened without asking and my firefox default home page was changed to Trovi site. THE only new application I installed is Secunia PSI, as you suggested I attached logs here. Please help. I did not visited or downloaded suspicious sites since resolving my issues before..Please Help!
============================
Attached Files
File Type: zip attach.zip (5.0 KB, 51 views)
satyros66 is offline  
Sponsored Links
Advertisement
 
Old 07-21-2014, 06:47 PM   #2
Registered Member
 
Join Date: Feb 2009
Posts: 48
OS: Win 7 Home Prem 64bit sp1



As DrDOS suggested, I attached FRST.txt and Addition.txt logs below...
Attached Files
File Type: txt Addition.txt (37.5 KB, 47 views)
File Type: txt FRST.txt (58.9 KB, 50 views)
satyros66 is offline  
Old 07-22-2014, 06:48 PM   #3
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



satyros66,

Hi and welcome to TSF.

I am currently reviewing your logs. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.
DrDOS is offline  
Sponsored Links
Advertisement
 
Old 07-24-2014, 09:18 PM   #4
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



satyros66,

Thanks for posting the FRST logs I asked for.

  1. Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists. Check 32-bit folder C:\Program Files (x86) as well.

    • Search Protect<<Please read this - this is FYI only

      Also delete the following Folders if they still exist:

      C:\Program Files\Search Protect

  2. Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

  3. Rerun FRST. Make sure Addition.txt log is ticked. Post those results in your next reply.



What I need from you this time
  • AdwCleaner[R0].txt
  • FRST.txt log
  • Addition.txt log
DrDOS is offline  
Old 07-26-2014, 09:29 PM   #5
Registered Member
 
Join Date: Feb 2009
Posts: 48
OS: Win 7 Home Prem 64bit sp1



Here is 3 logs:
===============
# AdwCleaner v3.216 - Report created 26/07/2014 at 08:15:16
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : JongTae - JONGTAE-PC
# Running from : C:\Users\JongTae\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\JongTae\AppData\Roaming\Mozilla\Firefox\Profiles\jrqqsg2m.default-1398737435102\searchplugins\trovi-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=55&CUI=&UM=6&UP=SPFFDB277F-20C0-47A7-AFB6-18249E730C39&SSPV=SP2160TB_sp_ie

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c20rdfyc.default\prefs.js ]


[ File : C:\Users\JongTae\AppData\Roaming\Mozilla\Firefox\Profiles\jrqqsg2m.default-1398737435102\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=69&CUI=&SSPV=SP2160TB_sp_ff&Lay=1&UM=6&UP=SPFFD[...]
Line Found : user_pref("browser.search.defaultenginename", "Trovi search");
Line Found : user_pref("browser.search.selectedEngine", "Trovi search");
Line Found : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=55&CUI=&UM=6&UP=SPFFDB277F-20C0-47A7-AFB6[...]

-\\ Google Chrome v36.0.1985.125

*************************

AdwCleaner[R0].txt - [3899 octets] - [05/07/2014 15:25:06]
AdwCleaner[R1].txt - [3959 octets] - [06/07/2014 11:27:07]
AdwCleaner[R2].txt - [2124 octets] - [26/07/2014 08:15:16]
AdwCleaner[S0].txt - [3759 octets] - [06/07/2014 11:31:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2244 octets] ##########

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by JongTae at 2014-07-26 21:58:36
Running from C:\Users\JongTae\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Best Buy Connect (HKLM-x32\...\{B435FD87-CA14-45E3-9D0B-A30F1F9F3866}) (Version: 3.00.68 - Best Buy)
Best Buy pc app (HKCU\...\48e4cff94f039634) (Version: 3.2.420.5 - Best Buy)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4600 (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
CISSP 5th Ed AIO (HKLM-x32\...\{F758AF39-2791-46CC-99E8-7A61E01CF48C}) (Version: 9.20.0000 - Total Seminars, LLC)
CoreAAC (HKLM-x32\...\CoreAAC) (Version: - )
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.100 - Corel Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Free CUDA Video Converter 6 (HKLM-x32\...\{7534AD6F-A485-42A4-AE5A-43828817F29A}_is1) (Version: - CUDA Studio)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.57.5189 - Gretech Corporation)
GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.0.60 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.7102 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7803 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block New York 2011 (HKLM-x32\...\{6C434B52-8D0F-4080-9649-7497445DDCD4}) (Version: 1.11.4401 - HRB Technology, LLC.)
H&R Block New York 2012 (HKLM-x32\...\{0A5FB059-9FF1-4A78-9753-4D7656560DAF}) (Version: 1.12.7001 - HRB Technology, LLC.)
H&R Block New York 2013 (HKLM-x32\...\{E3B9117D-7476-4C74-8C22-337F630D6602}) (Version: 1.13.5901 - HRB Technology, LLC.)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5 (HKLM\...\{44C81D1A-0520-49BB-B510-98B8DD414EA1}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
InstallConverter (x32 Version: 1.0 - InstallConverter) Hidden
InstallConverter bundle uninstaller (HKLM-x32\...\InstallConverter bundle uninstaller) (Version: 2.0.0.5 - InstallConverter)
Intel PROSet Wireless (Version: - ) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 13.6.1012 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.70.0.7970 - Memeo Inc.)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
PlayMemories Home (HKLM-x32\...\{5FC13A4C-BC27-4414-A2E4-9E2277AA88AE}) (Version: 8.0.02.10010 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_05_C4600_Software_Min (x32 Version: 130.0.425.000 - Hewlett-Packard) Hidden
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.3.19 - Intuit)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SOHLib for PlayMemories Home (Version: 1.0.0.09130 - Sony Corporation) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
VueScan x64 (HKLM\...\VueScan x64) (Version: - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Xirrus Wi-Fi Inspector (HKLM-x32\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)

==================== Restore Points =========================

15-06-2014 15:07:59 Scheduled Checkpoint
06-07-2014 15:57:21 Removed Java 7 Update 55
06-07-2014 15:59:08 Removed Java(TM) 6 Update 25
06-07-2014 16:01:50 Installed Java 7 Update 60
09-07-2014 01:38:49 Windows Update
10-07-2014 02:01:51 Windows Update
20-07-2014 13:59:15 Windows Update
20-07-2014 17:57:42 Installed Xirrus Wi-Fi Inspector

