Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my computer got virus [Closed]


  • This topic is locked This topic is locked

#1
kimminji

kimminji

    New Member

  • Member
  • Pip
  • 1 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01
Ran by Administrator (administrator) on MSDN-SPECIAL (29-09-2015 11:35:10)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows 7 Ultimate K  Service Pack 1 (X86) Language: 한국어(대한민국)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESTsoft Corp) C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye
(ESTsoft Corp) C:\Program Files\ESTsoft\ALYac\AYAgent.aye
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Daum Kakao Corp. ) C:\Users\Administrator\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Reset) C:\Users\Administrator\AppData\Roaming\Reset\reset.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Gretech Corp.) C:\Program Files\GRETECH\GomHelper\GomHelperSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE
(INNORIX) C:\Program Files\INNORIX\common\innosvc7.exe
Failed to access process -> nossvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
Failed to access process -> nosstarter.npe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ESTsoft Corp) C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye
(Daum Kakao Corp. ) C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ALYac] => C:\Program Files\ESTsoft\ALYac\AYLaunch.exe [249152 2015-07-29] (ESTsoft Corp)
HKLM\...\Run: [ProcessClean] => "C:\Program Files\ProcessClean\ProcessClean.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ALToolBar] => C:\Program Files\ESTsoft\ALToolBar\atbhelper.exe [1212632 2015-02-09] (ESTsoft Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\...\Run: [Reset] => C:\Users\Administrator\AppData\Roaming\Reset\resetagent.exe [333320 2014-12-09] (Reset)
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\...\Run: [Daum Streaming Service] => C:\Users\Administrator\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe [511808 2015-09-08] (Daum Kakao Corp. )
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\...\Run: [NaverAgent] => C:\Program Files\naver\NaverAgent\NaverAgent.exe [1840464 2014-10-24] (NHN Corporation)
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\...\Run: [afreecatvpackage] => C:\Program Files\afreeca\afreecatvpackage.exe [2048064 2015-09-20] ()
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\...\Run: [Between] => C:\Users\Administrator\AppData\Local\Between\couple.exe [284216 2015-02-12] (VCNC)
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\...\Policies\Explorer: []
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-07] (Autodesk, Inc.)
BootExecute: autocheck autochk * bootalyac.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{2616D2A9-E1F6-46E7-B3CF-FD0D98EA781A}: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{B0A3953C-BCD0-4452-B64D-70A0795AA16C}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.pooqoo.co.kr/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1188650637-3751185830-4272639098-500 -> {D09CFF09-A42A-4EDC-9804-E61224F59CA1} URL = hxxp://search.naver.com/search.naver?where=nexearch&sm=ies_hty&query={searchTerms}&ie=utf8
BHO: 네이버 세이프가드 -> {000011A1-74C9-4c7e-9B4E-59B5765CF409} -> c:\program files\naver\navertoolbar\naversafeguard\nsafeguard_2014_12_16_1.dll [2015-07-21] (NAVER Corp.)
BHO: 네이버 툴바 도우미 -> {67C41E9E-2EBF-4F2B-AF74-314F0D793172} -> C:\Program Files\naver\NaverToolbar\NaverTB_4_0_29_296.dll [2015-07-21] (NAVER Corp.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO: ALToolbarBho -> {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} -> C:\Program Files\ESTsoft\ALToolBar\ALToolBar_3600.dll [2015-02-09] (ESTsoft Corp.)
BHO: 확장검색서비스 -> {A14EAA16-CA35-4666-845A-DC084DCDF356} -> C:\Program Files\GRETECH\GomHelper\GomHelper.dll [2014-08-27] (Gretech Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Toolbar: HKLM - ALToolBar - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBar_3600.dll [2015-02-09] (ESTsoft Corp.)
Toolbar: HKLM - 네이버 툴바 - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_4_0_29_296.dll [2015-07-21] (NAVER Corp.)
Toolbar: HKU\S-1-5-21-1188650637-3751185830-4272639098-500 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
DPF: {04931AA4-5D13-442F-AEE8-0F1184002BDD} hxxp://eureka.ewha.ac.kr/eureka/hs/rdViewer/activeX6.0/cab/cxviewer60u.cab
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} hxxp://www.kula.or.kr/tmp/ScriptX.cab
DPF: {1864C9E3-6D7D-46A8-BAE1-EB7C7F4EB961} hxxp://poz3.publog.co.kr/poz30/activex_cab86/ActiveLoader27x86.cab
DPF: {1CBDCD5A-18EE-4CCA-9AEA-93D5D27E310B} hxxps://supdate.nprotect.net/nprotect2007/keycrypt/choiyh/140521/npkfxx_14042901.cab
DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} hxxp://img.kbs.co.kr/AlwaysOn/AlwaysOn.CAB
DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxps://plugin.inicis.com/wallet61/INIwallet61_win8.cab
DPF: {27640517-0513-4D81-A61E-228DC51680F8} hxxps://www.sgic.co.kr/chp/TouchEnFw/TEFW.cab
DPF: {2B2525E4-557F-449C-B337-3742A6EF35EE} hxxps://keris.signgate.com/client/KicaSafe2.cab
DPF: {317BB082-05F5-48C1-A90F-C89174D3BCAB} hxxp://util.knou.ac.kr/bcqre/HardtackWriteNhic.cab
DPF: {3C36DCBE-5CDF-4C35-9D0B-4A1882B2EB0A} hxxps://tx.allatpay.com/component/AllatPayRE.cab
DPF: {40B66BDF-8C2B-45A5-B33C-8BA09ED9D00A} hxxp://dcollection.sogang.ac.kr:8089/ezpdfdrm/ezPDFBookS30.cab
DPF: {47660CBA-279C-4E16-9155-6249F30012AD} hxxps://pgdownload.uplus.co.kr/dacom/IssacWebProCMS_4_3_1_3_LG_UPLUS.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} hxxps://mpi2.uplus.co.kr/XPayMPI/XPayMPI.cab
DPF: {4CAA1AB3-3448-4FE9-8B42-D8E2BC070083} hxxp://appdown.naver.com/naver/cassiod/cab/NVLauncher.cab
DPF: {57CE3D53-D596-49F6-B36B-8F4039E8E02F}
DPF: {63A7D575-8E63-464E-947B-57D5A6773D79} hxxps://supdate.nprotect.net/netizen/card/shinhan/slm/npEfdsWCtrl.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\ADMINI~1\AppData\Local\Temp\tek_ud\TouchEnKey_Installer_32bit_woorikill.exe
DPF: {7A5C041C-33F3-4407-BE96-815D513D149C} hxxp://fl.game.naver.com/ActiveX/LSLuncherAx.cab
DPF: {7A63FEE6-E174-4FBC-A064-875DB95594A6} hxxp://cab.axissoft.gscdn.com/starplayer/starplayer-1.5.10.11.cab
DPF: {7C7190CE-6FB9-4DEE-AE2B-4276BD106CDA} hxxp://www.snaps.kr/app/ActiveX2.5/SPSetup.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} hxxps://www.ei.go.kr/ei/js/XecureObject/xw_install.cab
DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {8E2A904F-FDD7-4086-A49C-834F1C47DC39}
DPF: {95A57FEB-0909-4FEA-B819-63DA7C4D9E1E} hxxp://edu.kyci.or.kr/printmade/165/PrintmadeActiveX.cab
DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} hxxp://platform.nx.com/ActiveX/nxsysinfo.cab
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} hxxp://download.signgate.com/download/2048/ews/ewsinstaller_full.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} hxxps://nice.checkplus.co.kr/common/js/key_protect/kdfense8.cab
DPF: {B1D16D27-B5AC-434D-85D2-9D1CD4C0E018} hxxps://pay.kcp.co.kr/plugin_new/file/KCPPayUX.cab
DPF: {B44935A0-2D44-4699-A8E8-0450C2A80A95} hxxp://poz3.publog.co.kr/poz30/activex_cab/ActiveLoader27.cab
DPF: {B70EA6F1-4C66-4F85-AB4D-CB3B1EB1A341} hxxp://img.shinhan.com/shttp/sphone/11017/INISAFECertClientv1.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_6/DaumActiveX.cab?ver=2,0,1,6
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} hxxps://vbv.shinhancard.com/infovine/VineTransfer.cab
DPF: {C1339348-E262-4F01-9DCD-B162A29C1276} hxxps://pgdownload.uplus.co.kr/dacom/IssacWebProCMS_4_5_0_10_oovi.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {DD8C54E8-9028-4A54-96B9-30761B1F80DF} hxxp://static.kosaf.go.kr/initech/plugin/down/INIS60.cab
DPF: {E42F7FEB-DE20-43F4-A342-47F1DA77F667} hxxp://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.3.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA.cab
DPF: {E8631F4B-4A37-4E60-901C-03634D824B56} hxxp://hes.sen.go.kr/epki/Client/EPKIWCtl.cab
DPF: {F4F4B387-2626-41B5-8A4E-CB94EE757F7D} hxxp://nxweb.dn.nexoncdn.co.kr/ActiveX/ActiveX/NXActiveX_1001.cab
DPF: {FCE6C95E-E454-4A25-A968-847AB0D44F3F} hxxp://www.daekyeong.hs.kr/edu/AxSSEM(3.5.3.4).cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} hxxp://image.software.naver.com/install/NaverAXGuide.cab
Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\Initech\SHTTP\InitechSHTTPInterface.11018.dll [2014-12-04] (© INITECH)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: touchenex - {0d279da2-4656-11e5-9642-005056c00008} - C:\Program Files\RaonSecure\bridge\CrossEX\touchenex\1.0.1.734\CrossEXProtocol.dll [2015-08-19] (iniLINE Co., Ltd.)

FireFox:
========
FF Plugin: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_575\npaosmgr.dll [2015-08-26] (AhnLab, Inc.)
FF Plugin: @ahnlab.com/asp/npmkd25sp -> C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll [2015-07-14] (AhnLab, Inc.)
FF Plugin: @application/x-kicasafe2,version=2.0.1 -> C:\Windows\system32\npKicaSafe2.dll [2014-09-29] (KICA co.,ltd : <Korea Infomation Certificate Authority>)
FF Plugin: @axissoft.co.kr/StarPlayer -> C:\Program Files\Axissoft\StarPlayer\npStarPlayer.dll [2015-03-27] (Axissoft)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @clipsoft.com/rexpert30 -> C:\Program Files\clipsoft\rexpert30\bin\viewer\nprexpert3.0.plugin.dll [2015-03-03] ( )
FF Plugin: @daum.net/DaumNPPLive -> C:\Users\Administrator\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin: @epki.go.kr/NPEPKI -> C:\Program Files\EPKI\EPKIWCtl\NPEPKI.dll [2015-09-10] (EPKI Center)
FF Plugin: @gomtv.com/gomtvx-plugin -> C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll [2013-05-28] (Gretech Corporation)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @kings.co.kr/KDefense -> C:\Users\Administrator\AppData\LocalLow\kdefense\nplssl32.dll [2015-07-25] (Kings Information & Network)
FF Plugin: @lguplus.co.kr/application/lguplus-xpayplugin,version=1.0.5.1 -> C:\Program Files\XPayPlugin\npXPayPlugin_1.0.5.1.dll [2015-09-11] (LG Uplus Corp)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npNxGame.dll [No File]
FF Plugin: @nprotect.com/npEfdsWPlugin -> C:\Users\Administrator\AppData\Local\nProtect\npEfdsWCtrl\npEfdsWPlugin.dll [2013-11-01] (INCA Internet Co., Ltd)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll [2015-05-17] (RaonSecure Co., Ltd.)
FF Plugin: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2013-05-24] (Softforum, Inc.)
FF Plugin: @softforum.com/npxwebplugins -> C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-11-05] (SoftForum Co., Ltd.)
FF Plugin: @softforum.com/npxwebplugins_file -> C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-11-05] (SoftForum Co., Ltd.)
FF Plugin: @SoftSecurity.com/npTEFWplugin -> C:\Windows\system32\NPTEFW.dll [2015-07-12] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @unidocs.co.kr/ezPDFReader,version=3.0 -> C:\Program Files\Unidocs\ezPDFReaderS3.0\npezpdf30.dll [2014-07-25] (UNIDOCS, INC.)
FF Plugin: @wizvera.com/npVeraport20 -> C:\Program Files\Wizvera\Veraport20\npveraport20.dll [2015-02-02] ()
FF Plugin: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files\INFovine\npVineTransfer.dll [2012-09-12] (INFOVINE)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin: innorix.com/InnoGMP -> C:\Program Files\INNORIX\npinnogmp7.dll [2015-02-11] (INNORIX)
FF Plugin: touchenex@raon.com/npCrossEXPlugin -> C:\Program Files\RaonSecure\bridge\CrossEX\touchenex\1.0.1.734\npraontouchenex.dll [2015-08-19] (iniLINE Co., Ltd.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @ahnlab.com/asp/npmkd25sp -> C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll [2015-07-14] (AhnLab, Inc.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @daum.net/DaumNPPLive -> C:\Users\Administrator\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @designmade.com/application/designmade-printmade -> C:\Program Files\Printmade2\npPrintmade2.dll [2014-09-19] ( )
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @iniline.com/npCrossWeb -> C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0AB9084F-0EF8-499a-A461-DE46D3C4A45B}\plugins\npCrossWeb.dll [2011-11-12] (INITECH Co., Ltd.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @naver.com/npNVLauncher -> C:\Users\Administrator\AppData\Roaming\Mozilla\Plugins\npNVLauncher.dll [2015-03-31] (NHN Corp.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @naver.com/npNVLauncher64 -> C:\Users\Administrator\AppData\Roaming\Mozilla\Plugins\npNVLauncher64.dll [2015-03-31] (NHN Corp.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @softforum.com/npxwebplugins -> C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-11-05] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @softforum.com/npxwebplugins_file -> C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-11-05] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files\INFovine\npVineTransfer.dll [2012-09-12] (INFOVINE)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: daum.net/DaumNPPLive -> C:\Users\Administrator\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: www.navercorp.com/NDownloaderObj -> C:\Windows\Downloaded Program Files\npNDownloaderObj.dll [2014-03-13] (NAVER Corp.)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npNaverPhotoLauncher_1.0.0.3.dll [2015-01-14] (NHN Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npNVLauncher.dll [2015-03-31] (NHN Corp.)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npNVLauncher64.dll [2015-03-31] (NHN Corp.)
FF Extension: INISAFE CrossWeb - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0AB9084F-0EF8-499a-A461-DE46D3C4A45B} [2014-12-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google 문서도구) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-25]
CHR Extension: (Google 드라이브) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-25]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-25]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-25]
CHR Extension: (Google 문서 오프라인) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-25]
CHR Extension: (Chrome 웹 스토어 결제) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ALYac_RTSrv; C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye [438080 2015-08-11] (ESTsoft Corp)
R2 ALYac_UpdSrv; C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye [709952 2015-09-23] (ESTsoft Corp)
S3 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S3 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
S3 DaumCleanerService; C:\Program Files\Daum\Cleaner\DaumCleanerService.exe [162152 2014-11-14] (Daum Kakao Corp.)
S3 DaumStationService; C:\Program Files\Daum\DaumStation\DaumStationService.exe [121200 2014-10-29] (Daum Kakao Corp.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-11-30] (Flexera Software, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2015-01-16] (NVIDIA Corporation)
R2 GomHelper Update Services; C:\Program Files\GRETECH\GomHelper\GomHelperSvc.exe [110168 2014-08-27] (Gretech Corp.)
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [59760 2010-01-21] (Microsoft Corporation)
R2 Innosvc7; C:\Program Files\INNORIX\common\innosvc7.exe [197720 2015-02-11] (INNORIX)
S3 MyFw40Service; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe [585696 2015-06-25] (AhnLab, Inc.)
R2 nossvc; C:\Program Files\INCAInternet\nProtect Online Security\nossvc.exe [1666216 2015-06-16] (INCA Internet Co., Ltd.)
S2 npkfxsvc; C:\Windows\system32\npkfxsvc.exe [197224 2015-03-02] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775632 2015-01-16] (NVIDIA Corporation)
S4 Process Clean Service; C:\Users\Administrator\Documents\ProcessClean\ProcService.exe [548632 2015-02-10] (ProcessClean)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-31] (DEVGURU Co., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 windowstab_mon; C:\Users\Administrator\AppData\Local\windowstab\windowstab_mon.exe [87640 2013-07-31] ()
S3 wscnvcsv32; C:\Program Files\Windows Conveniences\wscnvcsv.exe [138504 2014-09-11] ()
S3 NvUpdSrv; C:\Program Files\NVIDIA Corporation\Updates\NvdUpd.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AhnFlt2K; C:\Windows\system32\drivers\AhnFlt2K.sys [61704 2015-01-20] (AhnLab, Inc.)
S3 AhnRec2K; C:\Windows\system32\drivers\AhnRec2K.sys [29704 2014-06-12] (AhnLab, Inc.)
R1 AMonLWLH; C:\Windows\System32\DRIVERS\amonlwlh.sys [52304 2015-03-12] (AhnLab, Inc.)
R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [118896 2015-05-27] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys [40024 2015-06-16] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASDF; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys [163688 2015-06-16] (AhnLab, Inc.)
S3 ATamptNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\atamptnt.sys [282704 2015-07-01] (AhnLab, Inc.)
S3 Cdm2DrNt; C:\Windows\system32\Drivers\Cdm2DrNt.sys [80576 2014-09-17] (AhnLab, Inc.)
S3 CdmDrvNt; C:\Windows\system32\Drivers\CdmDrvNt.sys [19616 2009-07-21] (AhnLab, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 EstConstantDrv; C:\Windows\System32\drivers\EstCst.sys [54040 2014-05-19] (ESTsoft Corp)
R1 EstRtwIFDrv; C:\Windows\system32\drivers\EstRtw.sys [284440 2015-09-14] (ESTsoft Corp)
S3 EstRtwIFDrvTemp; c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys [284440 2015-09-14] (ESTsoft Corp)
S3 HSBDrvNt; C:\Windows\System32\drivers\HSBDrvNt.sys [177192 2015-07-02] (AhnLab, Inc.)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [103512 2011-05-19] (JMicron Technology Corp.)
R3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [26704 2015-09-24] (RaonSecure Co., Ltd.)
S3 JRTDIFW; C:\Windows\system32\JRTDIFW.SYS [9984 2015-07-12] (SoftForum Corporation) [File not signed]
S3 kck86; C:\Windows\system32\kck86.sys [85280 2015-09-24] (Kings Information & Network)
S3 kcrtx86; C:\Windows\system32\kcrtx86.sys [126048 2014-12-26] (Kings Information & Network)
S3 MfFWEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [102520 2014-06-11] (AhnLab, Inc.)
S3 MfIPSEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [122688 2014-06-11] (AhnLab, Inc.)
S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [88944 2015-05-29] (AhnLab, Inc.)
S3 Mkd2kfNt; C:\Windows\System32\drivers\Mkd2kfNt.sys [179792 2015-07-21] (AhnLab, Inc.)
R3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [124584 2015-05-29] (AhnLab, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R3 noska; C:\Windows\system32\noska.sys [41696 2015-08-13] (INCA Internet Co.,Ltd.)
R3 noskp; C:\Windows\system32\noskp.sys [20576 2015-08-13] (INCA Internet Co.,Ltd.)
R3 nosku; C:\Windows\system32\nosku.sys [32936 2015-09-14] (INCA Internet Co.,Ltd.)
S3 NPFW; C:\Windows\system32\NPFWVT.sys [133712 2014-04-02] (INCA Internet Co.,Ltd.)
S3 NPIDS; C:\Windows\system32\NpIdsVt.sys [74504 2013-09-09] (INCA Internet Co.,Ltd.)
S3 npkfxa; C:\Windows\system32\npkfxa.sys [41288 2014-05-08] (INCA Internet Co.,Ltd.)
S3 npkfxs; C:\Windows\system32\npkfxs.sys [20680 2014-05-08] (INCA Internet Co.,Ltd.)
S3 npkfxu; C:\Windows\system32\npkfxu.sys [23880 2014-05-08] (INCA Internet Co.,Ltd.)
S3 np_ck32s; C:\Windows\system32\np_ck32s.sys [65312 2013-08-07] (INCA Internet Co.,Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
R3 scskusbf; C:\Windows\System32\drivers\scskusbf.sys [23176 2015-09-10] (SoftCamp)
S3 scskusbs; C:\Windows\System32\drivers\scskusbs.sys [201968 2015-09-10] (SoftCamp)
R3 TKCtrl; C:\Windows\system32\TKCtrl2k.sys [195800 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\Windows\system32\TKFsAv.sys [214656 2015-08-13] (INCA Internet Co., Ltd.)
R3 TKFsFtM; C:\Windows\system32\TKFsFt.sys [25848 2014-07-07] (INCA Internet Co., Ltd.)
R3 TKPcFt; C:\Windows\system32\TKPcFtHk.sys [47496 2015-08-07] (INCA Internet Co., Ltd.)
R3 TKRgAc; C:\Windows\system32\TKRgAc2k.sys [114888 2013-09-09] (INCA Internet Co., Ltd.)
R3 TKRgFt; C:\Windows\system32\TKRgFtXp.sys [78344 2013-11-18] (INCA Internet Co., Ltd.)
S3 TNFwNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys [129472 2015-06-17] (AhnLab, Inc.)
S3 TNHipsNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNHipsNt.sys [135184 2015-06-17] (AhnLab, Inc.)
S3 TNNipsNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys [159560 2015-06-17] (AhnLab, Inc.)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 KodeMonL; \??\C:\Windows\KodeMonL.sys [X]
S3 neokdss; system32\Drivers\neokdss.sys [X]
S3 ProDefense; \??\C:\Windows\system32\drivers\ProDefense.sys [X]
S1 savepopprotector32; system32\DRIVERS\savepopprotector32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 11:35 - 2015-09-29 11:36 - 00032264 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-09-29 11:34 - 2015-09-29 11:35 - 00000000 ____D C:\FRST
2015-09-29 11:34 - 2015-09-29 11:34 - 02192384 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-09-29 11:34 - 2015-09-29 11:34 - 01696256 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2015-09-29 09:25 - 2015-09-29 09:25 - 00000000 _____ C:\Users\Administrator\AppData\Local\{FAD29A02-0120-4573-BF02-0F80977BF983}
2015-09-28 00:43 - 2015-09-28 00:43 - 00000000 _____ C:\Users\Administrator\AppData\Local\{0835341A-9569-4EA8-BCB8-0461B917DA3D}
2015-09-27 15:38 - 2015-09-27 15:38 - 00008654 _____ C:\Users\Administrator\Desktop\HELP_DECRYPT.HTML
2015-09-27 15:38 - 2015-09-27 15:38 - 00004270 _____ C:\Users\Administrator\Desktop\HELP_DECRYPT.TXT
2015-09-27 15:38 - 2015-09-27 15:38 - 00000296 _____ C:\Users\Administrator\Desktop\HELP_DECRYPT.URL
2015-09-26 16:19 - 2015-09-26 16:20 - 00000000 ____D C:\Users\Administrator\Desktop\꾀꼬리
2015-09-26 15:41 - 2015-09-26 15:41 - 00000000 ____D C:\Users\Administrator\Desktop\관악
2015-09-26 13:09 - 2015-09-26 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\EurekaLog
2015-09-25 21:27 - 2015-09-26 07:05 - 00100206 _____ C:\Users\Administrator\Downloads\Jurassic_World_2015_1080p_WEB-DL_x264_AAC-JYK.smi
2015-09-25 18:37 - 2015-09-25 18:37 - 00008654 _____ C:\Users\HELP_DECRYPT.HTML
2015-09-25 18:37 - 2015-09-25 18:37 - 00008654 _____ C:\Users\Administrator\HELP_DECRYPT.HTML
2015-09-25 18:37 - 2015-09-25 18:37 - 00008654 _____ C:\Users\Administrator\Downloads\HELP_DECRYPT.HTML
2015-09-25 18:37 - 2015-09-25 18:37 - 00008654 _____ C:\HELP_DECRYPT.HTML
2015-09-25 18:37 - 2015-09-25 18:37 - 00004270 _____ C:\Users\HELP_DECRYPT.TXT
2015-09-25 18:37 - 2015-09-25 18:37 - 00004270 _____ C:\Users\Administrator\HELP_DECRYPT.TXT
2015-09-25 18:37 - 2015-09-25 18:37 - 00004270 _____ C:\Users\Administrator\Downloads\HELP_DECRYPT.TXT
2015-09-25 18:37 - 2015-09-25 18:37 - 00004270 _____ C:\HELP_DECRYPT.TXT
2015-09-25 18:37 - 2015-09-25 18:37 - 00000296 _____ C:\Users\HELP_DECRYPT.URL
2015-09-25 18:37 - 2015-09-25 18:37 - 00000296 _____ C:\Users\Administrator\HELP_DECRYPT.URL
2015-09-25 18:37 - 2015-09-25 18:37 - 00000296 _____ C:\Users\Administrator\Downloads\HELP_DECRYPT.URL
2015-09-25 18:37 - 2015-09-25 18:37 - 00000296 _____ C:\HELP_DECRYPT.URL
2015-09-25 18:27 - 2015-09-25 18:27 - 00008654 _____ C:\Users\Administrator\Documents\HELP_DECRYPT.HTML
2015-09-25 18:27 - 2015-09-25 18:27 - 00004270 _____ C:\Users\Administrator\Documents\HELP_DECRYPT.TXT
2015-09-25 18:27 - 2015-09-25 18:27 - 00000296 _____ C:\Users\Administrator\Documents\HELP_DECRYPT.URL
2015-09-25 16:37 - 2015-09-25 16:37 - 00008654 _____ C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML
2015-09-25 16:37 - 2015-09-25 16:37 - 00008654 _____ C:\Users\Administrator\AppData\HELP_DECRYPT.HTML
2015-09-25 16:37 - 2015-09-25 16:37 - 00004270 _____ C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.TXT
2015-09-25 16:37 - 2015-09-25 16:37 - 00004270 _____ C:\Users\Administrator\AppData\HELP_DECRYPT.TXT
2015-09-25 16:37 - 2015-09-25 16:37 - 00000296 _____ C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.URL
2015-09-25 16:37 - 2015-09-25 16:37 - 00000296 _____ C:\Users\Administrator\AppData\HELP_DECRYPT.URL
2015-09-25 16:34 - 2015-09-25 16:34 - 00008654 _____ C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML
2015-09-25 16:34 - 2015-09-25 16:34 - 00004270 _____ C:\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT
2015-09-25 16:34 - 2015-09-25 16:34 - 00000296 _____ C:\Users\Administrator\AppData\Local\HELP_DECRYPT.URL
2015-09-25 16:30 - 2015-09-25 16:30 - 00008654 _____ C:\ProgramData\HELP_DECRYPT.HTML
2015-09-25 16:30 - 2015-09-25 16:30 - 00004270 _____ C:\ProgramData\HELP_DECRYPT.TXT
2015-09-25 16:30 - 2015-09-25 16:30 - 00000296 _____ C:\ProgramData\HELP_DECRYPT.URL
2015-09-24 18:21 - 2015-09-24 18:21 - 00159416 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\CKAgent.exe
2015-09-24 18:21 - 2015-09-24 18:21 - 00159384 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\CKAgentNXE.exe
2015-09-24 18:21 - 2015-09-24 18:21 - 00159384 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\CKAgentNXE.dat
2015-09-24 18:21 - 2015-09-24 18:21 - 00085280 _____ (Kings Information & Network) C:\Windows\system32\kck86.sys
2015-09-24 18:21 - 2015-09-24 18:21 - 00026704 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\JRSUKD25.SYS
2015-09-24 18:21 - 2015-09-24 18:21 - 00000000 ____D C:\Program Files\RaonSecure
2015-09-23 18:47 - 2015-09-23 18:47 - 02070504 _____ (NAVER Corp.) C:\Windows\system32\NaverAXGuide.exe
2015-09-23 18:47 - 2015-09-23 18:47 - 00387048 _____ (NAVER Corp.) C:\Windows\system32\NAxgPluginW_0_1.dll
2015-09-22 01:15 - 2015-09-25 16:58 - 00000000 ____D C:\Users\Administrator\Desktop\material-design-icons-1.0.0
2015-09-22 00:11 - 2015-09-22 00:11 - 00087840 _____ C:\Users\Administrator\Downloads\00-15-0123-1(이화여대-노기모적색후드티).xls
2015-09-21 22:22 - 2015-09-25 16:38 - 00000000 ____D C:\Users\Administrator\Desktop\2015-1
2015-09-21 22:22 - 2015-09-25 16:38 - 00000000 ____D C:\Users\Administrator\Desktop\2014-2
2015-09-20 22:32 - 2015-09-20 22:33 - 00000009 _____ C:\Windows\AFCUPDL2.txt
2015-09-20 22:27 - 2015-09-20 22:27 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\mfc70.dll
2015-09-20 22:27 - 2015-09-20 22:27 - 00964608 _____ (Microsoft Corporation) C:\Windows\system32\mfc70u.dll
2015-09-20 22:27 - 2015-09-20 22:27 - 00741440 ____N () C:\Windows\AFCUPDL2.exe
2015-09-20 22:27 - 2015-09-20 22:27 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr70.dll
2015-09-20 22:27 - 2015-09-20 22:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\afreeca
2015-09-20 22:27 - 2015-09-20 22:27 - 00000000 ____D C:\Program Files\afreeca
2015-09-19 10:03 - 2015-09-19 10:05 - 00196721 _____ C:\Users\Administrator\Downloads\Kingsman+The+Secret+Service+2014+720p+HDRip+x264+AAC-KiNGDOM (1).smi
2015-09-19 09:54 - 2015-09-19 09:54 - 00198477 _____ C:\Users\Administrator\Downloads\[TVZIL.COM]kingsman.the.secret.service.2014.1080p.bluray.x264-sparks (2).smi
2015-09-19 09:53 - 2015-09-19 09:53 - 00198477 _____ C:\Users\Administrator\Downloads\[TVZIL.COM]kingsman.the.secret.service.2014.1080p.bluray.x264-sparks (1).smi
2015-09-19 09:44 - 2015-09-19 10:10 - 00331055 _____ C:\Users\Administrator\Downloads\Kingsman+The+Secret+Service+2014+720p+HDRip+x264+AAC-KiNGDOM.smi
2015-09-19 09:28 - 2015-09-19 09:28 - 00198477 _____ C:\Users\Administrator\Downloads\[TVZIL.COM]kingsman.the.secret.service.2014.1080p.bluray.x264-sparks.smi
2015-09-19 09:28 - 2015-09-19 09:28 - 00101597 _____ C:\Users\Administrator\Downloads\[TVZIL.COM]kingsman.the.secret.service.2014.1080p.bluray.x264-sparks.torrent
2015-09-18 15:25 - 2015-09-25 16:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Games
2015-09-17 21:00 - 2015-09-17 21:00 - 00009856 _____ C:\Users\Administrator\Desktop\먼동제 윷놀이 부스.xlsx
2015-09-17 08:53 - 2015-09-17 08:53 - 00000104 _____ C:\Users\Administrator\Desktop\plot.log
2015-09-17 01:42 - 2015-09-17 01:42 - 31653904 _____ C:\Users\Administrator\Downloads\Site Analysis.pptx
2015-09-16 21:06 - 2015-09-29 09:27 - 00007152 _____ C:\Windows\system32\Drivers\EstRtwIFDrv
2015-09-15 11:49 - 2015-09-15 11:49 - 12390848 _____ C:\Users\Administrator\Downloads\관악최종.DWG
2015-09-14 11:45 - 2015-09-14 23:23 - 00018432 _____ C:\Users\Administrator\Desktop\ㅅㄱ (2015-09-14 1301의 iPad에서 충돌하는 사본).hwp
2015-09-14 01:51 - 2015-09-14 01:51 - 00020992 _____ C:\Users\Administrator\Desktop\ㅅㄱ.hwp
2015-09-11 13:47 - 2015-09-25 16:30 - 00000000 ____D C:\ProgramData\ISSAC_LG_UPLUS
2015-09-11 13:47 - 2015-09-11 14:05 - 00002644 _____ C:\Windows\issacweb.log
2015-09-11 13:38 - 2015-09-11 13:38 - 01978448 _____ (LG Uplus Corp) C:\Users\Administrator\Downloads\LGDacomXPayWizard.exe
2015-09-11 11:25 - 2015-09-11 11:25 - 00000000 _____ C:\Users\Administrator\AppData\Local\{228B11DD-33C8-4288-AC84-A4CBD408D431}
2015-09-10 19:13 - 2015-09-25 18:23 - 00000000 ____D C:\Users\Administrator\Desktop\비행청소년
2015-09-10 13:58 - 2015-09-25 17:04 - 00000000 ____D C:\Users\Administrator\Desktop\대안교육강의록
2015-09-10 00:10 - 2015-07-02 18:16 - 00177192 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\HSBDrvNt.sys
2015-09-10 00:10 - 2015-07-01 18:12 - 00143168 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\amoncdw8.sys
2015-09-10 00:10 - 2015-07-01 18:11 - 00132304 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\amoncdw7.sys
2015-09-10 00:10 - 2015-05-27 22:36 - 00123176 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\amontdnt.sys
2015-09-10 00:10 - 2015-05-27 22:35 - 00063752 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\amonhknt.sys
2015-09-10 00:10 - 2015-03-12 14:39 - 00052304 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\amonlwlh.sys
2015-09-10 00:09 - 2015-09-10 00:25 - 00000339 _____ C:\Windows\rdviewer_u.ini
2015-09-10 00:09 - 2015-09-10 00:09 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-10 00:09 - 2015-04-06 13:35 - 05447792 _____ ((주)엠투소프트) C:\Windows\system32\rdviewer50u.ocx
2015-09-10 00:09 - 2015-04-06 13:32 - 00741376 _____ () C:\Windows\system32\chartui_ux.dll
2015-09-10 00:09 - 2015-04-06 13:32 - 00286720 _____ () C:\Windows\system32\rdcdchart_ux.dll
2015-09-10 00:09 - 2015-04-06 13:32 - 00032976 _____ C:\Windows\system32\Rdviewer50u.tlb
2015-09-10 00:09 - 2015-04-06 13:22 - 00184320 _____ (M2Soft, Inc.) C:\Windows\system32\rdtidyx50u.dll
2015-09-10 00:09 - 2015-04-06 13:21 - 00438272 _____ (M2Soft Inc.) C:\Windows\system32\rdagentx50u.dll
2015-09-10 00:09 - 2015-04-06 13:21 - 00303104 _____ (M2Soft, Inc.) C:\Windows\system32\rdfilex50u.dll
2015-09-10 00:09 - 2015-04-06 13:21 - 00151552 _____ (M2Soft, Inc.) C:\Windows\system32\rdadox50u.dll
2015-09-10 00:09 - 2015-03-24 14:01 - 01774712 _____ (M2Soft, Inc.) C:\Windows\system32\PDFExport50.dll
2015-09-10 00:09 - 2014-09-01 16:56 - 00131208 _____ ((주)엠투소프트) C:\Windows\system32\RDVistaSupport.dll
2015-09-10 00:09 - 2012-02-14 13:43 - 02310144 ____R (Advanced Software Engineering Limited) C:\Windows\system32\chartdir50.dll
2015-09-10 00:09 - 2009-12-24 10:59 - 00610304 _____ (TEC-IT Datenverarbeitung GmbH (www.tec-it.com) Wagnerstr. 6, A-4400 Steyr, AUSTRIA barcode@tec-it.com p: +43 (7252) 72720 f: +43 (7252) 72720-77) C:\Windows\system32\TBarCode5.dll
2015-09-10 00:09 - 2007-05-15 11:19 - 00032768 _____ (m2soft) C:\Windows\system32\rdabout50u.dll
2015-09-10 00:09 - 2002-07-10 14:02 - 00206336 _____ (Catenary Systems) C:\Windows\system32\VIC32.DLL
2015-09-10 00:09 - 1997-11-07 14:09 - 00441856 _____ (Sybase, Visual Components) C:\Windows\system32\VCFIWZ5.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00034218 _____ C:\Windows\system32\MaWebSAFER_KERIS_uninstall.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2015-09-10 00:06 - 2015-09-10 00:06 - 01327208 _____ (Wizvera ) C:\Users\Administrator\Downloads\veraport20moz.exe
2015-09-08 10:24 - 2015-09-25 18:25 - 00000000 ____D C:\Users\Administrator\Desktop\제비
2015-09-07 18:32 - 2015-09-07 18:32 - 00000000 ____D C:\Users\Administrator\Desktop\느시
2015-09-06 11:46 - 2015-09-06 11:46 - 00000000 ____D C:\Program Files\XPayPlugin
2015-09-04 22:06 - 2015-09-04 22:07 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
2015-09-04 22:06 - 2015-09-04 22:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2015-09-01 23:08 - 2015-09-01 23:08 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-01 23:08 - 2015-09-01 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-01 23:08 - 2015-09-01 23:08 - 00000000 ____D C:\Program Files\Java
2015-09-01 23:08 - 2015-09-01 23:08 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-01 17:52 - 2015-09-01 17:52 - 00001241 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2015-09-01 17:52 - 2015-09-01 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 10:59 - 2015-07-25 18:16 - 00000622 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-29 10:52 - 2015-07-25 18:16 - 00000672 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-29 09:32 - 2009-07-14 13:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-29 09:32 - 2009-07-14 13:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-29 09:27 - 2014-11-30 14:32 - 00000294 _____ C:\Windows\system32\ayboot.ini
2015-09-29 09:25 - 2015-07-25 18:16 - 00000668 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-29 09:25 - 2009-07-14 13:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 09:25 - 2009-07-14 13:39 - 00147714 _____ C:\Windows\setupact.log
2015-09-29 09:24 - 2014-11-30 13:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-28 00:53 - 2015-07-25 18:16 - 00002103 _____ C:\Users\Public\Desktop\Chrome.lnk
2015-09-26 16:22 - 2015-01-07 10:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent
2015-09-26 12:57 - 2011-11-19 10:00 - 00000000 ___RD C:\Users\Administrator\Desktop\민성이
2015-09-25 18:37 - 2015-07-03 13:48 - 00000000 ____D C:\Users\Administrator\Tracing
2015-09-25 18:37 - 2014-11-30 13:11 - 00000000 ____D C:\Users\Administrator
2015-09-25 18:27 - 2015-01-01 21:27 - 00000000 ____D C:\Users\Administrator\Documents\카카오톡 받은 파일
2015-09-25 18:26 - 2015-01-11 18:51 - 00000000 ____D C:\Users\Administrator\Documents\KBS
2015-09-25 18:24 - 2015-06-03 09:53 - 00000000 ____D C:\Users\Administrator\Desktop\자격증모음
2015-09-25 18:24 - 2014-12-28 12:59 - 00000000 ____D C:\Users\Administrator\Desktop\시
2015-09-25 18:23 - 2015-06-25 17:55 - 00000000 ___RD C:\Users\Administrator\Desktop\민지
2015-09-25 18:23 - 2015-03-07 09:40 - 00000000 ____D C:\Users\Administrator\Desktop\성교육성상담
2015-09-25 17:12 - 2014-11-30 11:47 - 00000000 ___RD C:\Users\Administrator\Desktop\민경
2015-09-25 17:04 - 2015-07-12 14:44 - 00000000 ____D C:\Users\Administrator\Desktop\동기강화
2015-09-25 17:04 - 2015-01-24 14:35 - 00000000 ____D C:\Users\Administrator\Desktop\논문자료
2015-09-25 17:03 - 2015-08-23 23:04 - 00000000 ____D C:\Users\Administrator\Desktop\까치
2015-09-25 17:02 - 2015-06-06 17:12 - 00000000 ____D C:\Users\Administrator\Desktop\까마귀
2015-09-25 17:00 - 2015-07-25 00:03 - 00000000 ____D C:\Users\Administrator\Desktop\고니
2015-09-25 16:37 - 2015-06-09 20:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Samsung
2015-09-25 16:37 - 2015-04-07 22:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Naver
2015-09-25 16:37 - 2015-02-10 14:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Reset
2015-09-25 16:37 - 2014-12-30 21:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Savepop
2015-09-25 16:37 - 2014-12-11 18:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2015-09-25 16:36 - 2015-07-12 12:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\JRSOFT
2015-09-25 16:36 - 2014-12-01 20:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HNC
2015-09-25 16:36 - 2014-11-30 14:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GRETECH
2015-09-25 16:36 - 2014-11-30 14:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ESTsoft
2015-09-25 16:36 - 2014-11-30 14:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2015-09-25 16:36 - 2014-11-30 13:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Autodesk
2015-09-25 16:34 - 2014-12-11 18:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Skype
2015-09-25 16:34 - 2014-12-11 18:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\SK Communications
2015-09-25 16:34 - 2014-12-01 17:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Naver
2015-09-25 16:33 - 2015-01-01 21:24 - 00000000 ____D C:\Users\Administrator\AppData\Local\Kakao
2015-09-25 16:32 - 2015-07-25 18:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2015-09-25 16:32 - 2014-11-30 14:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-09-25 16:32 - 2014-11-30 13:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\Autodesk
2015-09-25 16:30 - 2015-06-09 19:57 - 00000000 ____D C:\ProgramData\Samsung
2015-09-25 16:30 - 2015-06-02 15:27 - 00000000 ____D C:\ProgramData\ISSAC_WEB_oovi
2015-09-25 16:30 - 2014-11-30 14:35 - 00000000 ____D C:\ProgramData\GRETECH
2015-09-25 16:30 - 2014-11-30 14:28 - 00000000 ____D C:\ProgramData\ESTsoft
2015-09-25 16:29 - 2014-11-30 14:07 - 00000000 ____D C:\ProgramData\Adobe
2015-09-25 16:29 - 2014-11-30 13:36 - 00000000 ____D C:\ProgramData\Autodesk
2015-09-25 16:23 - 2014-12-04 18:13 - 00000000 ____D C:\gpki
2015-09-25 15:54 - 2014-11-30 13:05 - 01786990 _____ C:\Windows\WindowsUpdate.log
2015-09-25 14:45 - 2009-07-14 13:33 - 02223016 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-24 22:15 - 2014-11-30 13:36 - 00205160 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-24 18:21 - 2014-10-29 13:53 - 02735800 _____ (RaonSecure Co., Ltd.) C:\Windows\system32\CKSetup32.exe
2015-09-24 18:21 - 2014-10-29 13:53 - 00192184 _____ (RaonSecure Co., Ltd.) C:\Windows\system32\Jrsoftcp.dll
2015-09-22 23:00 - 2014-11-30 14:41 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 23:00 - 2014-11-30 14:41 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-22 22:41 - 2014-12-04 16:38 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts_tmp
2015-09-21 18:45 - 2014-12-04 16:39 - 02761376 _____ (AhnLab, Inc.) C:\Windows\system32\btscan.exe
2015-09-18 22:52 - 2009-07-14 13:53 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-18 09:26 - 2014-11-30 13:31 - 00000065 _____ C:\Windows\hjimesv.ini
2015-09-14 20:03 - 2015-03-25 17:20 - 00034344 _____ (INCA Internet Co.,Ltd.) C:\Windows\system32\nosku64.sys
2015-09-14 20:03 - 2015-03-25 17:19 - 00032936 _____ (INCA Internet Co.,Ltd.) C:\Windows\system32\nosku.sys
2015-09-14 08:35 - 2014-11-30 14:32 - 00284440 _____ (ESTsoft Corp) C:\Windows\system32\Drivers\EstRtw.sys
2015-09-13 17:03 - 2014-12-10 20:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-13 12:07 - 2014-12-10 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-11 13:40 - 2014-10-28 13:42 - 01011792 _____ (LG Uplus Corp) C:\Windows\system32\XPayExtension.exe
2015-09-10 21:55 - 2011-04-13 05:55 - 00428288 _____ C:\Windows\system32\perfh012.dat
2015-09-10 21:55 - 2011-04-13 05:55 - 00119548 _____ C:\Windows\system32\perfc012.dat
2015-09-10 21:55 - 2010-11-21 06:01 - 01322266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-10 13:37 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-10 00:13 - 2014-12-04 22:35 - 00201968 _____ (SoftCamp) C:\Windows\system32\Drivers\scskusbs.sys
2015-09-10 00:13 - 2014-12-04 22:35 - 00052320 _____ (Kings Information & Network) C:\Windows\system32\Drivers\kck86s.sys
2015-09-10 00:13 - 2014-12-04 22:35 - 00023176 _____ (SoftCamp) C:\Windows\system32\Drivers\scskusbf.sys
2015-09-01 23:08 - 2015-02-24 01:11 - 00000000 ____D C:\ProgramData\Oracle
2015-09-01 17:52 - 2014-11-30 19:06 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2015-09-01 17:42 - 2014-12-04 16:40 - 00000000 ____D C:\ProgramData\Nexon
2015-09-01 17:41 - 2014-12-04 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon

==================== Files in the root of some directories =======

2015-09-25 16:37 - 2015-09-25 16:37 - 0008654 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML
2015-09-25 16:37 - 2015-09-25 16:37 - 0046118 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.PNG
2015-09-25 16:37 - 2015-09-25 16:37 - 0004270 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.TXT
2015-09-25 16:37 - 2015-09-25 16:37 - 0000296 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.URL
2014-12-12 12:48 - 2014-12-12 14:33 - 0105899 _____ () C:\Users\Administrator\AppData\Roaming\output.est
2014-12-05 11:35 - 2014-12-05 11:35 - 0000020 _____ () C:\Users\Administrator\AppData\Roaming\SN3Settings.dat
2015-03-06 20:38 - 2015-03-06 20:38 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-25 16:34 - 2015-09-25 16:34 - 0008654 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML
2015-09-25 16:34 - 2015-09-25 16:34 - 0046118 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.PNG
2015-09-25 16:34 - 2015-09-25 16:34 - 0004270 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT
2015-09-25 16:34 - 2015-09-25 16:34 - 0000296 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.URL
2015-06-02 15:27 - 2015-06-02 15:36 - 0095168 _____ () C:\Users\Administrator\AppData\Local\issacweb.log
2015-09-28 00:43 - 2015-09-28 00:43 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{0835341A-9569-4EA8-BCB8-0461B917DA3D}
2015-09-11 11:25 - 2015-09-11 11:25 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{228B11DD-33C8-4288-AC84-A4CBD408D431}
2015-08-09 10:16 - 2015-08-09 10:16 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{796D6C42-92EE-4086-94C5-203B856AE51F}
2015-09-29 09:25 - 2015-09-29 09:25 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{FAD29A02-0120-4573-BF02-0F80977BF983}
2015-09-25 16:30 - 2015-09-25 16:30 - 0008654 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-09-25 16:30 - 2015-09-25 16:30 - 0046118 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-09-25 16:30 - 2015-09-25 16:30 - 0004270 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-09-25 16:30 - 2015-09-25 16:30 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
2014-12-06 17:44 - 2015-07-31 11:42 - 0002398 _____ () C:\ProgramData\NCleanerInstAgentLog.log
2014-12-06 17:44 - 2015-07-31 11:42 - 0001881 _____ () C:\ProgramData\NVCInstAgentLog.log

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\NaverAdminAPI.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-25 01:47

==================== End of FRST.txt ============================


  • 0

Advertisements


#2
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Hello and Welcome! :welcome:

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user.  The Staff at Geeks To Go are ALL volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can.  PLEASE be patient. ;)
 

  • Please note that you should have Administrator rights to perform any fixes.
  • Before we proceed, you may wish to print instructions for easy reference during the fix.  Please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
  • Please understand that malware removal is a complicated, multi-step process.  Therefore please stay with me until I tell you that your system is clean.  
  • Please do not make any system or program changes, or run any tools unless I specifically ask you to.  Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean.    If you get stuck or have questions, please stop and ask so I can help you.
  • Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk.  While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
  • When posting logs, please Copy & Paste the log file contents into a reply.  Use multiple posts if necessary, but please do not attach them or post them on a file hosting site, unless specifically asked to do so.

 

To Begin With:

 

Have a look at the malware and spyware cleaning guide.

 

It looks like you indeed have contracted the CryptoWall virus, and there is also other malware present. 

 

Please understand that while we may be able to clean up infected files, the recovery of your encrypted personal files may be impossible with this type of infection.

 

I need some more information from you:

  1. Please describe in detail what the computer is doing.  What are the problems?
  2. Provide the FRST Addition.txt log contents in a new post.

  • 0

#3
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP