Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google+ Hacked???


  • This topic is locked This topic is locked
26 replies to this topic

#1 maske3344

maske3344

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 12 October 2014 - 08:07 PM

Hello, I am having trouble sharing in Google+ for some reason.

So, I pressed F12 to see what is going on...well, here's what I saw:

 

http://imgur.com/SyGqTps

 

 

Translation: "If I use console, the attacker will apply self-xss attack to take my personal info. Don't type or paste any unknown code."

 

What does this mean? Am I already infected by spyware, so if I try to do something funny, that "attacker" will hack me or something?

 

I need your help ASAP!!! 

 

 

 



BC AdBot (Login to Remove)

 


#2 MillardPrograms

MillardPrograms

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 12 October 2014 - 08:57 PM

The guy is most likely bluffing. If you want to protect your info, first download http://www.bleepingcomputer.com/download/zemana-antilogger-free/ and then change your Google+/Email password. Have you downloaded anything recently? He probably infected you with a RAT - Remote Administration Tool, a basic tool which is hidden in Exe's torrents, and exe's spoofed to look like other types of files. This is not spyware, but just to be safe, once you've changed your passwords, run some scans. If you need anything else PM me with your TeamViewer ID. 

RATters are  almost all Script Kiddy noobs, and I doubt this kid is any different. In fact, he's probably some 12 year old using DarkComet (DarkComet sucks... He will probably lose connection to you in a couple of hours anyway). 



#3 maske3344

maske3344
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 12 October 2014 - 09:24 PM

Do I have to change my password permanently? Or can I return to my old password after everyhing's clear?

I did download something that had virus..... :( YT Downloader virus...I am scanning right now, and Anvi Smart Defender found Trojan.DNSChanger.aho.

Is this a separate matter?

 

Thank you for your quick reply by the way. I appreciate it.



#4 MillardPrograms

MillardPrograms

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 12 October 2014 - 09:30 PM

Do I have to change my password permanently? Or can I return to my old password after everyhing's clear?

I did download something that had virus..... :( YT Downloader virus...I am scanning right now, and Anvi Smart Defender found Trojan.DNSChanger.aho.

Is this a separate matter?

 

Thank you for your quick reply by the way. I appreciate it.

No, this is most likely not a separate matter. I'm afraid it would be wise to keep your password changed if you have logged on to Google+, or attempted to.

Either way, although this is still Script Kiddy-ish, this guy is not a DarkComet noob. Clean up your computer with Malware Bytes and possibly some other Anti-Malwares. Report back. But, because it is only a Trojan, it may be easier to remove. DO NOT LOG ON TO ANYTHING IF YOU DON'T HAVE THE KEY ENCRYPTER ENABLED!



#5 maske3344

maske3344
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 12 October 2014 - 09:47 PM

well...About the Malware Bytes...it doesn't open. It shuts down whenever I want to scan my computer, saying that there has been an error, so Malware Btytes going to shut down. I tried to fix this problem by reading other forums, but they didn't help.

Sry, I have lots of problems with my computer. About six months ago, I had more than 100 spyware (yeah, I was very stupid enough to download bunch of free stuff that had multiple viruses). It was bleepingcomputer guys that help me fix almost all of the problems.

 

 

P.S. I checked G+ just now, pressed Share button, and it work. I am guessing that you are right about the hacker being Kiddy-ish.



#6 MillardPrograms

MillardPrograms

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 12 October 2014 - 09:49 PM

Good that it's cleared up, but the fact that Malware Bytes isn't running isn't good. Try running it in one of the Chameleon Mode's



#7 maske3344

maske3344
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 12 October 2014 - 10:07 PM

Chameleon Mode doesn't work either. The report says that it cannot run Malware Bytes because there's an error.



#8 MillardPrograms

MillardPrograms

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 12 October 2014 - 10:12 PM

If none of the Chameleon's are working then your probably good. 
From this point forward, I deem you clean. 

If anything else shows up, tell me. Also, keep that key encrypter enabled.



#9 maske3344

maske3344
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 12 October 2014 - 10:13 PM

How do I keep the key encrypter enabled?



#10 MillardPrograms

MillardPrograms

  • Banned
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 12 October 2014 - 10:18 PM

How do I keep the key encrypter enabled?

Basically just don't uninstall it, haha. It's good in case situations like this arise. It's often too late when you find out you have a Trojan/RAT and you've already entered a password. The key encrypter simply stops it before you find out. 



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:46 AM

Posted 13 October 2014 - 03:19 AM

@ maske3344,

If Malwarebytes Anti-Malware will not open, then you generally do have a problem.

 

I do not understand why MillardPrograms is saying these things to you, but it shows they have NO EXPERIENCE in Malware Removal.

Please ignore ALL of what they have posted to you, and NEVER take any notice of their ideas.

 

 

Please follow these directions and we will try to find what your problems are.

Please download these programs to Desktop, and Copy and Paste any of the logs

 

 

:step1:  Download Screen317 Security Check from Here or Here and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please Copy/Paste the contents of that document.
NOTE:: If any security program requests permission to access the Internet, allow it to
NOTE. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message, restart computer and Security Check should run

If the program will still not run, please move to the next program.

 

 

:step2:  Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:

  • List content of Hosts
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)

 

 

 

:step3:  Please download and run RKill by Grinler.
 A black DOS box will appear for a short time and then disappear.
 This is normal and indicates the tool ran successfully.
 At most the tool will usually run for about 2 minutes
 Please Copy / Paste the small log back here.


Important: Do not reboot your computer until you complete the next step.


:step4: * NOW :
 Please download AdwCleaner by Xplode and save to your Desktop.
 * Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
 * Click on the Scan button only once to ensure a correct reading
 * AdwCleaner will begin...be patient as the scan may take some time to complete.
 * After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Check the removals and see if you are OK with the list.
 * Now
 * Click on the Clean button only once to ensure a correct reading
 * Press OK when asked to close all programs and follow the onscreen prompts.
 * Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
 * After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 * Copy and Paste the contents of that logfile in your next reply.
* A copy of all logfiles are also saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

Last  :step5:  - Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Full Directions Here (only Copy / Paste the link)

 

 

From here we may be able to find a few of your problems.

 

Thank You -


Edited by noknojon, 13 October 2014 - 03:43 AM.


#12 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:02:46 PM

Posted 13 October 2014 - 09:07 AM

From this point forward, I deem you clean.

 
Noknojon is correct about MillardPrograms and his so-called malware removal "help".
 
No scans and logs were requested. Without those logs there is no way to know if your system is clean.
 
Please follow the directions given by Noknojon, who has proven track record when it comes to cleaning infected systems.

MillardPrograms also suggests helping you remotely using Teamviewer.

DO NOT TAKE HIM UP ON HIS OFFER.
Due to several issues, one being liability, since the contact took place here we cannot support the process of remote assistance. We have no way of gauging the competency of those who offer the remote help. This is not to say I doubt your sincerity, or ability. This means that if we allow it, how can we be assured that each and every one who would offer are competent and trustworthy. It becomes a matter of acting in the best interests of our members security and safety. We have no control of the content of help being offered remotely. We do have full control over quality and safety of the content shared on the forums. Add to that we all learn when a thread is posted for others to learn from which does not happen privately with remote assistance.

Edited by Queen-Evie, 13 October 2014 - 09:31 AM.


#13 maske3344

maske3344
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 13 October 2014 - 09:24 PM

Thank you for the right directions :)

 

Log for Screen317 Security Check:

 

 Results of screen317's Security Check version 0.99.88  

 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
V3 Lite                         
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Google Chrome 35.0.1916.153  
 Google Chrome 38.0.2125.101  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Anvisoft Anvi Smart Defender ASD2.exe  
 Anvisoft Anvi Smart Defender ASD2Srv.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
 
 
MiniToolBox Log (it's in Korean.....should I put the translation?):
 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by 구정애 (administrator) on 13-10-2014 at 21:03:16
Running from "C:\Users\구정애\Videos"
Microsoft Windows 7 Enterprise K  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP ����
 
DNS Ȯ���� ij�ø� �÷����߽��ϴ�.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
Hosts file not detected in the default directory
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/13/2014 08:42:09 PM) (Source: Application Error) (User: )
Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532
오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e
예외 코드: 0x40000015
오류 오프셋: 0x0008d6fd
오류 있는 프로세스 ID: 0x1224
오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0
오류 있는 응용 프로그램 경로: mbam.exe1
오류 있는 모듈 경로: mbam.exe2
보고서 ID: mbam.exe3
 
Error: (10/13/2014 06:29:04 PM) (Source: Application Error) (User: )
Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532
오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e
예외 코드: 0x40000015
오류 오프셋: 0x0008d6fd
오류 있는 프로세스 ID: 0x124c
오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0
오류 있는 응용 프로그램 경로: mbam.exe1
오류 있는 모듈 경로: mbam.exe2
보고서 ID: mbam.exe3
 
Error: (10/13/2014 05:33:10 PM) (Source: Application Error) (User: )
Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532
오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e
예외 코드: 0x40000015
오류 오프셋: 0x0008d6fd
오류 있는 프로세스 ID: 0x12d0
오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0
오류 있는 응용 프로그램 경로: mbam.exe1
오류 있는 모듈 경로: mbam.exe2
보고서 ID: mbam.exe3
 
Error: (10/13/2014 03:28:11 AM) (Source: Application Error) (User: )
Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532
오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e
예외 코드: 0x40000015
오류 오프셋: 0x0008d6fd
오류 있는 프로세스 ID: 0x760
오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0
오류 있는 응용 프로그램 경로: mbam.exe1
오류 있는 모듈 경로: mbam.exe2
보고서 ID: mbam.exe3
 
Error: (10/13/2014 02:22:35 AM) (Source: Application Error) (User: )
Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532
오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e
예외 코드: 0x40000015
오류 오프셋: 0x0008d6fd
오류 있는 프로세스 ID: 0x678
오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0
오류 있는 응용 프로그램 경로: mbam.exe1
오류 있는 모듈 경로: mbam.exe2
보고서 ID: mbam.exe3
 
Error: (10/13/2014 01:36:24 AM) (Source: Application Error) (User: )
Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532
오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e
예외 코드: 0x40000015
오류 오프셋: 0x0008d6fd
오류 있는 프로세스 ID: 0x12f0
오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0
오류 있는 응용 프로그램 경로: mbam.exe1
오류 있는 모듈 경로: mbam.exe2
보고서 ID: mbam.exe3
 
Error: (10/13/2014 00:45:10 AM) (Source: Application Error) (User: )
Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532
오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e
예외 코드: 0x40000015
오류 오프셋: 0x0008d6fd
오류 있는 프로세스 ID: 0xe18
오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0
오류 있는 응용 프로그램 경로: mbam.exe1
오류 있는 모듈 경로: mbam.exe2
보고서 ID: mbam.exe3
 
Error: (10/12/2014 11:52:18 PM) (Source: Application Error) (User: )
Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532
오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e
예외 코드: 0x40000015
오류 오프셋: 0x0008d6fd
오류 있는 프로세스 ID: 0xd08
오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0
오류 있는 응용 프로그램 경로: mbam.exe1
오류 있는 모듈 경로: mbam.exe2
보고서 ID: mbam.exe3
 
Error: (10/12/2014 11:05:48 PM) (Source: Application Error) (User: )
Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532
오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e
예외 코드: 0x40000015
오류 오프셋: 0x0008d6fd
오류 있는 프로세스 ID: 0x73c
오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0
오류 있는 응용 프로그램 경로: mbam.exe1
오류 있는 모듈 경로: mbam.exe2
보고서 ID: mbam.exe3
 
Error: (10/12/2014 10:12:56 PM) (Source: Application Error) (User: )
Description: 오류 있는 응용 프로그램 이름: mbam.exe, 버전: 1.0.0.532, 타임스탬프: 0x53518532
오류 있는 모듈 이름: MSVCR100.dll, 버전: 10.0.40219.325, 타임스탬프: 0x4df2be1e
예외 코드: 0x40000015
오류 오프셋: 0x0008d6fd
오류 있는 프로세스 ID: 0x1254
오류 있는 응용 프로그램 시작 시간: 0xmbam.exe0
오류 있는 응용 프로그램 경로: mbam.exe1
오류 있는 모듈 경로: mbam.exe2
보고서 ID: mbam.exe3
 
 
System errors:
=============
Error: (10/13/2014 08:30:00 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (10/13/2014 08:30:00 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (10/13/2014 08:29:55 PM) (Source: Service Control Manager) (User: )
Description: 다음의 부팅-시작 또는 시스템-시작 드라이버를 로드하지 못했습니다. 
ATamptNt_V3LITE30
 
Error: (10/13/2014 08:29:55 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (10/13/2014 08:29:42 PM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (10/13/2014 08:29:42 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (10/13/2014 05:04:28 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.                                             
 
Error: (10/13/2014 05:04:28 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (10/13/2014 05:04:28 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
Error: (10/13/2014 05:04:28 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: 로컬 호스트 파일을 읽는 동안 오류가 발생했습니다.
 
 
Microsoft Office Sessions:
=========================
Error: (10/13/2014 08:42:09 PM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd122401cfe7500e87566eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll4f784c9c-5343-11e4-86a0-0024e822ba67
 
Error: (10/13/2014 06:29:04 PM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd124c01cfe73d75f6cd64C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllb7d0c5b6-5330-11e4-8cea-0024e822ba67
 
Error: (10/13/2014 05:33:10 PM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd12d001cfe735a413ef6cC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlle85c5439-5328-11e4-8cea-0024e822ba67
 
Error: (10/13/2014 03:28:11 AM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd76001cfe6bf97f10310C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlldd8eea6b-52b2-11e4-879b-0024e822ba67
 
Error: (10/13/2014 02:22:35 AM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd67801cfe6b66fd202d6C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllb3d60ce3-52a9-11e4-879b-0024e822ba67
 
Error: (10/13/2014 01:36:24 AM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd12f001cfe6affbe9464eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll3ffedcb0-52a3-11e4-879b-0024e822ba67
 
Error: (10/13/2014 00:45:10 AM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fde1801cfe6a8d5ffdbe1C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll17ea0247-529c-11e4-9a5d-0024e822ba67
 
Error: (10/12/2014 11:52:18 PM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd0801cfe6a170d440c5C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllb4d19443-5294-11e4-9a5d-0024e822ba67
 
Error: (10/12/2014 11:05:48 PM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd73c01cfe69adc78b639C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll36545e70-528e-11e4-9a5d-0024e822ba67
 
Error: (10/12/2014 10:12:56 PM) (Source: Application Error)(User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd125401cfe6938fb93e11C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlld340e985-5286-11e4-870c-0024e822ba67
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-20 11:59:49.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-20 11:59:48.560
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-20 11:59:47.245
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-20 11:59:46.644
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-20 11:58:52.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-20 11:58:51.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-20 11:58:34.021
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-20 11:58:33.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-s..rics-storageadapter_31bf3856ad364e35_6.1.7600.16385_none_d67ca3c3b6af653e\winbiostorageadapter.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-20 11:09:13.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_59537a3710696511\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-20 11:09:13.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old.000\Windows\winsxs\x86_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_59537a3710696511\appid.sys because the set of per-page image hashes could not be found on the system.
 
 
 
=========================== Installed Programs ============================
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Korean (HKLM-x32\...\{AC76BA86-7AD7-1042-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Aegisub 3.2.1 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.1 - Aegisub Team)
AntiLogger Free version 1.7.2.390 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.7.2.390 - Zemana Ltd.)
Anvi Smart Defender 2.2 (HKLM-x32\...\Anvi Smart Defender) (Version: 2.2 - Anvisoft)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple 응용 프로그램 지원 (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)
Camtasia Studio 8 (HKLM-x32\...\{765AD29A-7EF5-4456-8F6F-83467E52AB52}) (Version: 8.4.3.1792 - TechSmith Corporation)
Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
CodeBlocks (HKCU\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
ColorDirector (Version: 2.0 - CyberLink Corp.) Hidden
Contents64 (Version: 17.0.0.249 - Corel Corporation) Hidden
CyberLink AudioDirector 4 (x32 Version: 4.0.3522.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2215 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2215 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Edirol HQ Orchestral v1.01 (HKLM-x32\...\Edirol HQ Orchestral v1.01) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
ICA (x32 Version: 17.0.0.249 - Corel Corporation) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
IPM_VS_Pro64 (Version: 17.0 - Corel Corporation) Hidden
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
LoiLoScope 2 (HKLM-x32\...\{CAB75FFC-2377-4B95-A8FA-C9234B812A92}_is1) (Version: 2.5.3.2 - LoiLo inc)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.11 - www.leaguereplays.com)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (KOR) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1(한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MK LOL (HKCU\...\MK LOL) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
MWSnap 3 (HKLM-x32\...\MWSnap 3) (Version: 3.0.0.74 - Mirek Wojtowicz)
MyPaint 1.0.0 (HKCU\...\MyPaint) (Version: 1.0.0 - Martin Renold & MyPaint Development Team)
Newblue Art Effects for PowerDirector (HKLM\...\NewBlue Art Effects for PowerDirector) (Version: 2.0 - NewBlue)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Orchestral VST (HKLM-x32\...\{77832A71-8657-46D1-89BC-630243926C9A}) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PowerDirector (Version: 11.0 - 회사명) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Setup (x32 Version: 17.0.0.249 - Corel Corporation) Hidden
Share64 (Version: 17.0.0.249 - Corel Corporation) Hidden
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{5210717F-CAFD-4F21-8DF7-6ED3862725C4}) (Version: 12.1.0 - Red Giant Software)
Trapcode Suite 64-bit (Version: 12.1.0 - Red Giant Software) Hidden
V3 Lite (HKLM\...\{5FC548FC_0888_4832_B037_835C34A0B599}) (Version: 3.1.4.314 - AhnLab, Inc.)
Vocaloid3 Free Edition v3.0.5.0 third release (HKLM-x32\...\Vocaloid3 Free Edition v3.0.5.0 third release_is1) (Version: Vocaloid3 Free Edition v3.0.5.0 third release - )
VSClassic64 (Version: 17.0.0.249 - Corel Corporation) Hidden
VSDC Free Video Converter version 2.4.5.276 (HKLM-x32\...\VSDC Free Video Converter_is1) (Version: 2.4.5.276 - Flash-Integro LLC)
VSDC Free Video Editor version 2.2.0.310 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.2.0.310 - Flash-Integro LLC)
VSPro64 (Version: 17.0.0.249 - Corel Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live 필수 패키지 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
네이트온 (HKLM-x32\...\{697E41EA-AEBE-4B5F-884E-87B5CD6C70AC}) (Version:  - )
사진 갤러리 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
 
========================= Memory info: ===================================
 
Percentage of memory in use: 71%
Total physical RAM: 4095.12 MB
Available physical RAM: 1161.14 MB
Total Pagefile: 8188.41 MB
Available Pagefile: 4123.45 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.76 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:465.73 GB) (Free:85.01 GB) NTFS
2 Drive d: () (Fixed) (Total:465.74 GB) (Free:0.01 GB) NTFS
 
========================= Users: ========================================
 
\\구정애-PC에 대한 사용자 계정
 
Administrator            Guest                    구정애                   
명령을 잘 실행했습니다.
 
 
**** End of log ****
 

 

 

RKill Log:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/13/2014 09:05:19 PM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 10/13/2014 09:07:26 PM
Execution time: 0 hours(s), 2 minute(s), and 6 seconds(s)
 
 
 
 
AdwCleaner Log:
 
 

# AdwCleaner v4.000 - Report created 13/10/2014 at 21:13:09
# Updated 12/10/2014 by Xplode
# Database : 2014-10-13.5
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : 구정애 - 구정애-PC
# Running from : C:\Users\구정애\Videos\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\구정애\AppData\Local\CRE\cepjofekolhpdankoembdgfbpehkfkjm.crx
File Found : C:\Users\구정애\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal
File Found : C:\Users\구정애\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\구정애\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\구정애\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\구정애\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Found : C:\Windows\Reimage.ini
Folder Found : C:\Program Files (x86)\MSR
Folder Found : C:\Program Files (x86)\NCH Software
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\YTDownloader
Folder Found : C:\Program Files\FreeFixer
Folder Found : C:\ProgramData\BitSAVEr
Folder Found : C:\ProgramData\ExstraSavings
Folder Found : C:\ProgramData\ExstraSavings
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\pastaleads
Folder Found : C:\ProgramData\UpdateCommon
Folder Found : C:\Users\구정애\AppData\Local\FreeFixer
Folder Found : C:\Users\구정애\AppData\Local\fst_us_139
Folder Found : C:\Users\구정애\AppData\Local\Genesis_07240330
Folder Found : C:\Users\구정애\AppData\Roaming\FreeFixer
Folder Found : C:\Users\구정애\AppData\Roaming\GetPrivate
Folder Found : C:\Users\구정애\AppData\Roaming\LookThisUp
Folder Found : C:\Users\구정애\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
Folder Found : C:\Users\구정애\AppData\Roaming\NCH Software
Folder Found : C:\Users\구정애\AppData\Roaming\Oxy
Folder Found : C:\Users\구정애\AppData\Roaming\Probit Software
Folder Found : C:\Users\구정애\AppData\Roaming\serv
 
***** [ Scheduled Tasks ] *****
 
Task Found : BackgroundContainer Startup Task
Task Found : Dealply
Task Found : FreeFixer background scan
Task Found : SMupdate1
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\Re_Markit
Key Found : HKCU\Software\Escolade
Key Found : HKCU\Software\genesis
Key Found : HKCU\Software\Google\Chrome\Extensions\cepjofekolhpdankoembdgfbpehkfkjm
Key Found : HKCU\Software\Google\Chrome\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easylifeapp.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKCU\Software\Reimage
Key Found : [x64] HKCU\Software\Escolade
Key Found : [x64] HKCU\Software\genesis
Key Found : [x64] HKCU\Software\Reimage
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\DF917BEA0BDE9E345B42099FC7E14699
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\DF917BEA0BDE9E345B42099FC7E14699
Key Found : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCEE70C6-FA43-4B67-A889-80AF260D2435}
Key Found : HKLM\SOFTWARE\FrEeSoFtOdAy
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cepjofekolhpdankoembdgfbpehkfkjm
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
Key Found : HKLM\SOFTWARE\Linkey
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AEB719FD-EDB0-43E9-B524-90F97C1E6499}
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF917BEA0BDE9E345B42099FC7E14699
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v38.0.2125.101
 
 
*************************
 
AdwCleaner[R3].txt - [5233 octets] - [13/10/2014 21:13:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [5293 octets] ##########
 

 

 

 

 

There has been nothing discovered by AdwCleaner so far. And what do I snapshot with Speccy?



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:46 AM

Posted 13 October 2014 - 10:56 PM

>> MiniToolBox Log (it's in Korean.....should I put the translation?): <<< Yes please,

The forum is generally conducted in English, so please try to respond as much as you can in English language.

 

Often a small error is mistaken if the translation is not correct ..........

 

Thank you.

 

 

Sorry about "MillardPrograms" yesterday, as he was a rogue who has now been banned ........



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:46 AM

Posted 13 October 2014 - 11:18 PM

First -

I do see quite a lot of Bad Programs in the AdwCleaner log you posted, so I would run the CLEAN Scan to remove them. Below are just a few of the problem programs that need revoving.

YTDownloader

FreeFixer

BitSAVEr

ExstraSavings

ExstraSavings

NCH Software

Probit Software

 

After you do, please try to Update and run Malwarebytes Anti-Malware again (if you have the Korean translation version).

 

And what do I snapshot with Speccy? << If you can follow the directions, it will show you how to post that Link back here .....






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users