Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Decrypt Virus that i need help removed


  • Please log in to reply
19 replies to this topic

#1 NineVision

NineVision

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 17 March 2015 - 11:38 AM

Some kind of decrypt virus again. I got a few months back, either it wasn't all the way removed or i got it again. Same situation as before i have access to browse the internet but my files are locked. I don't need my files, Would like this completely removed as soon as possible. Thanks

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16633  BrowserJavaVersion: 11.40.2
Run by Daehan1 at 12:33:10 on 2015-03-17
Microsoft Windows 7 Professional   6.1.7601.1.949.82.1033.18.4046.767 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
C:\windows\system32\WLANExt.exe
C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
C:\windows\system32\SCPwrSetSvr.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\Explorer.EXE
C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\SysWOW64\RunDll32.exe
C:\windows\system32\SearchIndexer.exe
c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://www.google.com
mStart Page = about:blank
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140507171225.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [IFXSPMGT] "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Daehan1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG
StartupFolder: C:\Users\Daehan1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://172.16.112.231/scriptX/ScriptX.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: {EF3AFB74-6F3C-491F-8FF2-FBEC88ADEBE5} - hxxp://www.kiwidisk.com/app/KiwidiskCtrl.CAB
TCP: Interfaces\{CB61A838-517C-4EE5-A8C6-FE8017B03616} : NameServer = 8.8.8.8
TCP: Interfaces\{CB61A838-517C-4EE5-A8C6-FE8017B03616}\14454593731353 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{CB61A838-517C-4EE5-A8C6-FE8017B03616}\448435F4C40313 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{CB61A838-517C-4EE5-A8C6-FE8017B03616}\448435F4C40323 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CB61A838-517C-4EE5-A8C6-FE8017B03616}\C696E6B6379737F5F475F52303930343 : DHCPNameServer = 75.76.84.102 75.76.84.103
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  EpePcNp64 DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = about:blank
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140507171224.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
x64-Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\System32\ieudinit.exe
Hosts: 172.16.112.231 dwp
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daehan1\AppData\Roaming\Mozilla\Firefox\Profiles\w4l83hoq.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2012-2-8 100808]
R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2012-2-8 158920]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2014-5-7 782968]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2014-5-7 344176]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-3-6 55856]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\windows\System32\drivers\psd.sys [2010-1-26 44576]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-11-15 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2014-9-15 239616]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\System32\drivers\ArcSoftVCapture.sys [2012-2-26 32192]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2012-2-26 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-2-26 39464]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2013-2-27 175928]
R3 johci;JMicron 1394 Filter Driver;C:\windows\System32\drivers\johci.sys [2013-2-27 26208]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2014-5-7 311600]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-2-7 63336]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-2-3 464480]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2014-5-7 107032]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2013-8-2 16152]
S3 SzCCID;USB SmartCard Reader Driver;C:\windows\System32\drivers\SzCCID.sys [2013-4-25 43520]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-3-30 59392]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2015-03-17 15:14:27 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D4FAD97-94AF-4BF9-8D87-1B4D7193CBF3}\offreg.dll
2015-03-17 12:21:17 11910896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D4FAD97-94AF-4BF9-8D87-1B4D7193CBF3}\mpengine.dll
2015-03-17 12:16:42 -------- d-----w- C:\Users\Daehan1\AppData\Local\{2DD71ACF-1A36-46C2-A55B-B45C7D84864D}
2015-03-16 11:35:56 -------- d-----w- C:\Users\Daehan1\AppData\Local\{87D9860E-5860-4742-98DF-E7D3F8B4C5D3}
2015-03-13 12:03:15 -------- d-----w- C:\Users\Daehan1\AppData\Local\{203BCA6F-EFD5-4B9F-9FD5-F5EBDFBA43AF}
2015-03-12 12:03:41 -------- d-----w- C:\Users\Daehan1\AppData\Local\{816EF37F-6618-480E-A1DC-5A0DEDB1D411}
2015-03-11 12:09:59 325632 ----a-w- C:\windows\System32\msnetobj.dll
2015-03-11 12:08:59 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2015-03-11 11:56:19 -------- d-----w- C:\Users\Daehan1\AppData\Local\{1908693D-57DF-4D77-8C1D-333BD081A842}
2015-03-06 13:13:54 -------- d-----w- C:\Users\Daehan1\AppData\Local\{A9972EF2-CBB7-40FB-AFAC-7369B786C55F}
2015-03-04 13:15:08 -------- d-----w- C:\Users\Daehan1\AppData\Local\{F3630DB4-EA96-42CD-A3CE-67F875D62610}
2015-03-03 19:44:43 950272 ----a-w- C:\windows\System32\perftrack.dll
2015-03-03 19:44:43 91136 ----a-w- C:\windows\System32\wdi.dll
2015-03-03 19:44:43 76800 ----a-w- C:\windows\SysWow64\wdi.dll
2015-03-03 19:44:43 29696 ----a-w- C:\windows\System32\powertracker.dll
2015-03-03 13:36:13 -------- d-----w- C:\Users\Daehan1\AppData\Local\{96DFEE7B-590E-4E42-911B-6B3ED58453DB}
2015-03-02 13:04:47 -------- d-----w- C:\Users\Daehan1\AppData\Local\{70B135A7-4C09-4F1C-B771-714B515CF823}
2015-02-28 13:14:08 -------- d-----w- C:\Users\Daehan1\AppData\Local\{9DF9F887-027F-4C59-B5BB-FE305486D644}
2015-02-27 13:13:07 -------- d-----w- C:\Users\Daehan1\AppData\Local\{D089070A-2E45-4843-A50D-3ABB342D8E53}
2015-02-25 13:05:48 -------- d-----w- C:\Users\Daehan1\AppData\Local\{09C03DB9-C421-4749-A453-79421DCC0122}
2015-02-24 12:13:44 -------- d-----w- C:\Users\Daehan1\AppData\Local\{FC90F6F9-2C39-4996-B5AD-C8F1C8ABEC1D}
2015-02-20 12:54:44 -------- d-----w- C:\Users\Daehan1\AppData\Local\{553F2F52-DAC2-4E8A-8727-0C9F4263377E}
2015-02-19 12:26:51 -------- d-----w- C:\Users\Daehan1\AppData\Local\{2AECC975-2D80-48E2-B8CF-7B62E8086AE7}
2015-02-18 13:48:22 -------- d-----w- C:\Users\Daehan1\AppData\Local\{DB4C3AB2-150E-4952-A3BA-D0A3EB45E031}
2015-02-17 19:26:28 1217184 ----a-w- C:\windows\SysWow64\FM20.DLL
2015-02-17 12:52:32 -------- d-----w- C:\Users\Daehan1\AppData\Local\{D07E4AD9-3257-4EFE-9E4A-4329AA27BDB7}
2015-02-16 12:40:51 -------- d-----w- C:\Users\Daehan1\AppData\Local\{4EE6D678-CA11-47BE-842B-1D9C1D7C6323}
.
==================== Find3M  ====================
.
2015-03-17 16:20:40 37624 ----a-w- C:\windows\System32\drivers\TrueSight.sys
2015-03-10 20:42:03 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-06 05:56:10 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\windows\SysWow64\adtschema.dll
2015-02-26 03:25:44 3204096 ----a-w- C:\windows\System32\win32k.sys
2015-02-24 08:17:24 295552 ------w- C:\windows\System32\MpSigStub.exe
2015-02-21 19:07:24 448512 ----a-w- C:\windows\System32\html.iec
2015-02-21 19:00:32 2339840 ----a-w- C:\windows\System32\jscript9.dll
2015-02-21 18:54:21 1392128 ----a-w- C:\windows\System32\wininet.dll
2015-02-21 18:53:04 1494016 ----a-w- C:\windows\System32\inetcpl.cpl
2015-02-21 18:52:13 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2015-02-21 18:51:54 598528 ----a-w- C:\windows\System32\vbscript.dll
2015-02-21 18:50:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2015-02-21 18:50:31 12800 ----a-w- C:\windows\System32\mshta.exe
2015-02-21 17:34:42 367104 ----a-w- C:\windows\SysWow64\html.iec
2015-02-21 17:28:34 1810944 ----a-w- C:\windows\SysWow64\jscript9.dll
2015-02-21 17:21:58 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2015-02-21 17:21:19 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2015-02-21 17:19:32 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2015-02-21 17:19:29 421376 ----a-w- C:\windows\SysWow64\vbscript.dll
2015-02-21 17:18:11 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2015-02-21 17:18:03 11776 ----a-w- C:\windows\SysWow64\mshta.exe
2015-02-20 04:41:01 41984 ----a-w- C:\windows\System32\lpk.dll
2015-02-20 04:40:59 100864 ----a-w- C:\windows\System32\fontsub.dll
2015-02-20 04:40:56 14336 ----a-w- C:\windows\System32\dciman32.dll
2015-02-20 04:40:55 46080 ----a-w- C:\windows\System32\atmlib.dll
2015-02-20 04:13:49 70656 ----a-w- C:\windows\SysWow64\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- C:\windows\SysWow64\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2015-02-20 04:12:51 25600 ----a-w- C:\windows\SysWow64\lpk.dll
2015-02-20 03:29:16 372224 ----a-w- C:\windows\System32\atmfd.dll
2015-02-20 03:09:16 299008 ----a-w- C:\windows\SysWow64\atmfd.dll
2015-02-04 03:16:35 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2015-02-04 03:16:29 609280 ----a-w- C:\windows\System32\generaltel.dll
2015-02-04 03:16:20 762368 ----a-w- C:\windows\System32\invagent.dll
2015-02-04 03:16:16 414720 ----a-w- C:\windows\System32\devinv.dll
2015-02-04 03:16:14 894976 ----a-w- C:\windows\System32\appraiser.dll
2015-02-04 03:16:13 227328 ----a-w- C:\windows\System32\aepdu.dll
2015-02-04 03:16:13 192000 ----a-w- C:\windows\System32\aepic.dll
2015-02-04 03:13:28 1098752 ----a-w- C:\windows\System32\aeinv.dll
2015-02-04 02:54:09 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34:39 693176 ----a-w- C:\windows\System32\winload.efi
2015-02-03 03:34:38 5554104 ----a-w- C:\windows\System32\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\windows\System32\mferror.dll
2015-02-03 03:28:14 6656 ----a-w- C:\windows\System32\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31 3973048 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55 50176 ----a-w- C:\windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\windows\SysWow64\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25 61440 ----a-w- C:\windows\System32\drivers\appid.sys
2015-01-30 23:56:51 459336 ----a-w- C:\windows\System32\drivers\cng.sys
2015-01-27 23:36:21 1239720 ----a-w- C:\windows\System32\aitstatic.exe
2015-01-17 02:48:38 1067520 ----a-w- C:\windows\System32\msctf.dll
2015-01-17 02:30:42 828928 ----a-w- C:\windows\SysWow64\msctf.dll
2014-12-19 03:06:55 210432 ----a-w- C:\windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2006-12-29 14:15:42 3100672 ----a-w- C:\Program Files (x86)\Common Files\sapxlhelper.dll
2006-12-29 14:15:41 626688 ----a-w- C:\Program Files (x86)\Common Files\sapconsaccess.dll
2006-12-29 14:15:41 40960 ----a-w- C:\Program Files (x86)\Common Files\DigitalSignature.ocx
2006-12-29 14:15:41 192512 ----a-w- C:\Program Files (x86)\Common Files\sapconsr3.dll
.
============= FINISH: 12:36:31.11 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 AM

Posted 21 March 2015 - 08:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 NineVision

NineVision
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 22 March 2015 - 04:21 AM

Hello I just checked but I'll post in a few hours after I wake back up. It's 4 am here...

#4 NineVision

NineVision
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 25 March 2015 - 01:18 PM

Okay so i don't know whats going on but i can not copy paste the information that you requested. It says i do not have permission for that. I tried posting without the attach file but same thing. What do I do?



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 AM

Posted 26 March 2015 - 06:45 AM

You could paste the DDS log in your post.

Restart the computer normally and try to paste the content on the logs.

If still a problem give me the exact error message so that I can investigate with the owner of the forum.

#6 NineVision

NineVision
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 26 March 2015 - 08:40 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Daehan1 (administrator) on DAEHAN1-HP on 25-03-2015 12:40:23
Running from C:\Users\Daehan1\Desktop\Fix
Loaded Profiles: Daehan1 (Available profiles: Daehan1)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
() C:\Windows\System32\SCPwrSetSvr.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe

 

 

 

Im going to break this post up to see if it works that way.

 

The exact error comes from the forum, which is "You do not have permission for that"


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7177728 2013-04-18] (Broadcom Corporation)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-02-08] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-15] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-11-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [76344 2011-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IFXSPMGT] => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-06-25] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1786351023-3499971516-826020898-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1786351023-3499971516-826020898-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-1786351023-3499971516-826020898-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-1786351023-3499971516-826020898-1001\...\RunOnce: [FlashPlayerUpdate] => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_176_ActiveX.exe [851632 2014-08-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-1786351023-3499971516-826020898-1001\...\MountPoints2: {0559f18a-3373-11e2-a7bd-402cf48ae7b9} - D:\TL_Bootstrap.exe
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Daehan1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
InternetURL: C:\Users\Daehan1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.optionstopaytos.com/19xmkcx

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1786351023-3499971516-826020898-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1786351023-3499971516-826020898-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140507171224.dll [2014-05-07] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140507171225.dll [2014-05-07] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} http://172.16.112.231/scriptX/ScriptX.cab
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: HKLM-x32 {EF3AFB74-6F3C-491F-8FF2-FBEC88ADEBE5} http://www.kiwidisk.com/app/KiwidiskCtrl.CAB
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2006-12-29] (SAP AG, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2006-12-29] (SAP AG, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{CB61A838-517C-4EE5-A8C6-FE8017B03616}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Daehan1\AppData\Roaming\Mozilla\Firefox\Profiles\w4l83hoq.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-06-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-06-05] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media )
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dosearches.xml [2013-11-05]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014-05-07]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-20] (Infineon Technologies AG)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-02-08] () [File not signed]
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc.)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-05-07] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [185280 2014-05-07] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)
R2 SCPwrSetSvr; C:\windows\system32\SCPwrSetSvr.exe [90112 2013-04-25] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2012-11-15] (IDT, Inc.) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2012-05-20] (Microsoft Corporation) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5862400 2013-04-18] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-02-27] (JMicron Technology Corp.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-05-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-05-07] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-02-08] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-02-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-05-07] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-05-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-05-07] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-17] ()
S3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [43520 2013-04-25] (Generic)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-03-17] ()



#7 NineVision

NineVision
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 26 March 2015 - 08:43 AM

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 12:39 - 2015-03-25 12:40 - 00000000 ____D () C:\Users\Daehan1\Desktop\Fix
2015-03-17 12:36 - 2015-03-17 12:36 - 00028631 _____ () C:\Users\Daehan1\Desktop\dds.txt
2015-03-17 12:36 - 2015-03-17 12:36 - 00010293 _____ () C:\Users\Daehan1\Desktop\attach.txt
2015-03-17 12:02 - 2015-03-17 12:02 - 00000000 ____D () C:\Users\Daehan1\Desktop\FRST-OlderVersion
2015-03-17 11:32 - 2015-03-17 11:32 - 00000304 _____ () C:\Users\Daehan1\HELP_DECRYPT.URL
2015-03-17 11:32 - 2015-03-17 11:32 - 00000304 _____ () C:\Users\Daehan1\Downloads\HELP_DECRYPT.URL
2015-03-17 11:32 - 2015-03-17 11:32 - 00000304 _____ () C:\Users\Daehan1\Documents\HELP_DECRYPT.URL
2015-03-17 11:32 - 2015-03-17 11:32 - 00000304 _____ () C:\HELP_DECRYPT.URL
2015-03-17 11:28 - 2015-03-17 11:28 - 00000304 _____ () C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.URL
2015-03-17 11:28 - 2015-03-17 11:28 - 00000304 _____ () C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.URL
2015-03-17 11:28 - 2015-03-17 11:28 - 00000304 _____ () C:\Users\Daehan1\AppData\HELP_DECRYPT.URL
2015-03-17 11:15 - 2015-03-17 11:15 - 00000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-03-17 08:16 - 2015-03-17 08:16 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{2DD71ACF-1A36-46C2-A55B-B45C7D84864D}
2015-03-16 18:55 - 2015-03-16 18:59 - 00024432 _____ () C:\Users\Daehan1\Desktop\Daily Report 20150316.xlsx
2015-03-16 07:49 - 2015-03-16 20:14 - 00091040 _____ () C:\Users\Daehan1\Desktop\Production Daily Plan 20150316.xlsx
2015-03-16 07:35 - 2015-03-16 07:36 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{87D9860E-5860-4742-98DF-E7D3F8B4C5D3}
2015-03-14 18:05 - 2015-03-14 18:05 - 00023232 _____ () C:\Users\Daehan1\Desktop\Daily Report 20150314.xlsx
2015-03-14 10:23 - 2015-03-14 10:24 - 00025328 _____ () C:\Users\Daehan1\Desktop\Daily Overtime 20150315.xlsx
2015-03-13 20:29 - 2015-03-13 20:29 - 00021328 _____ () C:\Users\Daehan1\Desktop\Daily Report 20150313.xlsx
2015-03-13 08:03 - 2015-03-13 08:03 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{203BCA6F-EFD5-4B9F-9FD5-F5EBDFBA43AF}
2015-03-12 19:05 - 2015-03-12 19:47 - 00021072 _____ () C:\Users\Daehan1\Desktop\Daily Report 20150312.xlsx
2015-03-12 08:03 - 2015-03-12 08:03 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{816EF37F-6618-480E-A1DC-5A0DEDB1D411}
2015-03-11 19:31 - 2015-03-11 19:37 - 00022432 _____ () C:\Users\Daehan1\Desktop\Daily Report 20150311.xlsx



#8 NineVision

NineVision
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 26 March 2015 - 08:44 AM

2015-03-11 13:09 - 2015-03-17 11:32 - 00000000 ____D () C:\Users\Daehan1\Desktop\Report
2015-03-11 08:10 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 08:10 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-11 08:10 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 08:10 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-11 08:10 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-11 08:10 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 08:10 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:10 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:10 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-11 08:10 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-11 08:09 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:09 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 08:09 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 08:09 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 08:09 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 08:09 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 08:09 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 08:09 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-11 08:09 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-11 08:09 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-11 08:09 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-11 08:09 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-11 08:09 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-11 08:09 - 2015-02-21 15:00 - 02339840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 08:09 - 2015-02-21 14:54 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 08:09 - 2015-02-21 14:51 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-03-11 08:09 - 2015-02-21 14:51 - 00598528 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 08:09 - 2015-02-21 14:51 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 08:09 - 2015-02-21 14:51 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 08:09 - 2015-02-21 14:50 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 08:09 - 2015-02-21 14:50 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 08:09 - 2015-02-21 14:50 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 08:09 - 2015-02-21 13:37 - 12375040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-11 08:09 - 2015-02-21 13:28 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-11 08:09 - 2015-02-21 13:21 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-11 08:09 - 2015-02-21 13:19 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-03-11 08:09 - 2015-02-21 13:19 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-11 08:09 - 2015-02-21 13:18 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-11 08:09 - 2015-02-21 13:18 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-11 08:09 - 2015-02-21 13:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-11 08:09 - 2015-02-21 13:18 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-11 08:09 - 2015-02-21 13:17 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-11 08:09 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 08:09 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 08:09 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 08:09 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 08:09 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-11 08:09 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-11 08:09 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-11 08:09 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-11 08:09 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 08:09 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-11 08:09 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-11 08:09 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 08:09 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 08:09 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 08:09 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 08:09 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-11 08:09 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 08:09 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 08:09 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-11 08:09 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-11 08:09 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-11 08:09 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-11 08:09 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-11 08:09 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-11 08:09 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-11 08:09 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 08:09 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 08:08 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 08:08 - 2015-02-21 15:17 - 17882624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 08:08 - 2015-02-21 15:07 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-03-11 08:08 - 2015-02-21 15:02 - 10931200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 08:08 - 2015-02-21 14:54 - 01388032 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 08:08 - 2015-02-21 14:53 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 08:08 - 2015-02-21 14:52 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-03-11 08:08 - 2015-02-21 14:52 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 08:08 - 2015-02-21 14:52 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 08:08 - 2015-02-21 14:51 - 02157568 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 08:08 - 2015-02-21 14:51 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 08:08 - 2015-02-21 14:51 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-03-11 08:08 - 2015-02-21 14:51 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-03-11 08:08 - 2015-02-21 14:50 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-03-11 08:08 - 2015-02-21 13:34 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-03-11 08:08 - 2015-02-21 13:29 - 09747968 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-11 08:08 - 2015-02-21 13:22 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-11 08:08 - 2015-02-21 13:21 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-11 08:08 - 2015-02-21 13:20 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2015-03-11 08:08 - 2015-02-21 13:20 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-11 08:08 - 2015-02-21 13:19 - 01803264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-11 08:08 - 2015-02-21 13:19 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-11 08:08 - 2015-02-21 13:19 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-11 08:08 - 2015-02-21 13:18 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2015-03-11 08:08 - 2015-02-21 13:18 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2015-03-11 08:08 - 2015-02-21 13:18 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2015-03-11 08:08 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 08:08 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-11 08:08 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 08:08 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:08 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 08:08 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-11 07:56 - 2015-03-11 07:56 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{1908693D-57DF-4D77-8C1D-333BD081A842}
2015-03-10 19:31 - 2015-03-10 19:32 - 00022672 _____ () C:\Users\Daehan1\Desktop\Daily Report 03102015.xlsx
2015-03-09 18:10 - 2015-03-09 18:42 - 00022928 _____ () C:\Users\Daehan1\Desktop\Daily Report 03092015.xlsx
2015-03-06 19:50 - 2015-03-06 19:50 - 00020272 _____ () C:\Users\Daehan1\Desktop\Daily Report 03062015.xlsx
2015-03-06 09:13 - 2015-03-06 09:13 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{A9972EF2-CBB7-40FB-AFAC-7369B786C55F}
2015-03-05 19:22 - 2015-03-05 19:57 - 00021856 _____ () C:\Users\Daehan1\Desktop\Daily Report 03052015.xlsx
2015-03-04 21:48 - 2015-03-04 21:48 - 00021760 _____ () C:\Users\Daehan1\Desktop\Daily Report 03042015.xlsx
2015-03-04 09:15 - 2015-03-04 09:15 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{F3630DB4-EA96-42CD-A3CE-67F875D62610}
2015-03-03 20:04 - 2015-03-03 20:04 - 00022176 _____ () C:\Users\Daehan1\Desktop\Daily Report 03032015.xlsx
2015-03-03 19:46 - 2015-03-03 19:46 - 01537824 _____ () C:\Users\Daehan1\Desktop\Correct Action Report UMA Carpet Mat Hook.ppt
2015-03-03 19:16 - 2015-03-03 19:16 - 00027136 _____ () C:\Users\Daehan1\Desktop\Daily Overtime 20150303.xlsx
2015-03-03 18:43 - 2015-03-03 18:43 - 00106272 _____ () C:\Users\Daehan1\Desktop\Daehan three panel.xls
2015-03-03 15:44 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-03-03 15:44 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-03-03 15:44 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-03-03 15:44 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-03-03 10:08 - 2015-03-03 10:11 - 00010304 _____ () C:\Users\Daehan1\Desktop\Absentees 3.3. (1).xlsx
2015-03-03 09:36 - 2015-03-03 09:36 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{96DFEE7B-590E-4E42-911B-6B3ED58453DB}
2015-03-02 21:13 - 2015-03-02 21:13 - 00021872 _____ () C:\Users\Daehan1\Desktop\Daily Report 03022015.xlsx
2015-03-02 19:16 - 2015-03-02 19:16 - 00027376 _____ () C:\Users\Daehan1\Desktop\Daily Overtime 20150302.xlsx
2015-03-02 11:10 - 2015-03-02 11:11 - 00026672 _____ () C:\Users\Daehan1\Desktop\Daily Overtime 20150301.xlsx
2015-03-02 09:04 - 2015-03-02 09:04 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{70B135A7-4C09-4F1C-B771-714B515CF823}
2015-02-28 21:26 - 2015-02-28 21:26 - 00021792 _____ () C:\Users\Daehan1\Desktop\Daily Report 02282015.xlsx
2015-02-28 09:14 - 2015-02-28 09:14 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{9DF9F887-027F-4C59-B5BB-FE305486D644}
2015-02-27 20:42 - 2015-02-27 20:42 - 00022912 _____ () C:\Users\Daehan1\Desktop\Daily Report 02272015.xlsx
2015-02-27 20:09 - 2015-02-27 20:09 - 00026688 _____ () C:\Users\Daehan1\Desktop\Daily Overtime 20150227.xlsx
2015-02-27 14:06 - 2015-02-27 14:06 - 00647792 _____ () C:\Users\Daehan1\Desktop\UMA Tunnel Pad.pptx
2015-02-27 09:13 - 2015-02-27 09:13 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{D089070A-2E45-4843-A50D-3ABB342D8E53}
2015-02-25 21:16 - 2015-01-08 19:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 21:16 - 2015-01-08 19:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-25 18:23 - 2015-02-25 20:56 - 00020256 _____ () C:\Users\Daehan1\Desktop\Daily Report 02252015.xlsx
2015-02-25 09:05 - 2015-02-25 09:05 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{09C03DB9-C421-4749-A453-79421DCC0122}
2015-02-24 18:21 - 2015-02-24 18:21 - 00026480 _____ () C:\Users\Daehan1\Desktop\Daily Overtime 20150224.xlsx
2015-02-24 17:55 - 2015-02-24 19:39 - 00019536 _____ () C:\Users\Daehan1\Desktop\Daily Report 02242015.xlsx
2015-02-24 08:13 - 2015-02-24 08:13 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{FC90F6F9-2C39-4996-B5AD-C8F1C8ABEC1D}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 12:40 - 2014-11-17 13:14 - 00000000 ____D () C:\FRST
2015-03-25 12:39 - 2012-02-26 07:21 - 01163618 _____ () C:\windows\WindowsUpdate.log
2015-03-25 12:38 - 2012-03-28 14:38 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{5E3E9158-35D3-43FE-96C7-297D20B969A0}
2015-03-25 12:34 - 2012-10-20 03:15 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-25 12:30 - 2009-07-14 00:45 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 12:30 - 2009-07-14 00:45 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 12:29 - 2009-07-14 01:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-25 12:26 - 2014-11-17 15:41 - 00000000 ____D () C:\Users\Daehan1\Desktop\Production Plan
2015-03-25 12:23 - 2012-10-20 03:15 - 00000000 ___RD () C:\Users\Daehan1\Google Drive
2015-03-25 12:23 - 2012-03-28 23:39 - 00000000 ____D () C:\Users\Daehan1\Tracing
2015-03-25 12:22 - 2012-10-20 03:15 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-25 12:21 - 2011-03-06 18:20 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-25 12:21 - 2011-03-06 18:16 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-03-25 12:21 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-25 12:21 - 2009-07-14 00:51 - 00140333 _____ () C:\windows\setupact.log
2015-03-17 12:20 - 2014-11-17 12:45 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-03-17 12:02 - 2014-11-17 12:43 - 02095616 _____ (Farbar) C:\Users\Daehan1\Desktop\FRST64.exe
2015-03-17 11:50 - 2014-12-02 13:40 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\Skype
2015-03-17 11:32 - 2014-05-12 11:21 - 00000000 ____D () C:\QUARANTINE
2015-03-17 11:32 - 2013-06-19 12:26 - 00000000 ____D () C:\Users\Daehan1\Documents\Outlook Files
2015-03-17 11:32 - 2012-05-21 12:33 - 00000000 ____D () C:\Users\Daehan1\Documents\Rainmeter
2015-03-17 11:32 - 2012-05-20 05:40 - 00000000 ____D () C:\Users\Daehan1\Desktop\Theme Tools
2015-03-17 11:32 - 2012-05-16 00:57 - 00000000 ____D () C:\Users\Daehan1\Documents\My Received Files
2015-03-17 11:32 - 2012-04-20 07:24 - 00000000 ____D () C:\Users\Daehan1\SapWorkDir
2015-03-17 11:32 - 2012-03-28 14:23 - 00000000 ____D () C:\Users\Daehan1
2015-03-17 11:29 - 2015-02-09 14:03 - 00000000 ____D () C:\Users\Daehan1\Desktop\Pass Down Log
2015-03-17 11:29 - 2015-02-06 10:24 - 00000000 ____D () C:\Users\Daehan1\Desktop\Downtime Report
2015-03-17 11:29 - 2015-01-03 11:11 - 00000000 ____D () C:\Users\Daehan1\Desktop\Daily Overtime 2015
2015-03-17 11:29 - 2014-11-25 18:07 - 00000000 ____D () C:\Users\Daehan1\Desktop\Evaluations
2015-03-17 11:29 - 2014-11-17 15:41 - 00000000 ____D () C:\Users\Daehan1\Desktop\Mid Day Check
2015-03-17 11:28 - 2014-05-07 17:13 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\McAfee
2015-03-17 11:28 - 2013-03-02 14:30 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\Research In Motion
2015-03-17 11:28 - 2012-10-06 03:49 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\Mozilla
2015-03-17 11:28 - 2012-05-21 12:33 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\Rainmeter
2015-03-17 11:28 - 2012-04-15 03:01 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\Skype_old
2015-03-17 11:28 - 2012-03-28 14:38 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\Adobe
2015-03-17 11:27 - 2014-02-28 09:58 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\Skype
2015-03-17 11:27 - 2013-08-02 16:01 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\SlimWare Utilities Inc
2015-03-17 11:27 - 2013-03-02 13:36 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\Research In Motion
2015-03-17 11:27 - 2012-12-02 06:05 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\Oberon Media
2015-03-17 11:15 - 2013-02-28 19:05 - 00000000 ____D () C:\ProgramData\Motive
2015-03-17 11:15 - 2012-07-09 10:34 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-17 11:15 - 2011-03-06 18:28 - 00000000 ____D () C:\ProgramData\Sonic
2015-03-17 11:15 - 2011-03-06 17:44 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-03-17 11:14 - 2014-11-17 12:46 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\CrashDumps
2015-03-17 09:46 - 2012-04-05 21:39 - 00003198 _____ () C:\windows\System32\Tasks\HPCeeScheduleForDaehan1
2015-03-17 09:46 - 2012-04-05 21:39 - 00000340 _____ () C:\windows\Tasks\HPCeeScheduleForDaehan1.job
2015-03-14 09:35 - 2012-10-20 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-12 08:43 - 2012-03-28 22:20 - 00000000 ____D () C:\windows\rescache
2015-03-12 08:02 - 2012-03-28 14:31 - 00000000 ___RD () C:\Users\Daehan1\Virtual Machines
2015-03-12 08:02 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-12 08:01 - 2009-07-14 00:45 - 00464016 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-12 07:59 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-12 07:59 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-12 07:58 - 2012-02-26 08:01 - 00281140 _____ () C:\windows\PFRO.log
2015-03-11 20:25 - 2012-03-28 18:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 20:25 - 2009-07-13 22:34 - 00000478 _____ () C:\windows\win.ini
2015-03-11 20:20 - 2013-08-14 17:59 - 00000000 ____D () C:\windows\system32\MRT
2015-03-11 20:15 - 2012-05-07 09:17 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-10 16:44 - 2014-09-10 16:02 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-10 16:43 - 2014-11-17 17:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-10 16:42 - 2014-11-17 17:11 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-06 14:55 - 2012-03-28 14:34 - 00003222 _____ () C:\windows\System32\Tasks\HPCeeScheduleForDAEHAN1-HP$
2015-03-06 14:55 - 2012-03-28 14:34 - 00000346 _____ () C:\windows\Tasks\HPCeeScheduleForDAEHAN1-HP$.job
2015-03-04 09:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\tracing
2015-02-27 09:10 - 2009-07-14 01:08 - 00032602 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-02-24 04:17 - 2012-03-28 14:58 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2012-04-20 07:28 - 2006-12-29 10:15 - 0040960 _____ (SAP-TECHNOLOGY) C:\Program Files (x86)\Common Files\DigitalSignature.ocx
2012-04-20 07:28 - 2006-12-07 05:26 - 1129984 _____ () C:\Program Files (x86)\Common Files\SAPActiveXL.xlt
2012-04-20 07:28 - 2006-12-07 05:26 - 1124864 _____ () C:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
2012-04-20 07:28 - 2006-12-29 10:15 - 0626688 _____ (SAP AG) C:\Program Files (x86)\Common Files\sapconsaccess.dll
2012-04-20 07:28 - 2006-12-29 10:15 - 0192512 _____ (SAP Tech Inc.) C:\Program Files (x86)\Common Files\sapconsr3.dll
2012-04-20 07:28 - 2006-12-29 10:15 - 3100672 _____ (SAP Technology,Inc) C:\Program Files (x86)\Common Files\sapxlhelper.dll
2014-11-09 17:19 - 2014-11-09 17:19 - 0000272 _____ () C:\Users\Daehan1\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2015-03-17 11:28 - 2015-03-17 11:28 - 0045933 _____ () C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-17 11:28 - 2015-03-17 11:28 - 0000304 _____ () C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.URL
2013-03-02 13:36 - 2013-03-02 15:04 - 0000308 _____ () C:\Users\Daehan1\AppData\Roaming\Rim.Desktop.Exception.log
2013-03-02 13:35 - 2013-03-02 14:39 - 0003174 _____ () C:\Users\Daehan1\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-03-02 13:36 - 2013-03-02 15:04 - 0000308 _____ () C:\Users\Daehan1\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-09 17:18 - 2014-11-09 17:18 - 0000272 _____ () C:\Users\Daehan1\AppData\Local\DECRYPT_INSTRUCTION.URL
2015-03-17 11:28 - 2015-03-17 11:28 - 0045933 _____ () C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.PNG
2015-03-17 11:28 - 2015-03-17 11:28 - 0000304 _____ () C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.URL
2013-11-11 10:50 - 2013-11-11 10:50 - 0000017 _____ () C:\Users\Daehan1\AppData\Local\resmon.resmoncfg
2014-11-09 16:55 - 2014-11-17 12:33 - 0000408 _____ () C:\ProgramData\@system.temp
2014-11-09 16:55 - 2014-11-17 12:33 - 0000144 ____H () C:\ProgramData\@system3.att
2014-11-09 16:56 - 2014-11-09 16:56 - 0000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2015-03-17 11:15 - 2015-03-17 11:15 - 0045933 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-17 11:15 - 2015-03-17 11:15 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL

Some content of TEMP:
====================
C:\Users\Daehan1\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Daehan1\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-16 10:03

==================== End Of Log ============================

Attached Files


Edited by NineVision, 26 March 2015 - 08:48 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 AM

Posted 26 March 2015 - 01:41 PM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

Startup: C:\Users\Daehan1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
InternetURL: C:\Users\Daehan1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.optionstopaytos.com/19xmkcx
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1786351023-3499971516-826020898-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dosearches.xml [2013-11-05]
U3 mfeavfk01; No ImagePath
C:\Users\Daehan1\HELP_DECRYPT.URL
C:\Users\Daehan1\Downloads\HELP_DECRYPT.URL
C:\Users\Daehan1\Documents\HELP_DECRYPT.URL
C:\HELP_DECRYPT.URL
C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.URL
C:\Users\Daehan1\AppData\HELP_DECRYPT.URL
C:\ProgramData\HELP_DECRYPT.URL

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Im going to break this post up to see if it works that way.
The exact error comes from the forum, which is "You do not have permission for that"


Run the Farbar tool one more time and post the complete log if you can.
===

If you cannot just post the lines that you have removed.

How is the computer running now?

p.s.
It may just have been that your log was too long to post.
There is a limit on the number of characters per post.

#10 NineVision

NineVision
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 26 March 2015 - 02:45 PM

fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Daehan1 at 2015-03-26 15:21:04 Run:2
Running from C:\Users\Daehan1\Desktop\Fix
Loaded Profiles: Daehan1 (Available profiles: Daehan1)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

Startup: C:\Users\Daehan1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
InternetURL: C:\Users\Daehan1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.optionstopaytos.com/19xmkcx
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1786351023-3499971516-826020898-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dosearches.xml [2013-11-05]
U3 mfeavfk01; No ImagePath
C:\Users\Daehan1\HELP_DECRYPT.URL
C:\Users\Daehan1\Downloads\HELP_DECRYPT.URL
C:\Users\Daehan1\Documents\HELP_DECRYPT.URL
C:\HELP_DECRYPT.URL
C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.URL
C:\Users\Daehan1\AppData\HELP_DECRYPT.URL
C:\ProgramData\HELP_DECRYPT.URL

End
*****************

Processes closed successfully.
C:\Users\Daehan1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG => Moved successfully.
C:\Users\Daehan1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found.
HKU\S-1-5-21-1786351023-3499971516-826020898-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\dosearches.xml => Moved successfully.
mfeavfk01 => Service deleted successfully.
C:\Users\Daehan1\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Daehan1\Downloads\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Daehan1\Documents\HELP_DECRYPT.URL => Moved successfully.
C:\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.URL => Moved successfully.
C:\Users\Daehan1\AppData\HELP_DECRYPT.URL => Moved successfully.
C:\ProgramData\HELP_DECRYPT.URL => Moved successfully.

The system needed a reboot.

==== End of Fixlog 15:21:05 ====

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Daehan1 (administrator) on DAEHAN1-HP on 26-03-2015 15:34:46
Running from C:\Users\Daehan1\Desktop\Fix
Loaded Profiles: Daehan1 (Available profiles: Daehan1)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
() C:\Windows\System32\SCPwrSetSvr.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7177728 2013-04-18] (Broadcom Corporation)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2012-02-08] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-15] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-11-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-04-05] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HPQuickWebProxy] => c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [76344 2011-02-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IFXSPMGT] => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-06-25] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1786351023-3499971516-826020898-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\S-1-5-21-1786351023-3499971516-826020898-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-1786351023-3499971516-826020898-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-1786351023-3499971516-826020898-1001\...\MountPoints2: {0559f18a-3373-11e2-a7bd-402cf48ae7b9} - D:\TL_Bootstrap.exe
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1786351023-3499971516-826020898-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1786351023-3499971516-826020898-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140507171224.dll [2014-05-07] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2011-02-07] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140507171225.dll [2014-05-07] (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} http://172.16.112.231/scriptX/ScriptX.cab
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: HKLM-x32 {EF3AFB74-6F3C-491F-8FF2-FBEC88ADEBE5} http://www.kiwidisk.com/app/KiwidiskCtrl.CAB
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2006-12-29] (SAP AG, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2006-12-29] (SAP AG, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{CB61A838-517C-4EE5-A8C6-FE8017B03616}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Daehan1\AppData\Roaming\Mozilla\Firefox\Profiles\w4l83hoq.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-06-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-06-05] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media )
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2011-03-06]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014-05-07]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)
R3 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320000 2011-02-07] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-20] (Infineon Technologies AG)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2012-02-08] () [File not signed]
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc.)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-05-07] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [185280 2014-05-07] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)
R2 SCPwrSetSvr; C:\windows\system32\SCPwrSetSvr.exe [90112 2013-04-25] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2012-11-15] (IDT, Inc.) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2012-05-20] (Microsoft Corporation) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5862400 2013-04-18] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-02-27] (JMicron Technology Corp.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-05-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-05-07] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [100808 2012-02-08] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158920 2012-02-08] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-05-07] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-05-07] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-05-07] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1826048 2010-12-21] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-17] ()
S3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [43520 2013-04-25] (Generic)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-03-17] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 15:24 - 2015-03-26 15:24 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{41D6892C-FDA7-49D3-9505-4FFAF2ACA0AB}
2015-03-26 08:36 - 2015-03-26 08:36 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{AF36A82B-A5E8-4307-8C13-9051E4167318}
2015-03-25 12:42 - 2015-03-25 12:44 - 00040154 _____ () C:\Users\Daehan1\Desktop\Addition.txt
2015-03-25 12:40 - 2015-03-25 12:44 - 00063099 _____ () C:\Users\Daehan1\Desktop\FRST.txt
2015-03-25 12:39 - 2015-03-26 15:34 - 00000000 ____D () C:\Users\Daehan1\Desktop\Fix
2015-03-25 12:35 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-25 12:35 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-25 12:35 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-25 12:35 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-25 12:35 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-25 12:35 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-25 12:35 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-25 12:35 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-17 12:36 - 2015-03-17 12:36 - 00028631 _____ () C:\Users\Daehan1\Desktop\dds.txt
2015-03-17 12:36 - 2015-03-17 12:36 - 00010293 _____ () C:\Users\Daehan1\Desktop\attach.txt
2015-03-17 12:02 - 2015-03-17 12:02 - 00000000 ____D () C:\Users\Daehan1\Desktop\FRST-OlderVersion
2015-03-17 08:16 - 2015-03-17 08:16 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{2DD71ACF-1A36-46C2-A55B-B45C7D84864D}
2015-03-16 18:55 - 2015-03-16 18:59 - 00024432 _____ () C:\Users\Daehan1\Desktop\Daily Report 20150316.xlsx
2015-03-16 07:49 - 2015-03-16 20:14 - 00091040 _____ () C:\Users\Daehan1\Desktop\Production Daily Plan 20150316.xlsx
2015-03-16 07:35 - 2015-03-16 07:36 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{87D9860E-5860-4742-98DF-E7D3F8B4C5D3}
2015-03-14 18:05 - 2015-03-14 18:05 - 00023232 _____ () C:\Users\Daehan1\Desktop\Daily Report 20150314.xlsx
2015-03-14 10:23 - 2015-03-14 10:24 - 00025328 _____ () C:\Users\Daehan1\Desktop\Daily Overtime 20150315.xlsx
2015-03-13 20:29 - 2015-03-13 20:29 - 00021328 _____ () C:\Users\Daehan1\Desktop\Daily Report 20150313.xlsx
2015-03-13 08:03 - 2015-03-13 08:03 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{203BCA6F-EFD5-4B9F-9FD5-F5EBDFBA43AF}
2015-03-12 19:05 - 2015-03-12 19:47 - 00021072 _____ () C:\Users\Daehan1\Desktop\Daily Report 20150312.xlsx
2015-03-12 08:03 - 2015-03-12 08:03 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{816EF37F-6618-480E-A1DC-5A0DEDB1D411}
2015-03-11 19:31 - 2015-03-11 19:37 - 00022432 _____ () C:\Users\Daehan1\Desktop\Daily Report 20150311.xlsx
2015-03-11 13:09 - 2015-03-17 11:32 - 00000000 ____D () C:\Users\Daehan1\Desktop\Report
2015-03-11 08:10 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 08:10 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-03-11 08:10 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 08:10 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-03-11 08:10 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 08:10 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-11 08:10 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 08:10 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 08:10 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:10 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:10 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-03-11 08:10 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-03-11 08:10 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-11 08:09 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:09 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 08:09 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 08:09 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 08:09 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 08:09 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 08:09 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 08:09 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 08:09 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-03-11 08:09 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-03-11 08:09 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-03-11 08:09 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-03-11 08:09 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-03-11 08:09 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-03-11 08:09 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-03-11 08:09 - 2015-02-21 15:00 - 02339840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 08:09 - 2015-02-21 14:54 - 01392128 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 08:09 - 2015-02-21 14:51 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-03-11 08:09 - 2015-02-21 14:51 - 00598528 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 08:09 - 2015-02-21 14:51 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 08:09 - 2015-02-21 14:51 - 00282112 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 08:09 - 2015-02-21 14:50 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 08:09 - 2015-02-21 14:50 - 00248320 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 08:09 - 2015-02-21 14:50 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 08:09 - 2015-02-21 13:37 - 12375040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-11 08:09 - 2015-02-21 13:28 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-11 08:09 - 2015-02-21 13:21 - 01129472 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-11 08:09 - 2015-02-21 13:19 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-03-11 08:09 - 2015-02-21 13:19 - 00421376 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-11 08:09 - 2015-02-21 13:18 - 02382848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-03-11 08:09 - 2015-02-21 13:18 - 00353792 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-11 08:09 - 2015-02-21 13:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-03-11 08:09 - 2015-02-21 13:18 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-03-11 08:09 - 2015-02-21 13:17 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-03-11 08:09 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 08:09 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 08:09 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 08:09 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 08:09 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-03-11 08:09 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-03-11 08:09 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-03-11 08:09 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-03-11 08:09 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 08:09 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-03-11 08:09 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-03-11 08:09 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 08:09 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 08:09 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 08:09 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 08:09 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 08:09 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 08:09 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 08:09 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-03-11 08:09 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 08:09 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 08:09 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-03-11 08:09 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-03-11 08:09 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-03-11 08:09 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-03-11 08:09 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-03-11 08:09 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-03-11 08:09 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-03-11 08:09 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-03-11 08:09 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 08:09 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 08:08 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 08:08 - 2015-02-21 15:17 - 17882624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 08:08 - 2015-02-21 15:07 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-03-11 08:08 - 2015-02-21 15:02 - 10931200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 08:08 - 2015-02-21 14:54 - 01388032 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 08:08 - 2015-02-21 14:53 - 01494016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 08:08 - 2015-02-21 14:52 - 00237056 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-03-11 08:08 - 2015-02-21 14:52 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 08:08 - 2015-02-21 14:52 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 08:08 - 2015-02-21 14:51 - 02157568 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 08:08 - 2015-02-21 14:51 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 08:08 - 2015-02-21 14:51 - 00055296 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-03-11 08:08 - 2015-02-21 14:51 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-03-11 08:08 - 2015-02-21 14:50 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-03-11 08:08 - 2015-02-21 13:34 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-03-11 08:08 - 2015-02-21 13:29 - 09747968 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-11 08:08 - 2015-02-21 13:22 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-11 08:08 - 2015-02-21 13:21 - 01427968 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-11 08:08 - 2015-02-21 13:20 - 00231936 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2015-03-11 08:08 - 2015-02-21 13:20 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-03-11 08:08 - 2015-02-21 13:19 - 01803264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-11 08:08 - 2015-02-21 13:19 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-11 08:08 - 2015-02-21 13:19 - 00142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-03-11 08:08 - 2015-02-21 13:18 - 00041472 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2015-03-11 08:08 - 2015-02-21 13:18 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2015-03-11 08:08 - 2015-02-21 13:18 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2015-03-11 08:08 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 08:08 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-03-11 08:08 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 08:08 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:08 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 08:08 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-03-11 07:56 - 2015-03-11 07:56 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{1908693D-57DF-4D77-8C1D-333BD081A842}
2015-03-10 19:31 - 2015-03-10 19:32 - 00022672 _____ () C:\Users\Daehan1\Desktop\Daily Report 03102015.xlsx
2015-03-09 18:10 - 2015-03-09 18:42 - 00022928 _____ () C:\Users\Daehan1\Desktop\Daily Report 03092015.xlsx
2015-03-06 19:50 - 2015-03-06 19:50 - 00020272 _____ () C:\Users\Daehan1\Desktop\Daily Report 03062015.xlsx
2015-03-06 09:13 - 2015-03-06 09:13 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{A9972EF2-CBB7-40FB-AFAC-7369B786C55F}
2015-03-05 19:22 - 2015-03-05 19:57 - 00021856 _____ () C:\Users\Daehan1\Desktop\Daily Report 03052015.xlsx
2015-03-04 21:48 - 2015-03-04 21:48 - 00021760 _____ () C:\Users\Daehan1\Desktop\Daily Report 03042015.xlsx
2015-03-04 09:15 - 2015-03-04 09:15 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{F3630DB4-EA96-42CD-A3CE-67F875D62610}
2015-03-03 20:04 - 2015-03-03 20:04 - 00022176 _____ () C:\Users\Daehan1\Desktop\Daily Report 03032015.xlsx
2015-03-03 19:46 - 2015-03-03 19:46 - 01537824 _____ () C:\Users\Daehan1\Desktop\Correct Action Report UMA Carpet Mat Hook.ppt
2015-03-03 19:16 - 2015-03-03 19:16 - 00027136 _____ () C:\Users\Daehan1\Desktop\Daily Overtime 20150303.xlsx
2015-03-03 18:43 - 2015-03-03 18:43 - 00106272 _____ () C:\Users\Daehan1\Desktop\Daehan three panel.xls
2015-03-03 15:44 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-03-03 15:44 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-03-03 15:44 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-03-03 15:44 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-03-03 10:08 - 2015-03-03 10:11 - 00010304 _____ () C:\Users\Daehan1\Desktop\Absentees 3.3. (1).xlsx
2015-03-03 09:36 - 2015-03-03 09:36 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{96DFEE7B-590E-4E42-911B-6B3ED58453DB}
2015-03-02 21:13 - 2015-03-02 21:13 - 00021872 _____ () C:\Users\Daehan1\Desktop\Daily Report 03022015.xlsx
2015-03-02 19:16 - 2015-03-02 19:16 - 00027376 _____ () C:\Users\Daehan1\Desktop\Daily Overtime 20150302.xlsx
2015-03-02 11:10 - 2015-03-02 11:11 - 00026672 _____ () C:\Users\Daehan1\Desktop\Daily Overtime 20150301.xlsx
2015-03-02 09:04 - 2015-03-02 09:04 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{70B135A7-4C09-4F1C-B771-714B515CF823}
2015-02-28 21:26 - 2015-02-28 21:26 - 00021792 _____ () C:\Users\Daehan1\Desktop\Daily Report 02282015.xlsx
2015-02-28 09:14 - 2015-02-28 09:14 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{9DF9F887-027F-4C59-B5BB-FE305486D644}
2015-02-27 20:42 - 2015-02-27 20:42 - 00022912 _____ () C:\Users\Daehan1\Desktop\Daily Report 02272015.xlsx
2015-02-27 20:09 - 2015-02-27 20:09 - 00026688 _____ () C:\Users\Daehan1\Desktop\Daily Overtime 20150227.xlsx
2015-02-27 14:06 - 2015-02-27 14:06 - 00647792 _____ () C:\Users\Daehan1\Desktop\UMA Tunnel Pad.pptx
2015-02-27 09:13 - 2015-02-27 09:13 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{D089070A-2E45-4843-A50D-3ABB342D8E53}
2015-02-25 21:16 - 2015-01-08 19:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 21:16 - 2015-01-08 19:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-25 18:23 - 2015-02-25 20:56 - 00020256 _____ () C:\Users\Daehan1\Desktop\Daily Report 02252015.xlsx
2015-02-25 09:05 - 2015-02-25 09:05 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{09C03DB9-C421-4749-A453-79421DCC0122}
2015-02-24 18:21 - 2015-02-24 18:21 - 00026480 _____ () C:\Users\Daehan1\Desktop\Daily Overtime 20150224.xlsx
2015-02-24 17:55 - 2015-02-24 19:39 - 00019536 _____ () C:\Users\Daehan1\Desktop\Daily Report 02242015.xlsx
2015-02-24 08:13 - 2015-02-24 08:13 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\{FC90F6F9-2C39-4996-B5AD-C8F1C8ABEC1D}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 15:34 - 2014-11-17 13:14 - 00000000 ____D () C:\FRST
2015-03-26 15:34 - 2012-10-20 03:15 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 15:30 - 2009-07-14 00:45 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 15:30 - 2009-07-14 00:45 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 15:27 - 2009-07-14 01:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-26 15:24 - 2012-10-20 03:15 - 00000000 ___RD () C:\Users\Daehan1\Google Drive
2015-03-26 15:23 - 2012-10-20 03:15 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 15:23 - 2012-03-28 23:39 - 00000000 ____D () C:\Users\Daehan1\Tracing
2015-03-26 15:23 - 2011-03-06 18:20 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-26 15:23 - 2011-03-06 18:16 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-03-26 15:22 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-26 15:22 - 2009-07-14 00:51 - 00140445 _____ () C:\windows\setupact.log
2015-03-26 15:21 - 2012-03-28 14:23 - 00000000 ____D () C:\Users\Daehan1
2015-03-26 15:21 - 2012-02-26 07:21 - 01249313 _____ () C:\windows\WindowsUpdate.log
2015-03-26 15:13 - 2014-11-17 15:41 - 00000000 ____D () C:\Users\Daehan1\Desktop\Production Plan
2015-03-26 13:26 - 2012-03-28 14:38 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{5E3E9158-35D3-43FE-96C7-297D20B969A0}
2015-03-26 08:33 - 2014-12-11 08:42 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-26 08:33 - 2014-05-06 21:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-25 15:46 - 2012-04-05 21:39 - 00003198 _____ () C:\windows\System32\Tasks\HPCeeScheduleForDaehan1
2015-03-25 15:46 - 2012-04-05 21:39 - 00000340 _____ () C:\windows\Tasks\HPCeeScheduleForDaehan1.job
2015-03-17 12:20 - 2014-11-17 12:45 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-03-17 12:02 - 2014-11-17 12:43 - 02095616 _____ (Farbar) C:\Users\Daehan1\Desktop\FRST64.exe
2015-03-17 11:50 - 2014-12-02 13:40 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\Skype
2015-03-17 11:32 - 2014-05-12 11:21 - 00000000 ____D () C:\QUARANTINE
2015-03-17 11:32 - 2013-06-19 12:26 - 00000000 ____D () C:\Users\Daehan1\Documents\Outlook Files
2015-03-17 11:32 - 2012-05-21 12:33 - 00000000 ____D () C:\Users\Daehan1\Documents\Rainmeter
2015-03-17 11:32 - 2012-05-20 05:40 - 00000000 ____D () C:\Users\Daehan1\Desktop\Theme Tools
2015-03-17 11:32 - 2012-05-16 00:57 - 00000000 ____D () C:\Users\Daehan1\Documents\My Received Files
2015-03-17 11:32 - 2012-04-20 07:24 - 00000000 ____D () C:\Users\Daehan1\SapWorkDir
2015-03-17 11:29 - 2015-02-09 14:03 - 00000000 ____D () C:\Users\Daehan1\Desktop\Pass Down Log
2015-03-17 11:29 - 2015-02-06 10:24 - 00000000 ____D () C:\Users\Daehan1\Desktop\Downtime Report
2015-03-17 11:29 - 2015-01-03 11:11 - 00000000 ____D () C:\Users\Daehan1\Desktop\Daily Overtime 2015
2015-03-17 11:29 - 2014-11-25 18:07 - 00000000 ____D () C:\Users\Daehan1\Desktop\Evaluations
2015-03-17 11:29 - 2014-11-17 15:41 - 00000000 ____D () C:\Users\Daehan1\Desktop\Mid Day Check
2015-03-17 11:28 - 2014-05-07 17:13 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\McAfee
2015-03-17 11:28 - 2013-03-02 14:30 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\Research In Motion
2015-03-17 11:28 - 2012-10-06 03:49 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\Mozilla
2015-03-17 11:28 - 2012-05-21 12:33 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\Rainmeter
2015-03-17 11:28 - 2012-04-15 03:01 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\Skype_old
2015-03-17 11:28 - 2012-03-28 14:38 - 00000000 ____D () C:\Users\Daehan1\AppData\Roaming\Adobe
2015-03-17 11:27 - 2014-02-28 09:58 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\Skype
2015-03-17 11:27 - 2013-08-02 16:01 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\SlimWare Utilities Inc
2015-03-17 11:27 - 2013-03-02 13:36 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\Research In Motion
2015-03-17 11:27 - 2012-12-02 06:05 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\Oberon Media
2015-03-17 11:15 - 2013-02-28 19:05 - 00000000 ____D () C:\ProgramData\Motive
2015-03-17 11:15 - 2012-07-09 10:34 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-17 11:15 - 2011-03-06 18:28 - 00000000 ____D () C:\ProgramData\Sonic
2015-03-17 11:15 - 2011-03-06 17:44 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-03-17 11:14 - 2014-11-17 12:46 - 00000000 ____D () C:\Users\Daehan1\AppData\Local\CrashDumps
2015-03-14 09:35 - 2012-10-20 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-12 08:43 - 2012-03-28 22:20 - 00000000 ____D () C:\windows\rescache
2015-03-12 08:02 - 2012-03-28 14:31 - 00000000 ___RD () C:\Users\Daehan1\Virtual Machines
2015-03-12 08:02 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2015-03-12 08:01 - 2009-07-14 00:45 - 00464016 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-12 07:59 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-03-12 07:59 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2015-03-12 07:58 - 2012-02-26 08:01 - 00281140 _____ () C:\windows\PFRO.log
2015-03-11 20:25 - 2012-03-28 18:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 20:25 - 2009-07-13 22:34 - 00000478 _____ () C:\windows\win.ini
2015-03-11 20:20 - 2013-08-14 17:59 - 00000000 ____D () C:\windows\system32\MRT
2015-03-11 20:15 - 2012-05-07 09:17 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-10 16:44 - 2014-09-10 16:02 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-10 16:43 - 2014-11-17 17:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-10 16:42 - 2014-11-17 17:11 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-06 14:55 - 2012-03-28 14:34 - 00003222 _____ () C:\windows\System32\Tasks\HPCeeScheduleForDAEHAN1-HP$
2015-03-06 14:55 - 2012-03-28 14:34 - 00000346 _____ () C:\windows\Tasks\HPCeeScheduleForDAEHAN1-HP$.job
2015-03-04 09:10 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\tracing
2015-02-27 09:10 - 2009-07-14 01:08 - 00032602 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-02-24 04:17 - 2012-03-28 14:58 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2012-04-20 07:28 - 2006-12-29 10:15 - 0040960 _____ (SAP-TECHNOLOGY) C:\Program Files (x86)\Common Files\DigitalSignature.ocx
2012-04-20 07:28 - 2006-12-07 05:26 - 1129984 _____ () C:\Program Files (x86)\Common Files\SAPActiveXL.xlt
2012-04-20 07:28 - 2006-12-07 05:26 - 1124864 _____ () C:\Program Files (x86)\Common Files\SAPActiveXL_nosig.xlt
2012-04-20 07:28 - 2006-12-29 10:15 - 0626688 _____ (SAP AG) C:\Program Files (x86)\Common Files\sapconsaccess.dll
2012-04-20 07:28 - 2006-12-29 10:15 - 0192512 _____ (SAP Tech Inc.) C:\Program Files (x86)\Common Files\sapconsr3.dll
2012-04-20 07:28 - 2006-12-29 10:15 - 3100672 _____ (SAP Technology,Inc) C:\Program Files (x86)\Common Files\sapxlhelper.dll
2014-11-09 17:19 - 2014-11-09 17:19 - 0000272 _____ () C:\Users\Daehan1\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2015-03-17 11:28 - 2015-03-17 11:28 - 0045933 _____ () C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.PNG
2013-03-02 13:36 - 2013-03-02 15:04 - 0000308 _____ () C:\Users\Daehan1\AppData\Roaming\Rim.Desktop.Exception.log
2013-03-02 13:35 - 2013-03-02 14:39 - 0003174 _____ () C:\Users\Daehan1\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-03-02 13:36 - 2013-03-02 15:04 - 0000308 _____ () C:\Users\Daehan1\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-11-09 17:18 - 2014-11-09 17:18 - 0000272 _____ () C:\Users\Daehan1\AppData\Local\DECRYPT_INSTRUCTION.URL
2015-03-17 11:28 - 2015-03-17 11:28 - 0045933 _____ () C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.PNG
2013-11-11 10:50 - 2013-11-11 10:50 - 0000017 _____ () C:\Users\Daehan1\AppData\Local\resmon.resmoncfg
2014-11-09 16:55 - 2014-11-17 12:33 - 0000408 _____ () C:\ProgramData\@system.temp
2014-11-09 16:55 - 2014-11-17 12:33 - 0000144 ____H () C:\ProgramData\@system3.att
2014-11-09 16:56 - 2014-11-09 16:56 - 0000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2015-03-17 11:15 - 2015-03-17 11:15 - 0045933 _____ () C:\ProgramData\HELP_DECRYPT.PNG

Some content of TEMP:
====================
C:\Users\Daehan1\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Daehan1\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-25 13:10

==================== End Of Log ============================

 

 

 

 

 

Alright so the system before the fixlist it always poped up an image of instructions of what i needed to do to get my files back etc ... and now that is gone. Other wise the system seems fine but i know it's not. All my older files are not working and also it always brings up firefox and tries to load a certain series of web pages. I don't use firefox and not sure why it's doing that but i can't stop it during start up.

 

Also when using my browser after every restart i have to reset the default website. If not it will always stay blank or whatever and thats annoying as well. I just want this thing gone once and for all.

 

As far as posting the logs, The only problem i had are with the ones with different language files. I had to remove 4 lines in total where it was not letting me post. 3 out of 4 are excel files that i reconize but the other is in chinese characters and i have no idea what that is. It looks like a folder and not a file and i don't know what it is, atleast i don't reconize it.

 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 AM

Posted 27 March 2015 - 08:31 AM

Other wise the system seems fine but i know it's not. All my older files are not working and also it always brings up firefox and tries to load a certain series of web pages. I don't use firefox and not sure why it's doing that but i can't stop it during start up


Remove Firefox using the Add/Remove programs applet.

You can always re-install the application when all is well.
===
 

Also when using my browser after every restart i have to reset the default website

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

Let me know what problem persists.

#12 NineVision

NineVision
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 27 March 2015 - 09:51 AM

Removed firefox.

 

Did the reset on I.E. ---> after combofix restart the computer, same thing when i started up Explorer. Default page is still blank and not what i set it to which is google.

 

Combo Fix log below

 

 

 

ComboFix 15-03-25.01 - Daehan1 7/2015 Fri   9:52.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.949.82.1033.18.4046.2173 [GMT -4:00]
Running from: c:\users\Daehan1\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\@system3.att
C:\Thumbs.db
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\_ctypes.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\_elementtree.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\_hashlib.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\_multiprocessing.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\_socket.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\_ssl.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\_yappi.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\hashobjs_ext.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\pyexpat.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\pysqlite2._sqlite.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\python27.dll
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\pythoncom27.dll
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\PyWinTypes27.dll
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\select.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\unicodedata.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32api.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32com.shell.shell.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32crypt.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32event.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32file.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32gui.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32inet.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32pdh.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32pipe.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32process.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32profile.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32security.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\win32ts.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\windows._lib_cacheinvalidation.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wx._animate.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wx._controls_.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wx._core_.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wx._gdi_.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wx._html2.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wx._misc_.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wx._windows_.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wx._wizard.pyd
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wxbase294u_net_vc90.dll
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wxbase294u_vc90.dll
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wxmsw294u_adv_vc90.dll
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wxmsw294u_core_vc90.dll
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wxmsw294u_html_vc90.dll
c:\users\Daehan1\AppData\Local\Temp\_MEI48882\wxmsw294u_webview_vc90.dll
c:\users\Daehan1\AppData\Roaming\FrameworkUpdate7
c:\users\Daehan1\AppData\Roaming\FrameworkUpdate7\GoogleUpdate.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-27 to 2015-03-27  )))))))))))))))))))))))))))))))
.
.
2015-03-27 14:10 . 2015-03-27 14:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-27 13:37 . 2015-03-27 13:37 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6135908-68FF-452B-A0BA-66472DE188D8}\offreg.dll
2015-03-27 11:45 . 2015-03-14 10:02 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6135908-68FF-452B-A0BA-66472DE188D8}\mpengine.dll
2015-03-25 16:35 . 2015-03-11 04:06 677888 ----a-w- c:\windows\system32\generaltel.dll
2015-03-25 16:35 . 2015-03-11 04:06 760832 ----a-w- c:\windows\system32\invagent.dll
2015-03-25 16:35 . 2015-03-11 04:06 414720 ----a-w- c:\windows\system32\devinv.dll
2015-03-25 16:35 . 2015-03-11 04:06 943616 ----a-w- c:\windows\system32\appraiser.dll
2015-03-25 16:35 . 2015-03-11 04:05 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-25 16:35 . 2015-03-11 04:02 1107456 ----a-w- c:\windows\system32\aeinv.dll
2015-03-25 16:35 . 2015-03-11 04:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-25 16:35 . 2015-03-11 04:05 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-11 12:09 . 2015-02-03 03:31 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-03-11 12:08 . 2015-02-21 19:17 17882624 ----a-w- c:\windows\system32\mshtml.dll
2015-03-10 20:44 . 2015-03-10 20:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-03-03 19:44 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-03-03 19:44 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-03-03 19:44 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-03-03 19:44 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-17 16:20 . 2014-11-17 16:45 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-12 00:15 . 2012-05-07 13:17 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-10 20:42 . 2014-11-17 21:11 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-24 08:17 . 2012-03-28 18:58 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-17 19:26 . 2015-02-17 19:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-01-27 23:36 . 2015-02-11 13:23 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2006-12-29 14:15 . 2012-04-20 11:28 3100672 ----a-w- c:\program files (x86)\Common Files\sapxlhelper.dll
2006-12-29 14:15 . 2012-04-20 11:28 192512 ----a-w- c:\program files (x86)\Common Files\sapconsr3.dll
2006-12-29 14:15 . 2012-04-20 11:28 626688 ----a-w- c:\program files (x86)\Common Files\sapconsaccess.dll
2006-12-29 14:15 . 2012-04-20 11:28 40960 ----a-w- c:\program files (x86)\Common Files\DigitalSignature.ocx
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-05 94264]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2011-01-20 1125728]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-06-20 333728]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2013-06-25 337440]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2014-01-16 243560]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-02-11 335232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    DPPassFilter scecli
.
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 SzCCID;USB SmartCard Reader Driver;c:\windows\system32\DRIVERS\SzCCID.sys;c:\windows\SYSNATIVE\DRIVERS\SzCCID.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys;c:\windows\SYSNATIVE\drivers\psd.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 SCPwrSetSvr;SCPwrSet Service;c:\windows\system32\SCPwrSetSvr.exe;c:\windows\SYSNATIVE\SCPwrSetSvr.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-20 07:15]
.
2015-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-20 07:15]
.
2015-03-06 c:\windows\Tasks\HPCeeScheduleForDAEHAN1-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2015-03-25 c:\windows\Tasks\HPCeeScheduleForDaehan1.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 18:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2013-04-18 7177728]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2012-02-08 200704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-16 1664000]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: DhcpNameServer = 8.8.8.8
DPF: {EF3AFB74-6F3C-491F-8FF2-FBEC88ADEBE5} - hxxp://www.kiwidisk.com/app/KiwidiskCtrl.CAB
FF - ProfilePath - c:\users\Daehan1\AppData\Roaming\Mozilla\Firefox\Profiles\w4l83hoq.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\windows\system32\SCPwrSetSvr.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-03-27  10:33:43 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-27 14:33
.
Pre-Run: 388,850,298,880 bytes free
Post-Run: 388,872,433,664 bytes free
.
- - End Of File - - 609857C606F4689996C6BD013E9C024E
 

 

 

How do i get the decrpyt files that are in every folder and every drive off and deleted the easiest way?

Previous problems i didn't mention yet was --> laptop runs very slow and hangs up on certain web news sites which i freaquent often.

When on youtube it lags and seems like computer is running sluggish after view a few videos. This hasn't been a problem before but it has been doing it.

 

 

 

Edit: Just noticed that my McAffee Anti Virus is not running anymore. Not after the reboot. I am not aware on how to restart it........ kinda weird. The windows antivirus is turned off as well. There is a button to turn it on, however i am not able to click on it as it's opacity has been lowered and the button not being able to be pressed.


Edited by NineVision, 27 March 2015 - 10:27 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 AM

Posted 27 March 2015 - 10:56 AM

I missed removing these.
If they are other just delete the file.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

C:\Users\Daehan1\AppData\Roaming\DECRYPT_INSTRUCTION.URL
C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.PNG
C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\Daehan1\AppData\Roaming\Rim.Desktop.Exception.log
C:\Users\Daehan1\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
C:\Users\Daehan1\AppData\Roaming\Rim.DesktopHelper.Exception.log
C:\Users\Daehan1\AppData\Local\DECRYPT_INSTRUCTION.URL
C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.PNG
C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.URL
C:\Users\Daehan1\AppData\Local\resmon.resmoncfg
C:\ProgramData\@system.temp
C:\ProgramData\@system3.att
C:\ProgramData\DECRYPT_INSTRUCTION.URL
C:\ProgramData\HELP_DECRYPT.PNG
C:\ProgramData\HELP_DECRYPT.URL

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===
 

Edit: Just noticed that my McAffee Anti Virus is not running anymore. Not after the reboot. I am not aware on how to restart it........ kinda weird. The windows antivirus is turned off as well.

When you installed the McAfee Anto Virus the Windows Antivus is automatically disable.
You cannot run both of them in real life.

Re-install McAfee and see if the problem persists.

Edited by nasdaq, 27 March 2015 - 10:56 AM.


#14 NineVision

NineVision
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 27 March 2015 - 11:49 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Daehan1 at 2015-03-27 12:06:12 Run:3
Running from C:\Users\Daehan1\Desktop\Fix
Loaded Profiles: Daehan1 (Available profiles: Daehan1)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

C:\Users\Daehan1\AppData\Roaming\DECRYPT_INSTRUCTION.URL
C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.PNG
C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\Daehan1\AppData\Roaming\Rim.Desktop.Exception.log
C:\Users\Daehan1\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
C:\Users\Daehan1\AppData\Roaming\Rim.DesktopHelper.Exception.log
C:\Users\Daehan1\AppData\Local\DECRYPT_INSTRUCTION.URL
C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.PNG
C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.URL
C:\Users\Daehan1\AppData\Local\resmon.resmoncfg
C:\ProgramData\@system.temp
C:\ProgramData\@system3.att
C:\ProgramData\DECRYPT_INSTRUCTION.URL
C:\ProgramData\HELP_DECRYPT.PNG
C:\ProgramData\HELP_DECRYPT.URL

End
*****************

Processes closed successfully.
C:\Users\Daehan1\AppData\Roaming\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\Daehan1\AppData\Roaming\HELP_DECRYPT.URL" => File/Directory not found.
C:\Users\Daehan1\AppData\Roaming\Rim.Desktop.Exception.log => Moved successfully.
C:\Users\Daehan1\AppData\Roaming\Rim.Desktop.HttpServerSetup.log => Moved successfully.
C:\Users\Daehan1\AppData\Roaming\Rim.DesktopHelper.Exception.log => Moved successfully.
C:\Users\Daehan1\AppData\Local\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.PNG => Moved successfully.
"C:\Users\Daehan1\AppData\Local\HELP_DECRYPT.URL" => File/Directory not found.
C:\Users\Daehan1\AppData\Local\resmon.resmoncfg => Moved successfully.
C:\ProgramData\@system.temp => Moved successfully.
"C:\ProgramData\@system3.att" => File/Directory not found.
C:\ProgramData\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\ProgramData\HELP_DECRYPT.PNG => Moved successfully.
"C:\ProgramData\HELP_DECRYPT.URL" => File/Directory not found.

The system needed a reboot.

==== End of Fixlog 12:06:12 ====

 

 

After reboot I ended up losing connection to internet and had to get that back up. Though before I did, I reset IE again and this time it works. Though previously it would work for a day or two then comes back with the blank page default again. I'll have to check back on that after a few days i guess.

 

Firefox was removed from previous instructions.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:55 AM

Posted 27 March 2015 - 01:09 PM

Please do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users