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0ADBEF09-FD9F-4F91-99D7-23357E7D1C2E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22] (Google Inc.)
Task: {2D4FB0E1-2CBA-448B-B365-B902037390BA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {483F44C0-91EA-4AC7-B849-E64FC9547E3B} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {69B10E15-5ABC-4BAA-AAE9-301C0811C616} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2013-09-12] (Sony Corporation)
Task: {BBC59E5F-52AA-40E3-8BDC-21BE32F50126} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {C6E687C5-F036-424F-8577-3C182723BA79} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08] (Adobe Systems Incorporated)
Task: {CE330CEC-F185-4419-BA2E-694F8B0EC658} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08] (Hewlett-Packard)
Task: {F34F4A8F-9271-40D0-A092-1B87CABA4183} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-31 20:32 - 2011-05-31 20:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2012-04-07 11:30 - 2006-10-19 21:44 - 00047616 _____ () C:\windows\System32\pdf995mon64.dll
2011-06-27 12:16 - 2011-06-27 12:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 20:18 - 2010-11-18 20:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 17:15 - 2010-03-03 17:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2011-02-22 22:22 - 2011-02-22 22:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-12-15 18:19 - 2010-12-15 18:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-05-31 20:32 - 2011-05-31 20:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-11-21 15:36 - 2012-11-21 15:36 - 00325504 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
2011-06-10 00:09 - 2011-06-10 00:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-26 07:56 - 2014-07-26 07:56 - 00043008 _____ () c:\users\jongtae\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphkkql1.dll
2013-10-18 19:55 - 2013-10-18 19:55 - 25100288 _____ () C:\Users\JongTae\AppData\Roaming\Dropbox\bin\libcef.dll
2011-06-01 12:42 - 2011-06-01 12:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-06-01 12:46 - 2011-06-01 12:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2012-11-21 15:37 - 2012-11-21 15:37 - 02897280 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
2012-11-21 15:37 - 2012-11-21 15:37 - 00028032 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 18:59 - 2010-03-22 18:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL
2011-06-01 12:16 - 2011-06-01 12:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2011-06-01 12:16 - 2011-06-01 12:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2014 09:46:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25707078

Error: (07/26/2014 09:46:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25707078

Error: (07/26/2014 09:46:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2014 08:38:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21630272

Error: (07/26/2014 08:38:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21630272

Error: (07/26/2014 08:38:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2014 08:38:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21615359

Error: (07/26/2014 08:38:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21615359

Error: (07/26/2014 08:38:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2014 08:01:08 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-54286602-3000152372-3453492398-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {5cac48c0-c63f-4c55-91d0-ab07d3123b56}


System errors:
=============
Error: (07/26/2014 08:04:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (07/26/2014 07:57:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wireless PAN DHCP Server service terminated unexpectedly. It has done this 1 time(s).

Error: (07/26/2014 07:56:11 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (07/25/2014 11:33:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
%%13

Error: (07/25/2014 11:33:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1115

Error: (07/25/2014 11:33:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1069

Error: (07/25/2014 11:33:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSDP Discovery service failed to start due to the following error:
%%1069

Error: (07/25/2014 11:33:23 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%1352

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/25/2014 11:33:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
%%1069

Error: (07/25/2014 11:33:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSDP Discovery service failed to start due to the following error:
%%1069


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 6050.69 MB
Available physical RAM: 3490.59 MB
Total Pagefile: 12099.55 MB
Available Pagefile: 9556.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (TI106230W0C) (Fixed) (Total:579.61 GB) (Free:75.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 4FE3BE95)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=580 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by JongTae (administrator) on JONGTAE-PC on 26-07-2014 21:57:02
Running from C:\Users\JongTae\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\JongTae\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel(R) Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [137088 2012-11-21] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2346008 2013-10-01] (Sony Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [638432 2014-05-13] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-54286602-3000152372-3453492398-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-22] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\JongTae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\JongTae\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\TEMP.JongTae-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: MOBK -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK2 -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK3 -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Home - Welcome to Toshiba
SearchScopes: HKLM - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = https://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = https://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = https://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = https://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=58&CUI=&UM=6&UP=SPFFDB277F-20C0-47A7-AFB6-18249E730C39&q={searchTerms}&SSPV=SP2160TB_sp_ie
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = https://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=58&CUI=&UM=6&UP=SPFFDB277F-20C0-47A7-AFB6-18249E730C39&q={searchTerms}&SSPV=SP2160TB_sp_ie
SearchScopes: HKCU - {27A3683C-DD37-4160-8649-8937A90154D8} URL = https://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - {F4D9E1FC-A1AB-4545-861E-C0EDF7964ED0} URL = https://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS456
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = https://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 167.206.10.178 167.206.10.179
Tcpip\..\Interfaces\{C2ACC2C1-82A5-4332-B0C4-B55E293E2599}: [NameServer]0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\JongTae\AppData\Roaming\Mozilla\Firefox\Profiles\jrqqsg2m.default-1398737435102
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=69&CUI=&SSPV=SP2160TB_sp_ff&Lay=1&UM=6&UP=SPFFDB277F-20C0-47A7-AFB6-18249E730C39
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=55&CUI=&UM=6&UP=SPFFDB277F-20C0-47A7-AFB6-18249E730C39&SSPV=SP2160TB_sp_ff
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\JongTae\AppData\Roaming\Mozilla\Firefox\Profiles\jrqqsg2m.default-1398737435102\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Adblock Plus - C:\Users\JongTae\AppData\Roaming\Mozilla\Firefox\Profiles\jrqqsg2m.default-1398737435102\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-09]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-05]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-04-05]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

==================== Services (Whitelisted) =================

R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [560128 2014-05-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-05-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-05-02] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-05-02] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-01] (Sony Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel(R) Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-05-02] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-05-26] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-05-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-05-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-05-02] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-26 21:55 - 2014-07-26 21:55 - 00002328 _____ () C:\Users\JongTae\Desktop\AdwCleaner[R2].txt
2014-07-26 08:05 - 2014-07-26 08:05 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-26 08:05 - 2014-07-26 08:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-26 08:05 - 2014-07-26 08:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-26 08:05 - 2014-07-26 08:05 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-26 08:05 - 2014-07-26 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-26 08:05 - 2014-07-26 08:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-21 21:36 - 2014-07-21 21:37 - 00038367 _____ () C:\Users\JongTae\Desktop\Addition.txt
2014-07-21 21:32 - 2014-07-26 21:58 - 00028480 _____ () C:\Users\JongTae\Desktop\FRST.txt
2014-07-21 21:32 - 2014-07-26 21:57 - 00000000 ____D () C:\FRST
2014-07-21 21:32 - 2014-07-21 21:29 - 02090496 _____ (Farbar) C:\Users\JongTae\Desktop\FRST64.exe
2014-07-21 06:14 - 2014-07-21 06:14 - 00005102 _____ () C:\Users\JongTae\Desktop\attach (3).zip
2014-07-21 06:10 - 2014-07-21 06:10 - 00005102 _____ () C:\Users\JongTae\Desktop\attach (2).zip
2014-07-21 05:46 - 2014-07-21 05:46 - 00006625 _____ () C:\Users\JongTae\Desktop\ark.txt
2014-07-20 21:23 - 2014-07-20 21:23 - 00508160 _____ () C:\windows\Minidump\072014-20451-01.dmp
2014-07-20 18:57 - 2014-07-04 13:47 - 00688992 ____R (Swearware) C:\Users\JongTae\Desktop\dds.scr
2014-07-20 13:59 - 2014-07-20 13:59 - 00001277 _____ () C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
2014-07-20 13:58 - 2014-07-20 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
2014-07-20 13:58 - 2014-07-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Xirrus
2014-07-20 13:57 - 2014-07-20 13:57 - 00000000 ____D () C:\Users\JongTae\AppData\Roaming\Xirrus
2014-07-20 13:55 - 2014-07-20 13:55 - 00929416 _____ (CNET Download.com) C:\Users\JongTae\Downloads\cbsidlm-cbsi188-Xirrus_WiFi_Inspector-ORG-75758254.exe
2014-07-16 22:44 - 2014-07-16 22:47 - 693182090 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E08.140616.HDTV.XviD.etc.iPOP.avi
2014-07-16 22:42 - 2014-07-16 22:45 - 669086240 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E07.140610.HDTV.XviD.etc.iPOP.avi
2014-07-16 22:32 - 2014-07-16 22:41 - 697671130 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E06.140609.HDTV.XviD.etc.iPOP.avi
2014-07-16 22:31 - 2014-07-16 22:36 - 693181954 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E05.140603.HDTV.XviD.etc.iPOP.avi
2014-07-16 19:51 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
2014-07-15 21:02 - 2014-07-15 21:04 - 688436459 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E04.140527.HDTV.H264.450p.ENT.avi
2014-07-15 21:00 - 2014-07-15 21:02 - 691204942 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E03.140526.HDTV.XviD.etc.iPOP.avi
2014-07-15 20:59 - 2014-07-15 21:00 - 688495772 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E02.140520.HDTV.XviD.etc.iPOP.avi
2014-07-15 20:55 - 2014-07-15 20:57 - 664371141 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E01.140519.HDTV.H264.450p.WITH.mp4
2014-07-14 21:09 - 2014-07-14 21:17 - 771527812 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E24.140713.HDTV.XviD.etc.LIMO.avi
2014-07-14 21:02 - 2014-07-14 21:08 - 756273134 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E23.140712.HDTV.XviD.etc.LIMO.avi
2014-07-14 20:52 - 2014-07-14 20:57 - 787750912 _____ () C:\Users\JongTae\Downloads\MBN_천기누설.E110.140713.HDTV.XviD.etc.WITH.avi
2014-07-13 22:14 - 2014-07-13 22:16 - 761205206 _____ () C:\Users\JongTae\Downloads\참 좋은 시절.E42.140713.HDTV.XviD.etc.LIMO.avi
2014-07-13 21:02 - 2014-07-13 21:08 - 761491748 _____ () C:\Users\JongTae\Downloads\참 좋은 시절.E41.140712.HDTV.XviD.etc.LIMO.avi
2014-07-13 10:42 - 2014-07-13 10:42 - 22224144 _____ (Xirrus) C:\Users\JongTae\Downloads\WiFiInspector-Setup-1.2.1.4.exe
2014-07-12 11:31 - 2014-07-12 11:39 - 761322306 _____ () C:\Users\JongTae\Downloads\참 좋은 시절.E36.140622.HDTV.XviD.etc.LIMO.avi
2014-07-12 11:22 - 2014-07-12 11:31 - 758281898 _____ () C:\Users\JongTae\Downloads\참 좋은 시절.E35.140621.HDTV.XviD.etc.LIMO.avi
2014-07-12 10:40 - 2014-07-12 10:50 - 759608672 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E22.140706.HDTV.XviD.etc.LIMO.avi
2014-07-12 10:31 - 2014-07-12 10:40 - 750815414 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E21.140705.HDTV.XviD.etc.LIMO.avi
2014-07-10 22:17 - 2014-07-26 08:05 - 00015259 _____ () C:\windows\SecuniaPackage.log
2014-07-09 22:10 - 2014-07-09 22:10 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-07-09 22:10 - 2014-07-09 22:10 - 00000000 ____D () C:\Users\JongTae\AppData\Local\Secunia PSI
2014-07-09 22:10 - 2014-07-09 22:10 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-07-09 22:09 - 2014-07-09 22:09 - 05329480 _____ (Secunia) C:\Users\JongTae\Downloads\PSISetup.exe
2014-07-09 20:58 - 2014-07-09 20:59 - 05216105 _____ (Swearware) C:\Users\JongTae\Downloads\ComboFix.exe
2014-07-08 20:32 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-08 20:32 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-08 20:32 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-08 20:32 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-08 20:32 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-08 20:32 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-08 20:32 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-08 20:32 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-08 20:32 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-08 20:32 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-08 20:32 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-08 20:32 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-08 20:32 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-08 20:32 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-08 20:32 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-08 20:32 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-08 20:32 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-08 20:32 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-08 20:32 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-08 20:32 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-08 20:32 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-08 20:32 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-08 20:31 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-08 20:31 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-08 20:31 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-08 20:31 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-08 20:31 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-08 20:31 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-08 20:31 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-08 20:31 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-08 20:31 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-08 20:31 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-08 20:31 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-08 20:31 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-08 20:31 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-08 20:31 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-08 20:31 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-08 20:31 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-08 20:31 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-08 20:31 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-08 20:31 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-08 20:31 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 20:31 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-08 20:31 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-08 20:31 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-08 20:31 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-08 20:31 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-08 20:31 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-08 20:31 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-08 20:31 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-08 20:31 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-08 20:31 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-08 20:31 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-08 20:31 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-08 20:31 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-08 20:31 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-08 20:31 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-08 20:31 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-08 20:31 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-08 20:31 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-08 20:31 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-08 20:31 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-08 20:31 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 20:31 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-08 20:31 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-08 20:31 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-08 20:31 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-08 20:31 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-08 20:31 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-08 20:31 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-08 20:31 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-08 20:31 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-08 20:31 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-08 20:31 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-08 20:31 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-08 20:31 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-08 20:31 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-08 20:31 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-08 20:30 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-08 20:30 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-08 20:30 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-06 12:19 - 2014-07-06 12:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-06 12:17 - 2014-07-06 12:17 - 02347384 _____ (ESET) C:\Users\JongTae\Downloads\esetsmartinstaller_enu.exe
2014-07-06 12:03 - 2014-07-06 12:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-06 11:53 - 2014-07-06 11:54 - 00918952 _____ (Oracle Corporation) C:\Users\JongTae\Downloads\jxpiinstall.exe
2014-07-05 15:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-07-05 15:24 - 2014-07-26 08:15 - 00000000 ____D () C:\AdwCleaner
2014-07-05 15:21 - 2014-07-26 08:02 - 01354223 _____ () C:\Users\JongTae\Desktop\AdwCleaner.exe
2014-07-05 00:16 - 2014-07-05 00:16 - 00000000 ____D () C:\Users\JongTae\AppData\Local\Adobe
2014-07-04 23:56 - 2014-07-04 23:56 - 00011711 _____ () C:\Users\JongTae\Desktop\attach.zip
2014-07-04 13:55 - 2014-07-04 13:55 - 00118947 _____ () C:\Users\JongTae\Desktop\NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum.htm
2014-07-04 13:55 - 2014-07-04 13:55 - 00000000 ____D () C:\Users\JongTae\Desktop\NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum_files
2014-07-04 13:52 - 2014-07-20 18:59 - 00014926 _____ () C:\Users\JongTae\Desktop\attach.txt
2014-07-04 13:52 - 2014-07-20 18:58 - 00030159 _____ () C:\Users\JongTae\Desktop\dds.txt
2014-07-04 13:51 - 2014-07-04 13:52 - 00370943 _____ () C:\Users\JongTae\Downloads\gmer.zip
2014-07-04 13:47 - 2014-07-04 13:47 - 00688992 ____R (Swearware) C:\Users\JongTae\Downloads\dds.scr
2014-07-04 13:32 - 2014-07-04 13:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JongTae\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-03 21:32 - 2014-07-03 21:34 - 771389822 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E20.140629.avi
2014-07-03 21:27 - 2014-07-03 21:29 - 748985860 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E19.140628.HDTV.XviD.etc.LIMO.avi
2014-07-03 21:25 - 2014-07-03 21:27 - 677205276 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E18.140622.HDTV.XviD.etc.LIMO.avi
2014-07-01 21:37 - 2014-07-01 21:39 - 792703574 _____ () C:\Users\JongTae\Downloads\자기야-백년손님.E235.140619.HDTV.XviD.etc.LIMO.avi
2014-07-01 21:35 - 2014-07-01 21:36 - 595313204 _____ () C:\Users\JongTae\Downloads\생로병사의 비밀.E506.140618.HDTV.XviD.etc.JOA.avi
2014-07-01 21:31 - 2014-07-01 21:33 - 642113334 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E17.140621.HDTV.XviD.etc.LIMO.avi
2014-06-29 16:21 - 2014-07-06 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-26 21:58 - 2014-07-21 21:32 - 00028480 _____ () C:\Users\JongTae\Desktop\FRST.txt
2014-07-26 21:57 - 2014-07-21 21:32 - 00000000 ____D () C:\FRST
2014-07-26 21:56 - 2011-09-22 20:48 - 01115806 _____ () C:\windows\WindowsUpdate.log
2014-07-26 21:55 - 2014-07-26 21:55 - 00002328 _____ () C:\Users\JongTae\Desktop\AdwCleaner[R2].txt
2014-07-26 21:54 - 2011-09-22 21:14 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-26 21:47 - 2011-09-22 21:14 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-26 21:46 - 2012-04-08 09:44 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-26 08:15 - 2014-07-05 15:24 - 00000000 ____D () C:\AdwCleaner
2014-07-26 08:14 - 2014-06-13 18:17 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 08:11 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-26 08:11 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 08:11 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 08:05 - 2014-07-26 08:05 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-07-26 08:05 - 2014-07-26 08:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-07-26 08:05 - 2014-07-26 08:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-07-26 08:05 - 2014-07-26 08:05 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-26 08:05 - 2014-07-26 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-26 08:05 - 2014-07-26 08:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-26 08:05 - 2014-07-10 22:17 - 00015259 _____ () C:\windows\SecuniaPackage.log
2014-07-26 08:02 - 2014-07-05 15:21 - 01354223 _____ () C:\Users\JongTae\Desktop\AdwCleaner.exe
2014-07-26 08:00 - 2013-06-07 19:45 - 00000000 ___RD () C:\Users\JongTae\Dropbox
2014-07-26 08:00 - 2013-06-07 19:42 - 00000000 ____D () C:\Users\JongTae\AppData\Roaming\Dropbox
2014-07-26 08:00 - 2012-03-03 20:06 - 00000000 __RSD () C:\Users\JongTae\Documents\McAfee Vaults
2014-07-26 07:55 - 2014-04-05 13:26 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-07-26 07:54 - 2010-11-20 23:47 - 01152036 _____ () C:\windows\PFRO.log
2014-07-26 07:54 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-26 07:54 - 2009-07-14 00:51 - 00135643 _____ () C:\windows\setupact.log
2014-07-25 23:07 - 2013-06-07 19:45 - 00001037 _____ () C:\Users\JongTae\Desktop\Dropbox.lnk
2014-07-25 23:07 - 2013-06-07 19:43 - 00000000 ____D () C:\Users\JongTae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-21 21:37 - 2014-07-21 21:36 - 00038367 _____ () C:\Users\JongTae\Desktop\Addition.txt
2014-07-21 21:29 - 2014-07-21 21:32 - 02090496 _____ (Farbar) C:\Users\JongTae\Desktop\FRST64.exe
2014-07-21 06:14 - 2014-07-21 06:14 - 00005102 _____ () C:\Users\JongTae\Desktop\attach (3).zip
2014-07-21 06:10 - 2014-07-21 06:10 - 00005102 _____ () C:\Users\JongTae\Desktop\attach (2).zip
2014-07-21 05:46 - 2014-07-21 05:46 - 00006625 _____ () C:\Users\JongTae\Desktop\ark.txt
2014-07-20 21:33 - 2012-08-04 15:19 - 00000000 ____D () C:\Users\JongTae\AppData\Local\CrashDumps
2014-07-20 21:23 - 2014-07-20 21:23 - 00508160 _____ () C:\windows\Minidump\072014-20451-01.dmp
2014-07-20 21:23 - 2014-06-10 19:22 - 1156049693 _____ () C:\windows\MEMORY.DMP
2014-07-20 21:23 - 2012-11-11 20:41 - 00000000 ____D () C:\windows\Minidump
2014-07-20 18:59 - 2014-07-04 13:52 - 00014926 _____ () C:\Users\JongTae\Desktop\attach.txt
2014-07-20 18:58 - 2014-07-04 13:52 - 00030159 _____ () C:\Users\JongTae\Desktop\dds.txt
2014-07-20 13:59 - 2014-07-20 13:59 - 00001277 _____ () C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
2014-07-20 13:58 - 2014-07-20 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
2014-07-20 13:58 - 2014-07-20 13:58 - 00000000 ____D () C:\Program Files (x86)\Xirrus
2014-07-20 13:57 - 2014-07-20 13:57 - 00000000 ____D () C:\Users\JongTae\AppData\Roaming\Xirrus
2014-07-20 13:55 - 2014-07-20 13:55 - 00929416 _____ (CNET Download.com) C:\Users\JongTae\Downloads\cbsidlm-cbsi188-Xirrus_WiFi_Inspector-ORG-75758254.exe
2014-07-19 07:51 - 2014-04-05 10:36 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-16 22:47 - 2014-07-16 22:44 - 693182090 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E08.140616.HDTV.XviD.etc.iPOP.avi
2014-07-16 22:45 - 2014-07-16 22:42 - 669086240 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E07.140610.HDTV.XviD.etc.iPOP.avi
2014-07-16 22:41 - 2014-07-16 22:32 - 697671130 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E06.140609.HDTV.XviD.etc.iPOP.avi
2014-07-16 22:36 - 2014-07-16 22:31 - 693181954 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E05.140603.HDTV.XviD.etc.iPOP.avi
2014-07-16 19:52 - 2014-04-05 10:24 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-16 19:50 - 2014-04-05 10:24 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-16 19:42 - 2014-04-05 10:41 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-07-16 19:42 - 2014-04-05 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-15 21:04 - 2014-07-15 21:02 - 688436459 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E04.140527.HDTV.H264.450p.ENT.avi
2014-07-15 21:02 - 2014-07-15 21:00 - 691204942 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E03.140526.HDTV.XviD.etc.iPOP.avi
2014-07-15 21:00 - 2014-07-15 20:59 - 688495772 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E02.140520.HDTV.XviD.etc.iPOP.avi
2014-07-15 20:57 - 2014-07-15 20:55 - 664371141 _____ () C:\Users\JongTae\Downloads\JTBC_유나의 거리.E01.140519.HDTV.H264.450p.WITH.mp4
2014-07-14 21:17 - 2014-07-14 21:09 - 771527812 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E24.140713.HDTV.XviD.etc.LIMO.avi
2014-07-14 21:08 - 2014-07-14 21:02 - 756273134 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E23.140712.HDTV.XviD.etc.LIMO.avi
2014-07-14 20:57 - 2014-07-14 20:52 - 787750912 _____ () C:\Users\JongTae\Downloads\MBN_천기누설.E110.140713.HDTV.XviD.etc.WITH.avi
2014-07-13 22:16 - 2014-07-13 22:14 - 761205206 _____ () C:\Users\JongTae\Downloads\참 좋은 시절.E42.140713.HDTV.XviD.etc.LIMO.avi
2014-07-13 21:08 - 2014-07-13 21:02 - 761491748 _____ () C:\Users\JongTae\Downloads\참 좋은 시절.E41.140712.HDTV.XviD.etc.LIMO.avi
2014-07-13 14:54 - 2013-01-15 12:05 - 04252918 _____ () C:\Users\JongTae\Documents\JTJS_Quicken_Backup.QDF
2014-07-13 14:53 - 2013-01-15 12:07 - 00000000 ____D () C:\Users\JongTae\Documents\BACKUP
2014-07-13 10:42 - 2014-07-13 10:42 - 22224144 _____ (Xirrus) C:\Users\JongTae\Downloads\WiFiInspector-Setup-1.2.1.4.exe
2014-07-12 11:39 - 2014-07-12 11:31 - 761322306 _____ () C:\Users\JongTae\Downloads\참 좋은 시절.E36.140622.HDTV.XviD.etc.LIMO.avi
2014-07-12 11:31 - 2014-07-12 11:22 - 758281898 _____ () C:\Users\JongTae\Downloads\참 좋은 시절.E35.140621.HDTV.XviD.etc.LIMO.avi
2014-07-12 10:50 - 2014-07-12 10:40 - 759608672 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E22.140706.HDTV.XviD.etc.LIMO.avi
2014-07-12 10:40 - 2014-07-12 10:31 - 750815414 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E21.140705.HDTV.XviD.etc.LIMO.avi
2014-07-10 21:56 - 2009-07-14 00:45 - 00319872 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-09 22:12 - 2014-05-06 22:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-09 22:12 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 22:12 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 22:12 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 22:10 - 2014-07-09 22:10 - 00001080 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-07-09 22:10 - 2014-07-09 22:10 - 00000000 ____D () C:\Users\JongTae\AppData\Local\Secunia PSI
2014-07-09 22:10 - 2014-07-09 22:10 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-07-09 22:09 - 2014-07-09 22:09 - 05329480 _____ (Secunia) C:\Users\JongTae\Downloads\PSISetup.exe
2014-07-09 20:59 - 2014-07-09 20:58 - 05216105 _____ (Swearware) C:\Users\JongTae\Downloads\ComboFix.exe
2014-07-08 21:45 - 2013-07-27 09:33 - 00000000 ____D () C:\windows\system32\MRT
2014-07-08 21:42 - 2013-01-10 08:56 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-08 21:21 - 2012-04-08 09:44 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 21:21 - 2012-04-08 09:44 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 21:21 - 2011-07-27 03:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 20:48 - 2014-04-19 08:47 - 00002053 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-07-08 20:48 - 2014-04-19 08:47 - 00002051 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-07-08 20:48 - 2014-04-19 08:47 - 00002041 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-07-08 20:48 - 2014-04-19 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-06 12:19 - 2014-07-06 12:19 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-06 12:17 - 2014-07-06 12:17 - 02347384 _____ (ESET) C:\Users\JongTae\Downloads\esetsmartinstaller_enu.exe
2014-07-06 12:03 - 2014-07-06 12:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-06 11:59 - 2014-06-29 16:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-06 11:54 - 2014-07-06 11:53 - 00918952 _____ (Oracle Corporation) C:\Users\JongTae\Downloads\jxpiinstall.exe
2014-07-05 00:16 - 2014-07-05 00:16 - 00000000 ____D () C:\Users\JongTae\AppData\Local\Adobe
2014-07-04 23:56 - 2014-07-04 23:56 - 00011711 _____ () C:\Users\JongTae\Desktop\attach.zip
2014-07-04 13:55 - 2014-07-04 13:55 - 00118947 _____ () C:\Users\JongTae\Desktop\NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum.htm
2014-07-04 13:55 - 2014-07-04 13:55 - 00000000 ____D () C:\Users\JongTae\Desktop\NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum_files
2014-07-04 13:53 - 2014-01-28 18:36 - 00380416 _____ () C:\Users\JongTae\Desktop\gmer.exe
2014-07-04 13:52 - 2014-07-04 13:51 - 00370943 _____ () C:\Users\JongTae\Downloads\gmer.zip
2014-07-04 13:47 - 2014-07-20 18:57 - 00688992 ____R (Swearware) C:\Users\JongTae\Desktop\dds.scr
2014-07-04 13:47 - 2014-07-04 13:47 - 00688992 ____R (Swearware) C:\Users\JongTae\Downloads\dds.scr
2014-07-04 13:33 - 2014-07-04 13:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\JongTae\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-03 21:34 - 2014-07-03 21:32 - 771389822 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E20.140629.avi
2014-07-03 21:29 - 2014-07-03 21:27 - 748985860 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E19.140628.HDTV.XviD.etc.LIMO.avi
2014-07-03 21:27 - 2014-07-03 21:25 - 677205276 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E18.140622.HDTV.XviD.etc.LIMO.avi
2014-07-01 21:39 - 2014-07-01 21:37 - 792703574 _____ () C:\Users\JongTae\Downloads\자기야-백년손님.E235.140619.HDTV.XviD.etc.LIMO.avi
2014-07-01 21:36 - 2014-07-01 21:35 - 595313204 _____ () C:\Users\JongTae\Downloads\생로병사의 비밀.E506.140618.HDTV.XviD.etc.JOA.avi
2014-07-01 21:33 - 2014-07-01 21:31 - 642113334 _____ () C:\Users\JongTae\Downloads\기분 좋은 날.E17.140621.HDTV.XviD.etc.LIMO.avi
2014-07-01 21:17 - 2012-05-23 20:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-29 22:09 - 2014-07-08 20:32 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-08 20:32 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-29 16:42 - 2011-09-22 21:14 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-29 16:42 - 2011-09-22 21:14 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\JongTae\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphkkql1.dll
C:\Users\JongTae\AppData\Local\Temp\nsbC619.exe
C:\Users\JongTae\AppData\Local\Temp\nsgBEE7.exe
C:\Users\JongTae\AppData\Local\Temp\nsq3CB6.exe
C:\Users\JongTae\AppData\Local\Temp\nsq4197.exe
C:\Users\JongTae\AppData\Local\Temp\nsu8E4E.exe
C:\Users\JongTae\AppData\Local\Temp\nsv4649.exe
C:\Users\JongTae\AppData\Local\Temp\nswB7A6.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 21:20

==================== End Of Log ============================
satyros66 is offline  
Old 07-27-2014, 03:46 AM   #6
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



satyros66,

Thanks for those logs.

  1. Double click on AdwCleaner.exe to run the tool again.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • This time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S1].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

  2. Download attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


What I need from you
  • AdwCleaner[S1].txt
  • Fixlog.txt


How are things running now?
Attached Files
File Type: txt fixlist.txt (1.6 KB, 164 views)
DrDOS is offline  
Old 07-27-2014, 08:15 AM   #7
Registered Member
 
Join Date: Feb 2009
Posts: 48
OS: Win 7 Home Prem 64bit sp1



Listed below are 2 logs. I did 3 things after these 2 scans.
1. Enabled McAfee Total Protection Real-time scanning.
2. Updated Firefox browser to the latest version form Mozila site.
3. Checked Windows Update for Important Updates. None listed.
I resatred laptop 2 times and see if it runs ok. All seems ok. But I want to ask your advice. It still takes 3 minutes & 15 seconds to get Firefox to start after cold boot (clocked with stopwatch). What do you suggest to improve the overall startup time. Thanks for other safe comuting suggestions in advance.

====================

# AdwCleaner v3.216 - Report created 27/07/2014 at 10:08:09
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : JongTae - JONGTAE-PC
# Running from : C:\Users\JongTae\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\JongTae\AppData\Roaming\Mozilla\Firefox\Profiles\jrqqsg2m.default-1398737435102\searchplugins\trovi-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c20rdfyc.default\prefs.js ]


[ File : C:\Users\JongTae\AppData\Roaming\Mozilla\Firefox\Profiles\jrqqsg2m.default-1398737435102\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=69&CUI=&SSPV=SP2160TB_sp_ff&Lay=1&UM=6&UP=SPFFD[...]
Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");
Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=55&CUI=&UM=6&UP=SPFFDB277F-20C0-47A7-AFB6[...]

-\\ Google Chrome v36.0.1985.125

*************************

AdwCleaner[R0].txt - [3899 octets] - [05/07/2014 15:25:06]
AdwCleaner[R1].txt - [3959 octets] - [06/07/2014 11:27:07]
AdwCleaner[R2].txt - [2328 octets] - [26/07/2014 08:15:16]
AdwCleaner[R3].txt - [2388 octets] - [27/07/2014 10:05:24]
AdwCleaner[S0].txt - [3759 octets] - [06/07/2014 11:31:20]
AdwCleaner[S1].txt - [2014 octets] - [27/07/2014 10:08:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2074 octets] ##########

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by JongTae at 2014-07-27 10:24:32 Run:1
Running from C:\Users\JongTae\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = https://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=58&CUI=&UM=6&UP=SPFFDB277F-20C0-47A7-AFB6-18249E730C39&q={searchTerms}&SSPV=SP2160TB_sp_ie
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = https://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=58&CUI=&UM=6&UP=SPFFDB277F-20C0-47A7-AFB6-18249E730C39&q={searchTerms}&SSPV=SP2160TB_sp_ie
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=69&CUI=&SSPV=SP2160TB_sp_ff&Lay=1&UM=6&UP=SPFFDB277F-20C0-47A7-AFB6-18249E730C39
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF6345A7D-81DB-4EC3-96EF-A04A4E22F451&SearchSource=55&CUI=&UM=6&UP=SPFFDB277F-20C0-47A7-AFB6-18249E730C39&SSPV=SP2160TB_sp_ff
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
C:\Users\JongTae\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphkkql1.dll
C:\Users\JongTae\AppData\Local\Temp\nsbC619.exe
C:\Users\JongTae\AppData\Local\Temp\nsgBEE7.exe
C:\Users\JongTae\AppData\Local\Temp\nsq3CB6.exe
C:\Users\JongTae\AppData\Local\Temp\nsq4197.exe
C:\Users\JongTae\AppData\Local\Temp\nsu8E4E.exe
C:\Users\JongTae\AppData\Local\Temp\nsv4649.exe
C:\Users\JongTae\AppData\Local\Temp\nswB7A6.exe
reboot:
end

*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f => Value not found.
"C:\Users\JongTae\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphkkql1.dll" => File/Directory not found.
C:\Users\JongTae\AppData\Local\Temp\nsbC619.exe => Moved successfully.
C:\Users\JongTae\AppData\Local\Temp\nsgBEE7.exe => Moved successfully.
C:\Users\JongTae\AppData\Local\Temp\nsq3CB6.exe => Moved successfully.
C:\Users\JongTae\AppData\Local\Temp\nsq4197.exe => Moved successfully.
C:\Users\JongTae\AppData\Local\Temp\nsu8E4E.exe => Moved successfully.
C:\Users\JongTae\AppData\Local\Temp\nsv4649.exe => Moved successfully.
C:\Users\JongTae\AppData\Local\Temp\nswB7A6.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====
satyros66 is offline  
Old 07-27-2014, 02:21 PM   #8
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



satryos66,

Let's run these scanners and look for any remnants.

  1. As you already have this, run Malwarebytes' Anti-Malware
    • If an update is ever found during any part of the scan, it will prompt you to download the latest version. Please do so.
    • Click on Scan Now.
    • When the scan is complete, click Quarantine All if anything found.

    • Click View detailed log if No malicious items detected. Export and save as *.txt Name should be latest-mbam.txt. Here's an example:
      latest-mbam.txt
    • Save this log to your desktop.
    • Post it in your next reply.


    Of Special Note:
    **Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

    **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


  2. Go here to run an online scanner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
    • Click the blue Run ESET Online Scanner button
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
    • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
    • Click on Advanced Settings
    • Make sure that the option Remove found threats is unticked.
    • Ensure these options are ticked
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click Start
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan, and let me know how things are now.
DrDOS is offline  
Old 07-28-2014, 04:43 PM   #9
Registered Member
 
Join Date: Feb 2009
Posts: 48
OS: Win 7 Home Prem 64bit sp1



Here are ;ast 2 logs:
========================
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software


Error, 7/27/2014 9:51:26 AM, SYSTEM, JONGTAE-PC, Protection, IsLicensed, 13,
Protection, 7/27/2014 9:51:26 AM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopping,
Protection, 7/27/2014 9:51:26 AM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopped,
Error, 7/27/2014 10:11:44 AM, SYSTEM, JONGTAE-PC, Protection, IsLicensed, 13,
Protection, 7/27/2014 10:11:44 AM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopping,
Protection, 7/27/2014 10:11:44 AM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopped,
Error, 7/27/2014 10:27:43 AM, SYSTEM, JONGTAE-PC, Protection, IsLicensed, 13,
Protection, 7/27/2014 10:27:43 AM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopping,
Protection, 7/27/2014 10:27:43 AM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopped,
Error, 7/27/2014 10:49:41 AM, SYSTEM, JONGTAE-PC, Protection, IsLicensed, 13,
Protection, 7/27/2014 10:49:41 AM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopping,
Protection, 7/27/2014 10:49:41 AM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopped,
Error, 7/27/2014 11:05:16 AM, SYSTEM, JONGTAE-PC, Protection, IsLicensed, 13,
Protection, 7/27/2014 11:05:16 AM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopping,
Protection, 7/27/2014 11:05:16 AM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopped,
Error, 7/27/2014 8:32:45 PM, SYSTEM, JONGTAE-PC, Protection, IsLicensed, 13,
Protection, 7/27/2014 8:32:45 PM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopping,
Protection, 7/27/2014 8:32:45 PM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopped,
Update, 7/27/2014 9:22:15 PM, SYSTEM, JONGTAE-PC, Scheduler, Malware Database, 2014.7.20.7, 2014.7.27.10,
Error, 7/27/2014 11:12:04 PM, SYSTEM, JONGTAE-PC, Protection, IsLicensed, 13,
Protection, 7/27/2014 11:12:05 PM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopping,
Protection, 7/27/2014 11:12:05 PM, SYSTEM, JONGTAE-PC, Protection, Malware Protection, Stopped,

(end)

C:\FRST\Quarantine\C\Users\JongTae\AppData\Local\Temp\nsbC619.exe.xBAD Win32/Conduit.SearchProtect.R potentially unwanted application
C:\FRST\Quarantine\C\Users\JongTae\AppData\Local\Temp\nsgBEE7.exe.xBAD Win32/Conduit.SearchProtect.R potentially unwanted application
C:\FRST\Quarantine\C\Users\JongTae\AppData\Local\Temp\nsq3CB6.exe.xBAD Win32/Conduit.SearchProtect.R potentially unwanted application
C:\FRST\Quarantine\C\Users\JongTae\AppData\Local\Temp\nsq4197.exe.xBAD Win32/Conduit.SearchProtect.R potentially unwanted application
C:\FRST\Quarantine\C\Users\JongTae\AppData\Local\Temp\nsu8E4E.exe.xBAD Win32/Conduit.SearchProtect.R potentially unwanted application
C:\FRST\Quarantine\C\Users\JongTae\AppData\Local\Temp\nsv4649.exe.xBAD Win32/Conduit.SearchProtect.R potentially unwanted application
C:\FRST\Quarantine\C\Users\JongTae\AppData\Local\Temp\nswB7A6.exe.xBAD Win32/Conduit.SearchProtect.R potentially unwanted application
C:\Program Files (x86)\InstallConverter bundle uninstaller\uninstaller.exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\JongTae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K9COG77\spstub[1].exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\JongTae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCS3EMAA\SPSetup[1].exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\JongTae\Downloads\cbsidlm-cbsi188-Xirrus_WiFi_Inspector-ORG-75758254.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\JongTae\Downloads\nero 12.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application
satyros66 is offline  
Old 07-29-2014, 01:40 PM   #10
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



satyros66,

Thank you for those logs. We'll take care of the files in C:\FRST\Quarantine shortly.

Quote:
It still takes 3 minutes & 15 seconds to get Firefox to start after cold boot
Is this happening in IE also? FireFox recently updated to 31.0. Did you get that update? Click on Help | About to check. Press the Alt key if Help isn't shown.

If you need to, search their data base or Ask a Question. You may need to Reset FireFox back to its default settings. Here's how.

  1. Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists. Check 32-bit folder C:\Program Files (x86) as well.
    InstallConverter or InstallConverter bundle uninstaller<<Please read this

    Also delete the following Folders if they still exist:

    C:\Program Files\InstallConverter or InstallConverter bundle uninstaller
  2. Did you have a problem either updating or running MalwareBytes? If so, please try again and post that log.

  3. You've already done this. Please do it again. Download attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Is FireFox working better now?
Attached Files
File Type: txt fixlist.txt (526 Bytes, 36 views)
DrDOS is offline  
Old 07-29-2014, 07:05 PM   #11
Registered Member
 
Join Date: Feb 2009
Posts: 48
OS: Win 7 Home Prem 64bit sp1



Here are 3 answers to your questions:
1. Firefox is up to date (31.0)
2. MalwareBytes ran ok without any malwares detected
3. Firefox starts within 16 seconds.
I realized normal booting takes 3 minutes 15 seconds, not Firefox loading time. I may need to look at what services or applications are starting as part of booting sequence. I can use some suggestions. Listed below are the Fixlog.txt
===========================================================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by JongTae at 2014-07-29 21:47:16 Run:2
Running from C:\Users\JongTae\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
SearchScopes: HKLM-x32 - DefaultScope value is missing.
C:\Program Files (x86)\InstallConverter bundle uninstaller\uninstaller.exe
C:\Users\JongTae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K9COG77\spstub[1].exe
C:\Users\JongTae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCS3EMAA\SPSetup[1].exe
C:\Users\JongTae\Downloads\cbsidlm-cbsi188-Xirrus_WiFi_Inspector-ORG-75758254.exe
C:\Users\JongTae\Downloads\nero 12.rar
reboot:
end

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"C:\Program Files (x86)\InstallConverter bundle uninstaller\uninstaller.exe" => File/Directory not found.
C:\Users\JongTae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K9COG77\spstub[1].exe => Moved successfully.
C:\Users\JongTae\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCS3EMAA\SPSetup[1].exe => Moved successfully.
C:\Users\JongTae\Downloads\cbsidlm-cbsi188-Xirrus_WiFi_Inspector-ORG-75758254.exe => Moved successfully.
C:\Users\JongTae\Downloads\nero 12.rar => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====
satyros66 is offline  
Old 07-29-2014, 11:42 PM   #12
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



satyros66,

Quote:
I may need to look at what services or applications are starting as part of booting sequence. I can use some suggestions.
Defrag.
System may be performing normally. Use hibernation more.
C: is FIXED (NTFS) - 580 GiB total, 76.794 GiB free. This discusses Hard Drive space - online calculator - I usually recommend 15-20% free at all times
Create new Admin. Logon as that user.
Great article - https://www.techsupportforum.com/foru...ow-532072.html
Always feel free to post a question here - Windows 7 Support, Windows Vista Support - or one of our other forums

All your logs are now clean.

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.


You may delete any other remaining tools and/or their associated logs/folders from the desktop/or where you ran them from: simply right-click and delete.

Now that your system is clean, it is recommended that you update your Operating System to close any vulnerabilities and help make your system more secure against attack. You should visit Windows Updates and download any required patches for your system.

To help protect your computer in the future I recommend that you read the following articles:

Staying Safe on the Internet
Making Internet Explorer Safer.
Think Prevention!

Some further reading: Disable Java in browsers

Please ensure you have an Anti Virus installed and updated regularly as well as a firewall to block intrusion attempts. For additional protection, I would suggest using a Hosts file that blocks access to thousands of known bad sites. Full details can be found in the link below:

MVPS Hosts file

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

  • AdblockPlus from here
    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.

  • Download and install Secunia Personal Software Inspector (PSI): Free Computer Security - Personal Software Inspector (PSI) - Secunia. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items. Check for updates weekly.

  • WOT from here.

    Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an add on available for both Firefox and IE.

  • Winpatrol

    A heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  • MVPS HOST FILE

    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

  • ANTIVIRUS SOFTWARE

    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • IM from here or here.

    Trillian or Miranda-IM are Malware free Instant Messenger programs which allows you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • ERUNT from here. A useful freeware utility for users of Windows 2000/XP/7/Vista. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders and disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

  • Passwords

    Tired of having to remember many passwords for many sites? Or falling into the lowered security habit of using the same password wherever you go on the internet? Kick that habit with the free program keepass which will remember all those usernames and passwords for you. Just remember one master password and let the program remember the rest. Get the latest version and enjoy!

  • Hardware/Software Inventory

    The Belarc Advisor displays a detailed profile of your installed software and hardware, network inventory, missing Microsoft hotfixes, anti-virus status, security benchmarks, and displays all the results in your Web browser. The Belarc Advisor is licensed for personal use only and is not permitted to be used for any commercial or government purposes.


Please respond to this thread one more time so we can mark this thread as resolved.
DrDOS is offline  
Old 07-30-2014, 04:03 PM   #13
Registered Member
 
Join Date: Feb 2009
Posts: 48
OS: Win 7 Home Prem 64bit sp1



Thank you very much. You can mark this as resolved.
satyros66 is offline  
Old 07-31-2014, 03:20 AM   #14
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



satyros66,

Quote:
Thank you very much. You can mark this as resolved.
Sure thing.

Safe surfing out there.
DrDOS is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Homebuilt PC BSOD's
Hello all, I recently built a PC with the help of a friend and have been having serious BSOD problems. I have attempted to fix the problems myself but have been having no luck for as soon as i correct one problem another appears. My BSOD's happen quite quickly when i start windows normally,...
SWayland BSOD, App Crashes And Hangs 40 06-08-2012 12:27 AM
Multiple Blue Screen Errors (VISTA)
I wont post the whole story because it was quite long but here is a link to another help forum I posted on. Vista Multiple Blue Screen Errors - PC Help Forum - Windows Vista Service Pack 2 (x86) - OS came pre-installed on computer - Hardware and OS is about 3-4 years old I believe -AMD...
Npons BSOD, App Crashes And Hangs 7 05-01-2012 12:42 PM
[SOLVED] WinXP SP3; IPC error, Shutdown Issues and Taskbar Color issues
Reposting from this link as advised: https://www.techsupportforum.com/forums/f10/external-drive-cam-detection-task-bar-going-grey-627991.html Hi Experts, I wanted to be update to get best performance and removed some services from running along with changes to MSconfig and ended up in...
protocoder Resolved HJT Threads 22 02-18-2012 04:04 AM
[SOLVED] BSOD when accessing internet
Hi, OS - Vista/ Windows 7 ? : Vista SP 2 · x86 (32-bit) or x64 : 32-bit · What was original installed OS on system? :Vista · Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? : Full retail · Age of system (hardware): 3-4 years ·...
eraonel BSOD, App Crashes And Hangs 11 02-01-2012 12:41 PM
[SOLVED] BSOD 0x9f Vista Home Basic
I am working on my gfs computer trying to get rid of getting a BSOD on a near daily basis. I tried to attach the files requested as one zip but it was too large. OS: Vista x86 (32-bit) or x64 ? 32bit What was original installed OS on system? Vista Home Basic SP 1 Is the OS an OEM version?...
lius69 BSOD, App Crashes And Hangs 5 08-18-2011 12:25 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:14 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts