Recently my relative visited my home and use the computer.
That time, I didn't stay home but he told me there is a virus in the computer.
The problem is, I was outside and he [relative] clicked "Ok" when pop up showed up.
As a result, I am nout sure if my computer is safe or not.
So, I am posting my log today.
The First :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by user (administrator) on USER-PC (24-04-2016 19:42:50)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: 한국어(대한민국)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(SOFTFORUM) C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\StSess.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(EFM Networks) C:\Users\user\AppData\Local\ipTIME\ipTIME_Upgrade_Notification\ipTIME_Upgrade_Notification.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe
(SOFTFORUM) C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\AnySign4PC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(MarkAny) C:\Windows\ImageSAFERSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(INNORIX) C:\Program Files (x86)\INNORIX\common\innosvc7.exe
(NAVER Corp.) C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X86.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Teruten) C:\Windows\SysWOW64\TUCTLSystem.exe
() C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe
(우리은행) C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\Nz32\StSess32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 **D�<*>] => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Run: [IME14 KOR Setup] => C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110776 2015-10-13] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-04-08] (COMODO)
HKLM\...\Run: [AhnLab Safe Transaction Application] => C:\Program Files\AhnLab\Safe Transaction\stsess.exe [4017848 2016-04-11] (AhnLab, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-12-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5695296 2011-01-17] (Acronis)
HKLM-x32\...\Run: [IME14 KOR Setup] => C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81080 2015-10-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-23] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [wizvera-veraport] => C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe [1413352 2015-12-10] (WIZVERA)
HKLM-x32\...\Run: [AnySign4PC] => C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PC.exe [2382144 2015-12-10] (SOFTFORUM)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-12-19] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-21] (Oracle Corporation)
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Run: [ipTIME_Upgrade_Notification] => C:\Users\user\AppData\Local\ipTIME\ipTIME_Upgrade_Notification\ipTIME_Upgrade_Notification.exe [1133296 2016-02-07] (EFM Networks)
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-23] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{2329FCF1-CEA7-43B7-B585-E4E5E1740705}: [DhcpNameServer] 210.220.163.82 219.250.36.130
Internet Explorer:
==================
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://naver.com/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-23] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-23] (AVAST Software)
BHO-x32: Triangle Trail -> {aeef4389-6327-45e5-9552-021c0f5aef2d} -> C:\Program Files (x86)\Triangle Trail\Extensions\aeef4389-6327-45e5-9552-021c0f5aef2d.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000 -> is enabled.
DPF: HKLM-x32 {063F7D71-5E0B-48F2-87D5-F63C5917947E} hxxps://secwebclinic.ahnlab.com/aos/plugin/aosmgr.cab
DPF: HKLM-x32 {1c0ac0ca-0ffa-5798-98eb-b4c11f0bc8f9} ${CAB_URL}
DPF: HKLM-x32 {1CBDCD5A-18EE-4CCA-9AEA-93D5D27E310B} hxxps://supdate.nprotect.net/nprotect2007/keycrypt/choiyh/140521/npkfxx_14042901.cab
DPF: HKLM-x32 {406FDD84-AA88-4BE6-AEF3-5BD7D6499985} hxxp://safer.skbroadband.com/WRoicX/rioInstallX.cab
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Program Files (x86)\INCAInternet\nProtect Online Security\raon\TouchEnKey_Installer_32bit.exe
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E42F7FEB-DE20-43F4-A342-47F1DA77F667} hxxps://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.3.cab
DPF: HKLM-x32 {FA550500-1012-4D36-BB9E-E9B02B88FE99} hxxp://yebigun1.mil.kr/MAWS_MMASJ/bin/MAOnFPS_MMASJ.cab
Handler-x32: crosswebex - {d03424de-4f7e-11e5-a44a-005056c00008} - C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.752\CrossEXProtocol.dll [2015-08-31] (iniLINE Co., Ltd.)
Handler-x32: touchenex - {74f917de-707e-11e5-80c3-005056c00008} - C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.774\CrossEXProtocol.dll [2015-10-12] (iniLINE Co., Ltd.)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: innorix.com/InnoGMP -> C:\Program Files\INNORIX\npinnogmp7.dll [2015-02-11] (INNORIX)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_584\npaosmgr.dll [2016-03-21] (AhnLab, Inc.)
FF Plugin-x32: @clipsoft.com/rexpert30 -> C:\Program Files (x86)\clipsoft\rexpert30\bin\viewer\nprexpert3.0.plugin.dll [2015-07-31] ( )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @initech.com/moasign_s -> C:\Program Files (x86)\INITECH\INISAFE MoaSignS\npMoasignMime.dll [2015-12-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @markany.com/npMAOnFPS_MultiBrowser2 -> C:\Users\user\AppData\Local\MarkAny\npMAOnFPS_MultiBrowser2.dll [2012-12-31] (MarkAny)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-28] (NVIDIA Corporation)
FF Plugin-x32: @softforum.com/npKeyPro -> C:\windows\system32\npKeyPro.dll [No File]
FF Plugin-x32: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2015-10-25] (Softforum Co., LTD.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2015-12-10] ()
FF Plugin-x32: crosswebex@iniline.com/npCrossEXPlugin -> C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.752\npinilinecrosswebex.dll [2015-08-31] (iniLINE Co., Ltd.)
FF Plugin-x32: innorix.com/InnoGMP -> C:\Program Files (x86)\INNORIX\npinnogmp7.dll [2015-02-11] (INNORIX)
FF Plugin-x32: touchenex@raon.com/npCrossEXPlugin -> C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.774\npraontouchenex.dll [2015-10-12] (iniLINE Co., Ltd.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @initech.com/moasign_s -> C:\Program Files (x86)\INITECH\INISAFE MoaSignS\npMoasignMime.dll [2015-12-10] ()
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @initech.com/npSandBox -> C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.10056.dll [2015-05-26] (Initech Co., Ltd.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2015-10-25] (Softforum Co., LTD.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: naver.com/NaverMultiTrackPlugin -> C:\windows\Downloaded Program Files\npNaverMultiTrackPlugin.dll [2016-01-08] (NAVER)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-10-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-23]
FF HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Firefox\Extensions: [npSandBox@initech.com] - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi
FF Extension: INISAFE SandBox - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi [2015-05-26] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "chrome://newtab/","hxxps://www.google.co.kr/search?q=chrome+%ED%99%88%ED%8E%98%EC%9D%B4%EC%A7%80+%EC%84%A4%EC%A0%95&aq=0&oq=chrome+%ED%99%88&aqs=chrome.3.57j60l2j0.5137j0&sourceid=chrome&ie=UTF-8","hxxp://support.google.com/chrome/bin/answer.py?hl=ko&answer=95314","hxxp://support.google.com/chrome/bin/answer.py?hl=ko&answer=95421"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google 슬라이드) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-22]
CHR Extension: (Google 문서도구) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-22]
CHR Extension: (Google 드라이브) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google 시트) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-22]
CHR Extension: (Google 문서 오프라인) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Kiwi IRC) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\malkpgopfalejggcogglkiemcknbiphe [2015-10-22]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2015-12-14]
CHR Extension: (Chrome 웹 스토어 결제) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-23]
That time, I didn't stay home but he told me there is a virus in the computer.
The problem is, I was outside and he [relative] clicked "Ok" when pop up showed up.
As a result, I am nout sure if my computer is safe or not.
So, I am posting my log today.
The First :
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by user (administrator) on USER-PC (24-04-2016 19:42:50)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: 한국어(대한민국)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(SOFTFORUM) C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\StSess.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(EFM Networks) C:\Users\user\AppData\Local\ipTIME\ipTIME_Upgrade_Notification\ipTIME_Upgrade_Notification.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe
(SOFTFORUM) C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\AnySign4PC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(MarkAny) C:\Windows\ImageSAFERSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(INNORIX) C:\Program Files (x86)\INNORIX\common\innosvc7.exe
(NAVER Corp.) C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X86.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Teruten) C:\Windows\SysWOW64\TUCTLSystem.exe
() C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe
(우리은행) C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\Nz32\StSess32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 **D�<*>] => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Run: [IME14 KOR Setup] => C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110776 2015-10-13] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-04-08] (COMODO)
HKLM\...\Run: [AhnLab Safe Transaction Application] => C:\Program Files\AhnLab\Safe Transaction\stsess.exe [4017848 2016-04-11] (AhnLab, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-12-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5695296 2011-01-17] (Acronis)
HKLM-x32\...\Run: [IME14 KOR Setup] => C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81080 2015-10-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-23] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [wizvera-veraport] => C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe [1413352 2015-12-10] (WIZVERA)
HKLM-x32\...\Run: [AnySign4PC] => C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PC.exe [2382144 2015-12-10] (SOFTFORUM)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-12-19] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-21] (Oracle Corporation)
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Run: [ipTIME_Upgrade_Notification] => C:\Users\user\AppData\Local\ipTIME\ipTIME_Upgrade_Notification\ipTIME_Upgrade_Notification.exe [1133296 2016-02-07] (EFM Networks)
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-23] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{2329FCF1-CEA7-43B7-B585-E4E5E1740705}: [DhcpNameServer] 210.220.163.82 219.250.36.130
Internet Explorer:
==================
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://naver.com/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-23] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-23] (AVAST Software)
BHO-x32: Triangle Trail -> {aeef4389-6327-45e5-9552-021c0f5aef2d} -> C:\Program Files (x86)\Triangle Trail\Extensions\aeef4389-6327-45e5-9552-021c0f5aef2d.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000 -> is enabled.
DPF: HKLM-x32 {063F7D71-5E0B-48F2-87D5-F63C5917947E} hxxps://secwebclinic.ahnlab.com/aos/plugin/aosmgr.cab
DPF: HKLM-x32 {1c0ac0ca-0ffa-5798-98eb-b4c11f0bc8f9} ${CAB_URL}
DPF: HKLM-x32 {1CBDCD5A-18EE-4CCA-9AEA-93D5D27E310B} hxxps://supdate.nprotect.net/nprotect2007/keycrypt/choiyh/140521/npkfxx_14042901.cab
DPF: HKLM-x32 {406FDD84-AA88-4BE6-AEF3-5BD7D6499985} hxxp://safer.skbroadband.com/WRoicX/rioInstallX.cab
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Program Files (x86)\INCAInternet\nProtect Online Security\raon\TouchEnKey_Installer_32bit.exe
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E42F7FEB-DE20-43F4-A342-47F1DA77F667} hxxps://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.3.cab
DPF: HKLM-x32 {FA550500-1012-4D36-BB9E-E9B02B88FE99} hxxp://yebigun1.mil.kr/MAWS_MMASJ/bin/MAOnFPS_MMASJ.cab
Handler-x32: crosswebex - {d03424de-4f7e-11e5-a44a-005056c00008} - C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.752\CrossEXProtocol.dll [2015-08-31] (iniLINE Co., Ltd.)
Handler-x32: touchenex - {74f917de-707e-11e5-80c3-005056c00008} - C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.774\CrossEXProtocol.dll [2015-10-12] (iniLINE Co., Ltd.)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: innorix.com/InnoGMP -> C:\Program Files\INNORIX\npinnogmp7.dll [2015-02-11] (INNORIX)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_584\npaosmgr.dll [2016-03-21] (AhnLab, Inc.)
FF Plugin-x32: @clipsoft.com/rexpert30 -> C:\Program Files (x86)\clipsoft\rexpert30\bin\viewer\nprexpert3.0.plugin.dll [2015-07-31] ( )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @initech.com/moasign_s -> C:\Program Files (x86)\INITECH\INISAFE MoaSignS\npMoasignMime.dll [2015-12-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @markany.com/npMAOnFPS_MultiBrowser2 -> C:\Users\user\AppData\Local\MarkAny\npMAOnFPS_MultiBrowser2.dll [2012-12-31] (MarkAny)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-28] (NVIDIA Corporation)
FF Plugin-x32: @softforum.com/npKeyPro -> C:\windows\system32\npKeyPro.dll [No File]
FF Plugin-x32: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2015-10-25] (Softforum Co., LTD.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2015-12-10] ()
FF Plugin-x32: crosswebex@iniline.com/npCrossEXPlugin -> C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.752\npinilinecrosswebex.dll [2015-08-31] (iniLINE Co., Ltd.)
FF Plugin-x32: innorix.com/InnoGMP -> C:\Program Files (x86)\INNORIX\npinnogmp7.dll [2015-02-11] (INNORIX)
FF Plugin-x32: touchenex@raon.com/npCrossEXPlugin -> C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.774\npraontouchenex.dll [2015-10-12] (iniLINE Co., Ltd.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @initech.com/moasign_s -> C:\Program Files (x86)\INITECH\INISAFE MoaSignS\npMoasignMime.dll [2015-12-10] ()
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @initech.com/npSandBox -> C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.10056.dll [2015-05-26] (Initech Co., Ltd.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2015-10-25] (Softforum Co., LTD.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: naver.com/NaverMultiTrackPlugin -> C:\windows\Downloaded Program Files\npNaverMultiTrackPlugin.dll [2016-01-08] (NAVER)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-10-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-23]
FF HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Firefox\Extensions: [npSandBox@initech.com] - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi
FF Extension: INISAFE SandBox - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi [2015-05-26] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "chrome://newtab/","hxxps://www.google.co.kr/search?q=chrome+%ED%99%88%ED%8E%98%EC%9D%B4%EC%A7%80+%EC%84%A4%EC%A0%95&aq=0&oq=chrome+%ED%99%88&aqs=chrome.3.57j60l2j0.5137j0&sourceid=chrome&ie=UTF-8","hxxp://support.google.com/chrome/bin/answer.py?hl=ko&answer=95314","hxxp://support.google.com/chrome/bin/answer.py?hl=ko&answer=95421"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google 슬라이드) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-22]
CHR Extension: (Google 문서도구) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-22]
CHR Extension: (Google 드라이브) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google 시트) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-22]
CHR Extension: (Google 문서 오프라인) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Kiwi IRC) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\malkpgopfalejggcogglkiemcknbiphe [2015-10-22]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2015-12-14]
CHR Extension: (Chrome 웹 스토어 결제) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-23]