Solved Disaster of Log-in. The log-in screen was AD.

neowing

Posts: 308   +1
Hi !
Recently, I try to buy the computer monitor in the Internet.
The problem was "Log-in" Screen.
I go to the web site that sell computer monitor and
it was my first time.

There are "new-register / member log-in / Telephone Number log-in"
I choose "Telephone number log-in", so I wrote my phone number and continued.

There was 3 steps and I was trying to do 3rd step.
But 2nd step was somewhat strange: it send me some numbers
and want me to download strange application in my smart phone.

So I investigate myself and found it was not from the official site
and it was "SCAM".

As a result, I visit the virus and malware removal, now.

-------------------------------------------


log - FRST.txt


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by user (administrator) on USER-PC (26-10-2016 14:50:32)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: 한국어(대한민국)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Interezen. Co., Ltd.) C:\Program Files (x86)\IPinside_LWS\I3GMainSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(EFM Networks) C:\Users\user\AppData\Local\ipTIME\ipTIME_Upgrade_Notification\ipTIME_Upgrade_Notification.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(HANCOM SECURE Inc.) C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\AnySign4PC.exe
(Interezen. Co., Ltd.) C:\Program Files (x86)\IPinside_LWS\I3GProc.exe
(SOFTFORUM) C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(MarkAny) C:\Windows\ImageSAFERSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(INNORIX) C:\Program Files (x86)\INNORIX\common\innosvc7.exe
(NAVER Corp.) C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X86.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Teruten) C:\Windows\SysWOW64\TUCTLSystem.exe
() C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(우리은행) C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\StSess.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\Nz32\StSess32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 **D�<*>] => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Run: [IME14 KOR Setup] => C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110776 2015-10-13] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-15] (COMODO)
HKLM\...\Run: [AhnLab Safe Transaction Application] => C:\Program Files\AhnLab\Safe Transaction\stsess.exe [4356792 2016-09-12] (AhnLab, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1468424 2016-08-26] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5695296 2011-01-17] (Acronis)
HKLM-x32\...\Run: [IME14 KOR Setup] => C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81080 2015-10-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-14] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [wizvera-veraport] => C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe [1413352 2015-12-10] (WIZVERA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-12-19] (Intel Corporation)
HKLM-x32\...\Run: [AnySign4PC] => C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PC.exe [2377736 2016-04-27] (HANCOM SECURE Inc.)
HKLM-x32\...\Run: [ipinside-lws] => C:\Program Files (x86)\IPinside_LWS\I3GProc.exe [269112 2016-09-24] (Interezen. Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Run: [ipTIME_Upgrade_Notification] => C:\Users\user\AppData\Local\ipTIME\ipTIME_Upgrade_Notification\ipTIME_Upgrade_Notification.exe [1133296 2016-02-07] (EFM Networks)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-21] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{2329FCF1-CEA7-43B7-B585-E4E5E1740705}: [DhcpNameServer] 210.220.163.82 219.250.36.130

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://naver.com/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-25] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-25] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000 -> is enabled.
DPF: HKLM-x32 {054BF5DC-6052-4235-9DB4-7CCDC28CF8B4} hxxps://nxpartners.okcashbag.com/itrs/meps/ITRSClient.cab
DPF: HKLM-x32 {063F7D71-5E0B-48F2-87D5-F63C5917947E} hxxps://secwebclinic.ahnlab.com/aos/plugin/aosmgr.cab
DPF: HKLM-x32 {1c0ac0ca-0ffa-5798-98eb-b4c11f0bc8f9} ${CAB_URL}
DPF: HKLM-x32 {1CBDCD5A-18EE-4CCA-9AEA-93D5D27E310B} hxxps://supdate.nprotect.net/nprotect2007/keycrypt/choiyh/140521/npkfxx_14042901.cab
DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxp://plugin.inicis.com/wallet61/INIwallet61_win8.cab
DPF: HKLM-x32 {406FDD84-AA88-4BE6-AEF3-5BD7D6499985} hxxp://safer.skbroadband.com/WRoicX/rioInstallX.cab
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Program Files (x86)\INCAInternet\nProtect Online Security\raon\TouchEnKey_Installer_32bit.exe
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E42F7FEB-DE20-43F4-A342-47F1DA77F667} hxxps://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.3.cab
DPF: HKLM-x32 {E5A02FD2-A8EF-4E5B-80C1-CB386F95E049} hxxps://plugin.inicis.com/banktown/wallet/plugin/BtPmntClient.cab
DPF: HKLM-x32 {FA550500-1012-4D36-BB9E-E9B02B88FE99} hxxp://yebigun1.mil.kr/MAWS_MMASJ/bin/MAOnFPS_MMASJ.cab
Handler-x32: crosswebex - {d03424de-4f7e-11e5-a44a-005056c00008} - C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.752\CrossEXProtocol.dll [2015-08-31] (iniLINE Co., Ltd.)
Handler-x32: touchenex - {74f917de-707e-11e5-80c3-005056c00008} - C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.774\CrossEXProtocol.dll [2015-10-12] (iniLINE Co., Ltd.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: innorix.com/InnoGMP -> C:\Program Files\INNORIX\npinnogmp7.dll [2015-02-11] (INNORIX)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_584\npaosmgr.dll [2016-03-21] (AhnLab, Inc.)
FF Plugin-x32: @clipsoft.com/rexpert30 -> C:\Program Files (x86)\clipsoft\rexpert30\bin\viewer\nprexpert3.0.plugin.dll [2015-07-31] ( )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @initech.com/moasign_s -> C:\Program Files (x86)\INITECH\INISAFE MoaSignS\npMoasignMime.dll [2015-12-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin-x32: @markany.com/npMAOnFPS_MultiBrowser2 -> C:\Users\user\AppData\Local\MarkAny\npMAOnFPS_MultiBrowser2.dll [2012-12-31] (MarkAny)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-19] (NVIDIA Corporation)
FF Plugin-x32: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2015-10-25] (Softforum Co., LTD.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2015-12-10] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: crosswebex@iniline.com/npCrossEXPlugin -> C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.752\npinilinecrosswebex.dll [2015-08-31] (iniLINE Co., Ltd.)
FF Plugin-x32: innorix.com/InnoGMP -> C:\Program Files (x86)\INNORIX\npinnogmp7.dll [2015-02-11] (INNORIX)
FF Plugin-x32: touchenex@raon.com/npCrossEXPlugin -> C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.774\npraontouchenex.dll [2015-10-12] (iniLINE Co., Ltd.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @initech.com/moasign_s -> C:\Program Files (x86)\INITECH\INISAFE MoaSignS\npMoasignMime.dll [2015-12-10] ()
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @initech.com/npSandBox -> C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.10056.dll [2015-05-26] (Initech Co., Ltd.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2015-10-25] (Softforum Co., LTD.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: naver.com/NaverMultiTrackPlugin -> C:\windows\Downloaded Program Files\npNaverMultiTrackPlugin.dll [2016-01-08] (NAVER)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-10-22]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Firefox\Extensions: [npSandBox@initech.com] - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi
FF Extension: INISAFE SandBox - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi [2015-05-26]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://www.pixiv.net/
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google 슬라이드) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-22]
CHR Extension: (Google 문서도구) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-22]
CHR Extension: (Google 드라이브) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-04-25]
CHR Extension: (Google 시트) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-22]
CHR Extension: (Google 문서 오프라인) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-22]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-07-01]
CHR Extension: (Chrome 웹 스토어 결제) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-22]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-09-12]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-03]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnySign4PC Launcher; C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe [2316296 2016-04-27] (SOFTFORUM)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-21] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-09-15] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-09-15] (COMODO)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249320 2016-08-26] (DTS, Inc)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-10-13] (Foxit Software Inc.)
R2 I3GMainSvc; C:\Program Files (x86)\IPinside_LWS\I3GMainSvc.exe [240440 2016-09-24] (Interezen. Co., Ltd.)
R2 Image Protection; C:\windows\ImageSAFERSvc.exe [237568 2016-02-17] (MarkAny) [File not signed]
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 Innosvc7; C:\Program Files (x86)\INNORIX\common\innosvc7.exe [197720 2016-01-13] (INNORIX)
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2010-06-16] () [File not signed]
S3 MyFw40Service; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe [676832 2015-06-25] (AhnLab, Inc.)
R2 Naver Updater; C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe [263136 2016-03-11] (NAVER Corp.)
R2 nossvc; C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [1735056 2016-10-06] (INCA Internet Co., Ltd.)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3842144 2016-03-14] (INCA Internet Co., Ltd.)
S2 npkfxsvc; C:\windows\SysWow64\npkfxsvc.exe [197224 2016-02-12] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-10-19] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
R2 SafeTransactionSVC; C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe [681120 2016-08-30] (AhnLab, Inc.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-12-21] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TUCtlSystem; C:\windows\SysWOW64\TUCTLSystem.exe [376384 2016-01-18] (Teruten)
R2 VPWalletService; C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe [371232 2015-11-15] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WizveraPMSvc; C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe [3068768 2015-12-10] (WIZVERA)
R2 WooriBankSecLogGather; C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe [1332736 2015-12-10] (우리은행) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AhnFlt2K; C:\windows\system32\drivers\AhnFlt2K.sys [84048 2015-09-03] (AhnLab, Inc.)
S3 AhnRec2K; C:\windows\system32\drivers\AhnRec2K.sys [36280 2015-09-03] (AhnLab, Inc.)
R3 AhnRghNt; C:\windows\system32\drivers\AhnRghNt.sys [78752 2016-08-25] (AhnLab, Inc.)
R1 AMonTDLH; C:\windows\system32\Drivers\AMonTDLH.sys [155224 2016-06-23] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys [52920 2015-10-27] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASDF; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys [191032 2015-10-27] (AhnLab, Inc.)
R3 AntiStealth_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\AHAWKENT.sys [62720 2016-08-25] (AhnLab, Inc.)
R3 AntiStealth_SafeTransactionF; C:\Program Files\AhnLab\Safe Transaction\TfFRegNt.sys [200832 2016-08-25] (AhnLab, Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49560 2012-09-18] (Asmedia Technology)
S3 ascrts_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\asc\ascrts.sys [4055528 2016-10-26] (AhnLab, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S3 ATamptNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\atamptnt.sys [325168 2015-10-27] (AhnLab, Inc.)
R3 ATamptNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\AtamptNt.sys [342768 2016-08-25] (AhnLab, Inc.)
R3 Cdm2DrNt; C:\windows\system32\Drivers\Cdm2DrNt.sys [108496 2016-08-25] (AhnLab, Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-08-31] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830624 2016-08-31] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56976 2016-08-31] (COMODO)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [511952 2016-05-10] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 HSBDrv64; C:\Windows\System32\drivers\HSBDrv64.sys [140088 2016-08-25] (AhnLab, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-03-13] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-08-31] (COMODO)
R3 ISMgr; C:\windows\system32\ImageSAFERDrv64.sys [11256 2009-11-26] ()
R3 JRSUKD25; C:\windows\system32\JRSUKD25.SYS [20560 2015-10-25] (RaonSecure Co., Ltd.)
S3 kck64; C:\windows\system32\kck64.sys [101152 2016-10-15] (Kings Information & Network)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-01] (Malwarebytes)
S3 MeDCoreD_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\MeDCoreD.sys [996640 2016-08-26] (AhnLab, Inc.)
S3 MeDVpDrv_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\MeDVpDrv.sys [568096 2016-08-26] (AhnLab, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [117712 2016-08-25] (AhnLab, Inc.)
R3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [157672 2016-08-25] (AhnLab, Inc.)
R3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [219624 2016-08-25] (AhnLab, Inc.)
R3 noskp; C:\windows\syswow64\noskp64.sys [47976 2016-09-06] (INCA Internet Co.,Ltd.)
R3 nosku; C:\windows\syswow64\nosku64.sys [56288 2016-09-06] (INCA Internet Co.,Ltd.)
S3 npkfxs; c:\windows\syswow64\npkfxs.sys [23752 2016-02-12] (INCA Internet Co.,Ltd.)
S3 npkfxu; c:\windows\syswow64\npkfxu.sys [26824 2016-02-12] (INCA Internet Co.,Ltd.)
R3 np_ck64s; C:\windows\syswow64\np_ck64s.sys [75680 2014-08-13] (INCA Internet Co.,Ltd.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
S3 ProDefense; C:\windows\system32\drivers\ProDefense.sys [18176 2015-10-29] (Bluegem Security)
R3 TKCtrl; C:\windows\system32\TKCtrl2k64.sys [147240 2016-05-03] (INCA Internet Co., Ltd.)
R3 TKCtrl; C:\windows\SysWOW64\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\windows\system32\TKFsAv64.sys [191544 2016-09-06] (INCA Internet Co., Ltd.)
R3 TKFsFtM; C:\windows\system32\TKFsFt64.sys [28824 2014-07-07] (INCA Internet Co., Ltd.)
R3 TKPcFt; C:\windows\system32\TKPcFtCb64.sys [39280 2015-08-07] (INCA Internet Co., Ltd.)
R3 TKRgAc; C:\windows\system32\TKRgAc2k64.sys [96584 2013-09-09] (INCA Internet Co., Ltd.)
R3 TKRgFt; C:\windows\system32\TKRgFtXp64.sys [51464 2013-11-18] (INCA Internet Co., Ltd.)
S3 TNFwNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys [162752 2015-08-21] (AhnLab, Inc.)
S3 TNFwNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TNFwNt.sys [172816 2016-08-25] (AhnLab, Inc.)
S3 TNNipsNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys [202544 2015-08-21] (AhnLab, Inc.)
S3 TNNipsNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TNNipsNt.sys [213352 2016-08-25] (AhnLab, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-26] ()
S3 TSFLTDRV_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TSFltDrv.sys [315088 2016-08-25] (AhnLab, Inc.)
R1 UltraCDROM; C:\Windows\System32\DRIVERS\UltraCDROM.sys [176280 2016-05-04] ()
S3 JRSKD24; \??\C:\windows\system32\JRSKD24.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-26 14:50 - 2016-10-26 14:50 - 00030560 _____ C:\Users\user\Desktop\FRST.txt
2016-10-26 14:49 - 2016-10-26 14:50 - 00000000 ____D C:\FRST
2016-10-26 14:48 - 2016-10-26 14:48 - 02193920 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-10-22 20:43 - 2016-10-22 20:43 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-22 20:43 - 2016-10-19 04:31 - 00134712 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvStreaming.exe
2016-10-22 20:43 - 2016-09-10 03:25 - 00269600 _____ C:\windows\SysWOW64\vulkan-1.dll
2016-10-22 20:43 - 2016-09-10 03:25 - 00261920 _____ C:\windows\system32\vulkan-1.dll
2016-10-22 20:43 - 2016-09-10 03:25 - 00110880 _____ C:\windows\SysWOW64\vulkaninfo.exe
2016-10-22 20:43 - 2016-09-10 03:24 - 00125216 _____ C:\windows\system32\vulkaninfo.exe
2016-10-22 20:42 - 2016-10-20 07:48 - 00212936 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvhda64v.sys
2016-10-22 20:42 - 2016-10-20 07:48 - 00046024 _____ (NVIDIA Corporation) C:\windows\system32\nvhdap64.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 40125496 _____ C:\windows\system32\nvcompiler.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 35222464 _____ C:\windows\SysWOW64\nvcompiler.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 34699712 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 28167616 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 17426520 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 17338792 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 14394528 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 14018496 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2016-10-22 20:42 - 2016-10-19 06:23 - 10910184 _____ (NVIDIA Corporation) C:\windows\system32\nvptxJitCompiler.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 10754624 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 10295048 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 09099400 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 08912488 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvptxJitCompiler.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 08692872 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 03629624 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 03191744 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 01951680 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6437557.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 01586744 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6437557.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 01035712 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00973760 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00942528 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00894400 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00683640 _____ (NVIDIA Corporation) C:\windows\system32\nvfatbinaryLoader.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00572888 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvfatbinaryLoader.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00520912 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00492560 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00439864 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00436088 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00407248 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00388544 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00170688 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00153368 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00148016 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00131720 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2016-10-22 20:42 - 2016-10-19 06:23 - 00000669 _____ C:\windows\SysWOW64\nv-vk32.json
2016-10-22 20:42 - 2016-10-19 06:23 - 00000669 _____ C:\windows\system32\nv-vk64.json
2016-10-22 12:31 - 2016-10-22 12:31 - 00001355 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-10-22 12:31 - 2016-10-22 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-10-15 22:27 - 2016-10-15 22:27 - 00164360 ____R (RaonSecure Co., Ltd.) C:\windows\SysWOW64\CKAgent.exe
2016-10-15 22:27 - 2016-10-15 22:27 - 00164360 ____R (RaonSecure Co., Ltd.) C:\windows\system32\CKAgent.exe
2016-10-12 16:37 - 2016-10-02 06:15 - 01935808 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6437306.dll
2016-10-12 16:37 - 2016-10-02 06:15 - 01585088 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6437306.dll
2016-10-12 16:32 - 2016-10-12 16:32 - 00003590 _____ C:\windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-12 16:32 - 2016-10-12 16:32 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-10-12 16:32 - 2016-09-30 13:25 - 01844280 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2016-10-12 16:32 - 2016-09-30 13:25 - 01756728 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll
2016-10-12 16:32 - 2016-09-30 13:25 - 01445944 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2016-10-12 16:32 - 2016-09-30 13:25 - 01318968 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll
2016-10-12 16:32 - 2016-09-30 13:25 - 00121912 _____ C:\windows\system32\NvRtmpStreamer64.dll
2016-10-12 09:19 - 2016-10-01 05:13 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-10-12 09:19 - 2016-10-01 04:28 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-10-12 09:19 - 2016-10-01 00:37 - 05548264 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-10-12 09:19 - 2016-10-01 00:20 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-10-12 09:19 - 2016-10-01 00:20 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-10-12 09:19 - 2016-09-30 16:55 - 25765376 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-10-12 09:19 - 2016-09-30 15:41 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-10-12 09:19 - 2016-09-30 15:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-10-12 09:19 - 2016-09-30 15:26 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-10-12 09:19 - 2016-09-30 15:25 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-10-12 09:19 - 2016-09-30 15:25 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-10-12 09:19 - 2016-09-30 15:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-10-12 09:19 - 2016-09-30 15:25 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-10-12 09:19 - 2016-09-30 15:25 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-10-12 09:19 - 2016-09-30 15:18 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-10-12 09:19 - 2016-09-30 15:17 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-10-12 09:19 - 2016-09-30 15:14 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-10-12 09:19 - 2016-09-30 15:13 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-10-12 09:19 - 2016-09-30 15:13 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-10-12 09:19 - 2016-09-30 15:12 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-10-12 09:19 - 2016-09-30 15:12 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-10-12 09:19 - 2016-09-30 15:09 - 06048256 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-10-12 09:19 - 2016-09-30 15:05 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-10-12 09:19 - 2016-09-30 15:02 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-10-12 09:19 - 2016-09-30 14:55 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 09:19 - 2016-09-30 14:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-10-12 09:19 - 2016-09-30 14:54 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-10-12 09:19 - 2016-09-30 14:51 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-10-12 09:19 - 2016-09-30 14:50 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-10-12 09:19 - 2016-09-30 14:47 - 20306944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-10-12 09:19 - 2016-09-30 14:47 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-10-12 09:19 - 2016-09-30 14:46 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-10-12 09:19 - 2016-09-30 14:42 - 00498688 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-10-12 09:19 - 2016-09-30 14:42 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-10-12 09:19 - 2016-09-30 14:42 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-10-12 09:19 - 2016-09-30 14:42 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-10-12 09:19 - 2016-09-30 14:41 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-10-12 09:19 - 2016-09-30 14:38 - 02286592 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-10-12 09:19 - 2016-09-30 14:36 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-10-12 09:19 - 2016-09-30 14:35 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-10-12 09:19 - 2016-09-30 14:35 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-10-12 09:19 - 2016-09-30 14:33 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-10-12 09:19 - 2016-09-30 14:33 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-10-12 09:19 - 2016-09-30 14:32 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-10-12 09:19 - 2016-09-30 14:32 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-10-12 09:19 - 2016-09-30 14:32 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-10-12 09:19 - 2016-09-30 14:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-10-12 09:19 - 2016-09-30 14:31 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-10-12 09:19 - 2016-09-30 14:31 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-10-12 09:19 - 2016-09-30 14:24 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-10-12 09:19 - 2016-09-30 14:21 - 15257088 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-10-12 09:19 - 2016-09-30 14:19 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-10-12 09:19 - 2016-09-30 14:19 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-12 09:19 - 2016-09-30 14:17 - 02920960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-10-12 09:19 - 2016-09-30 14:17 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-10-12 09:19 - 2016-09-30 14:15 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-10-12 09:19 - 2016-09-30 14:14 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-10-12 09:19 - 2016-09-30 14:13 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-10-12 09:19 - 2016-09-30 14:12 - 04608512 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-10-12 09:19 - 2016-09-30 14:07 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-10-12 09:19 - 2016-09-30 14:05 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-10-12 09:19 - 2016-09-30 14:05 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-10-12 09:19 - 2016-09-30 14:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-10-12 09:19 - 2016-09-30 14:05 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-10-12 09:19 - 2016-09-30 14:03 - 13653504 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-10-12 09:19 - 2016-09-30 13:54 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-10-12 09:19 - 2016-09-30 13:46 - 02444288 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-10-12 09:19 - 2016-09-30 13:43 - 01312768 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-10-12 09:19 - 2016-09-30 13:42 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-10-12 09:19 - 2016-09-16 00:30 - 00976896 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-10-12 09:19 - 2016-09-16 00:30 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2016-10-12 09:19 - 2016-09-16 00:15 - 00741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-10-12 09:19 - 2016-09-16 00:15 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2016-10-12 09:19 - 2016-09-13 06:17 - 00077032 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-10-12 09:19 - 2016-09-13 06:13 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-10-12 09:19 - 2016-09-13 06:13 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-10-12 09:19 - 2016-09-13 06:08 - 01465344 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 01226752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\adsmsext.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-10-12 09:19 - 2016-09-13 06:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\adsmsext.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-10-12 09:19 - 2016-09-13 05:49 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-10-12 09:19 - 2016-09-13 05:39 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-10-12 09:19 - 2016-09-13 05:37 - 03218944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-10-12 09:19 - 2016-09-13 05:32 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-10-12 09:19 - 2016-09-13 05:32 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-10-12 09:19 - 2016-09-13 05:32 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-10-12 09:19 - 2016-09-13 05:31 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-10-12 09:19 - 2016-09-13 05:29 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-10-12 09:19 - 2016-09-13 05:25 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-10-12 09:19 - 2016-09-13 04:08 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2016-10-12 09:19 - 2016-09-13 03:43 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2016-10-12 09:19 - 2016-09-13 03:43 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2016-10-12 09:19 - 2016-09-11 01:19 - 03649536 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2016-10-12 09:19 - 2016-09-11 00:53 - 02291712 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2016-10-12 09:19 - 2016-09-10 03:29 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-10-12 09:19 - 2016-09-10 03:26 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-10-12 09:19 - 2016-09-10 03:23 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
 
2016-10-12 09:19 - 2016-09-10 03:20 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:20 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 03:01 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-10-12 09:19 - 2016-09-10 03:00 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-10-12 09:19 - 2016-09-10 03:00 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-10-12 09:19 - 2016-09-10 03:00 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-10-12 09:19 - 2016-09-10 03:00 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:51 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-10-12 09:19 - 2016-09-10 02:51 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-10-12 09:19 - 2016-09-10 02:51 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-10-12 09:19 - 2016-09-10 02:48 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-10-12 09:19 - 2016-09-10 02:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-10-12 09:19 - 2016-09-10 02:43 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-10-12 09:19 - 2016-09-10 02:38 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-10-12 09:19 - 2016-09-10 02:38 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-10-12 09:19 - 2016-09-10 02:38 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-10-12 09:19 - 2016-09-10 02:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-10-12 09:19 - 2016-09-10 02:37 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 02:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-12 09:19 - 2016-09-10 00:54 - 01629184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-10-12 09:19 - 2016-09-10 00:54 - 00586752 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-10-12 09:19 - 2016-09-10 00:54 - 00575488 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-10-12 09:19 - 2016-09-10 00:54 - 00314368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-10-12 09:19 - 2016-09-10 00:54 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-10-12 09:19 - 2016-09-10 00:54 - 00224256 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-10-12 09:19 - 2016-09-10 00:54 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-10-12 09:19 - 2016-09-09 05:34 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2016-10-12 09:19 - 2016-09-09 05:34 - 00208896 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2016-10-12 09:19 - 2016-09-09 05:34 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2016-10-12 09:19 - 2016-09-09 05:34 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2016-10-12 09:19 - 2016-09-08 23:55 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-10-12 09:19 - 2016-09-08 23:55 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2016-10-12 09:19 - 2016-08-30 00:31 - 14183424 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-10-12 09:19 - 2016-08-30 00:31 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-10-12 09:19 - 2016-08-30 00:31 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-10-12 09:19 - 2016-08-30 00:12 - 12880384 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-10-12 09:19 - 2016-08-30 00:12 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-10-12 09:19 - 2016-08-30 00:12 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-10-12 09:19 - 2016-08-30 00:04 - 03229696 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-10-12 09:19 - 2016-08-29 23:55 - 02972672 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-10-12 09:19 - 2016-08-17 05:40 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2016-10-12 09:19 - 2016-08-17 05:40 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2016-10-12 09:19 - 2016-08-17 05:40 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2016-10-12 09:19 - 2016-08-17 05:40 - 00056320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2016-10-12 09:19 - 2016-08-17 05:40 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2016-10-12 09:19 - 2016-08-17 05:40 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2016-10-12 09:19 - 2016-08-17 05:40 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2016-10-12 09:19 - 2016-08-13 02:02 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-10-12 09:19 - 2016-08-13 02:02 - 12574720 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-10-12 09:19 - 2016-08-13 02:02 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-10-12 09:19 - 2016-08-13 02:02 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-10-12 09:19 - 2016-08-13 02:02 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-10-12 09:19 - 2016-08-13 01:47 - 12574208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-10-12 09:19 - 2016-08-13 01:47 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-10-12 09:19 - 2016-08-13 01:31 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2016-10-12 09:19 - 2016-08-13 01:31 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2016-10-12 09:19 - 2016-08-13 01:31 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2016-10-12 09:19 - 2016-08-13 01:26 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2016-10-12 09:19 - 2016-08-07 00:31 - 02023424 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2016-10-12 09:19 - 2016-08-07 00:31 - 00347136 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2016-10-12 09:19 - 2016-08-07 00:31 - 00310784 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2016-10-12 09:19 - 2016-08-07 00:31 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2016-10-12 09:19 - 2016-08-07 00:31 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\WsmRes.dll
2016-10-12 09:19 - 2016-08-07 00:31 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\wsmplpxy.dll
2016-10-12 09:19 - 2016-08-07 00:15 - 01178112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2016-10-12 09:19 - 2016-08-07 00:15 - 00249344 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-12 09:19 - 2016-08-07 00:15 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2016-10-12 09:19 - 2016-08-07 00:15 - 00146944 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2016-10-12 09:19 - 2016-08-07 00:15 - 00054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmRes.dll
2016-10-12 09:19 - 2016-08-07 00:01 - 00266752 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2016-10-12 09:19 - 2016-08-07 00:01 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\wsmprovhost.exe
2016-10-12 09:19 - 2016-08-06 23:53 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2016-10-12 09:19 - 2016-08-06 23:53 - 00012288 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsmprovhost.exe
2016-10-12 09:19 - 2016-08-06 23:53 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\wsmplpxy.dll
2016-10-12 09:19 - 2016-07-22 23:58 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2016-10-12 09:19 - 2016-07-22 23:51 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2016-10-12 09:19 - 2016-06-15 02:21 - 00094440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2016-10-12 09:19 - 2016-06-15 02:16 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00680448 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00433152 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2016-10-12 09:19 - 2016-06-15 02:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-10-12 09:19 - 2016-06-15 02:11 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2016-10-12 09:19 - 2016-06-15 00:21 - 03209216 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00195072 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
 
2016-10-12 09:19 - 2016-06-15 00:21 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2016-10-12 09:19 - 2016-06-15 00:21 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-10-12 09:19 - 2016-06-15 00:15 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2016-10-12 09:19 - 2016-06-15 00:15 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-10-12 09:19 - 2016-06-15 00:15 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-10-12 09:19 - 2016-06-15 00:05 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-10-12 09:19 - 2016-06-15 00:05 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-10-12 09:19 - 2016-06-15 00:00 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2016-10-12 09:19 - 2016-06-15 00:00 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2016-10-02 22:26 - 2016-10-25 20:12 - 00000000 ____D C:\TES5LODGenOutput
2016-09-29 20:24 - 2016-10-06 16:50 - 00000000 ____D C:\Users\user\AppData\Roaming\NVIDIA
2016-09-26 16:08 - 2016-09-26 16:09 - 00004638 _____ C:\windows\DPINST.LOG
2016-09-26 16:07 - 2016-05-10 17:59 - 00511952 _____ (Intel Corporation) C:\windows\system32\Drivers\e1d62x64.sys
2016-09-26 16:07 - 2016-04-11 17:18 - 00080848 _____ (Intel Corporation) C:\windows\system32\e1dmsg.dll
2016-09-26 16:01 - 2016-09-26 16:01 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-09-26 16:00 - 2016-09-26 16:00 - 00000000 ____D C:\windows\SysWOW64\RTCOM
2016-09-26 16:00 - 2016-09-26 16:00 - 00000000 ____D C:\Program Files\Realtek
2016-09-26 16:00 - 2016-08-26 09:18 - 72520720 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoRes64.dat
2016-09-26 16:00 - 2016-08-26 09:18 - 24414760 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioRenderAVX64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 24323312 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioRender64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 17377488 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioCapture64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 15202040 _____ (Yamaha Corporation) C:\windows\system32\YamahaAE3.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 14057256 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioRealtek64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 13122584 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVoiceAPO3064.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 12988352 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVoiceAPO4064.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 10534696 _____ (Intel Corporation) C:\windows\system32\IntelSSTAPO.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 07172920 _____ (Dolby Laboratories) C:\windows\system32\R4EEP64A.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 07096192 _____ (Dolby Laboratories) C:\windows\system32\DDPP64A.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 06947183 _____ C:\windows\system32\Drivers\RTAIODAT.DAT
2016-09-26 16:00 - 2016-08-26 09:18 - 06374320 _____ (Nahimic Inc) C:\windows\system32\NAHIMICV3apo.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 06264640 _____ (Dolby Laboratories) C:\windows\system32\DDPP64AF3.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 05804772 _____ C:\windows\system32\Drivers\rtvienna.dat
2016-09-26 16:00 - 2016-08-26 09:18 - 05793528 _____ (Nahimic Inc) C:\windows\system32\NAHIMICV2apo.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 05593616 _____ (Nahimic Inc) C:\windows\system32\NAHIMICAPOlfx.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 05341352 _____ (Dolby Laboratories) C:\windows\system32\DolbyDAX2APOv211.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 05293064 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2016-09-26 16:00 - 2016-08-26 09:18 - 03299824 _____ (Yamaha Corporation) C:\windows\system32\YamahaAE2.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 03291320 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 03283248 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 03203592 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 03134720 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 02895104 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
2016-09-26 16:00 - 2016-08-26 09:18 - 02825104 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO7064.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 02776224 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RltkAPO.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 02706864 _____ (DTS, Inc.) C:\windows\system32\sltech64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 02439048 _____ (Dolby Laboratories) C:\windows\system32\DolbyDAX2APOv201.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 02203752 _____ (DTS, Inc.) C:\windows\system32\slcnt64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 02190992 _____ (Yamaha Corporation) C:\windows\system32\YamahaAE.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 02110600 _____ (Waves Audio Ltd.) C:\windows\system32\WavesGUILib64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 02073096 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 02050184 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01965816 _____ (Dolby Laboratories) C:\windows\system32\DDPD64A.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01959608 _____ (Dolby Laboratories) C:\windows\system32\DDPD64AF3.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01920820 _____ C:\windows\system32\Drivers\rtkSSTsetting.dat
2016-09-26 16:00 - 2016-08-26 09:18 - 01780624 _____ (DTS) C:\windows\system32\DTSS2SpeakerDLL64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01607136 _____ (Conexant Systems Inc.) C:\windows\system32\CX64APO.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01591064 _____ (DTS) C:\windows\system32\DTSS2HeadphoneDLL64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01529144 _____ (Conexant Systems Inc.) C:\windows\system32\CX64Proxy.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01508936 _____ (DTS) C:\windows\system32\DTSBoostDLL64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01435144 _____ (Synopsys, Inc.) C:\windows\system32\SRRPTR64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01422928 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO6064.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01382240 _____ (TOSHIBA Corporation) C:\windows\system32\tosade.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01360520 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01337648 _____ (Toshiba Client Solutions Co., Ltd.) C:\windows\system32\tossaeapo64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01334384 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxSpeechAPO64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01213664 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO5064.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01186840 _____ (Intel Corporation) C:\windows\system32\IntelSstCApoPropPage.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01166160 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO4064.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01115144 _____ (Dolby Laboratories) C:\windows\system32\DolbyDAX2APOProp.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01041744 _____ (DTS, Inc.) C:\windows\system32\sl3apo64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01003864 _____ (Nahimic Inc) C:\windows\system32\NahimicAPONSControl.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 01001800 _____ (Sound Research, Corp.) C:\windows\system32\SEHDHF64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00999856 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVoiceAPO2064.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00965032 _____ (Sony Corporation) C:\windows\system32\SFSS_APO.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00962136 _____ (Toshiba Client Solutions Co., Ltd.) C:\windows\system32\tosasfapo64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00931624 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPOShell64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00923744 _____ (Sony Corporation) C:\windows\system32\MISS_APO.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00873464 _____ (TOSHIBA Corporation) C:\windows\system32\tadefxapo264.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00864344 _____ (Sound Research, Corp.) C:\windows\SysWOW64\SEHDHF32.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00858200 _____ (Sound Research, Corp.) C:\windows\system32\SEHDRA64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00854032 _____ (Sound Research, Corp.) C:\windows\system32\SECOMN64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00743968 _____ (DTS) C:\windows\system32\DTSBassEnhancementDLL64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00727440 _____ (DTS) C:\windows\system32\DTSSymmetryDLL64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00725944 _____ (Sound Research, Corp.) C:\windows\SysWOW64\SECOMN32.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00708312 _____ (DTS) C:\windows\system32\DTSVoiceClarityDLL64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00689888 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00678184 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO30.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00677672 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVolumeSDAPO.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00618192 _____ (Knowles Acoustics ) C:\windows\system32\KAAPORT64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00601144 _____ (Toshiba Client Solutions Co., Ltd.) C:\windows\system32\tossaemaxapo64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00574760 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00571376 _____ (Intel Corporation) C:\windows\system32\tbb_waves.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00532384 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSX64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00514528 _____ (DTS) C:\windows\system32\DTSU2PLFX64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00504312 _____ (DTS) C:\windows\system32\DTSNeoPCDLL64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00500560 _____ (DTS) C:\windows\system32\DTSU2PGFX64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00498648 _____ (Sound Research, Corp.) C:\windows\system32\SEAPO64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00472312 _____ (ICEpower a/s) C:\windows\system32\ICEsoundAPO64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00467160 _____ (Synopsys, Inc.) C:\windows\system32\SRAPO64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00447720 _____ (Dolby Laboratories) C:\windows\system32\R4EED64A.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00447184 _____ (Toshiba Client Solutions Co., Ltd.) C:\windows\system32\toseaeapo64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00445400 _____ (DTS) C:\windows\system32\DTSLimiterDLL64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00441272 _____ (DTS) C:\windows\system32\DTSGainCompensatorDLL64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00438696 _____ (Conexant Systems, Inc.) C:\windows\system32\CAF64APO2.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00428232 _____ (DTS) C:\windows\system32\DTSU2PREC64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00416512 _____ (Harman) C:\windows\system32\HMUI.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00387320 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP64A.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00381416 _____ (Synopsys, Inc.) C:\windows\system32\SRCOM64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00372744 _____ (Dolby Laboratories) C:\windows\system32\HiFiDAX2API.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00366128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\HMAPO.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00362056 _____ (Dolby Laboratories) C:\windows\system32\DDPO64AF3.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00360344 _____ (Harman) C:\windows\system32\HMClariFi.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00343712 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtlCPAPI64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00341152 _____ (Synopsys, Inc.) C:\windows\SysWOW64\SRCOM.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00341152 _____ (Synopsys, Inc.) C:\windows\system32\SRCOM.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00330568 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO20.dll
 
2016-09-26 16:00 - 2016-08-26 09:18 - 00327456 _____ (Dolby Laboratories) C:\windows\system32\DDPO64A.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00321720 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00321720 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00310424 _____ (Dolby Laboratories) C:\windows\system32\DDPA64F3.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00272720 _____ (Dolby Laboratories) C:\windows\system32\DDPA64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00258864 _____ (TODO: <Company name>) C:\windows\system32\slprp64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00253904 _____ (DTS) C:\windows\system32\DTSGFXAPO64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00253864 _____ (DTS) C:\windows\system32\DTSLFXAPO64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00252880 _____ (DTS) C:\windows\system32\DTSGFXAPONS64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00231920 _____ (Synopsys, Inc.) C:\windows\system32\SFNHK64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00221968 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSH64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00214832 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED64A.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00209536 _____ (SRS Labs, Inc.) C:\windows\system32\SRSHP64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00203848 _____ (Harman) C:\windows\system32\HMHVS.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00192984 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00190936 _____ (Harman) C:\windows\system32\HMEQ_Voice.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00190936 _____ (Harman) C:\windows\system32\HMEQ.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00179600 _____ (Harman) C:\windows\system32\HMLimiter.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00166208 _____ (SRS Labs, Inc.) C:\windows\system32\SRSWOW64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00158704 _____ (TOSHIBA Corporation) C:\windows\system32\tadefxapo.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00154368 _____ (Harman) C:\windows\system32\HarmanAudioInterface.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00151792 _____ (Dolby Laboratories) C:\windows\system32\R4EEL64A.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00134200 _____ (Dolby Laboratories) C:\windows\system32\R4EEA64A.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00122320 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00118600 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAR64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00118592 _____ C:\windows\system32\AcpiServiceVnA64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00112496 _____ (Conexant Systems, Inc.) C:\windows\system32\Caf64api.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00110984 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL64A.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00105304 _____ C:\windows\system32\audioLibVc.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00090920 _____ (Synopsys, Inc.) C:\windows\system32\SFCOM64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00088352 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG64A.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00088328 _____ (Synopsys, Inc.) C:\windows\system32\SFAPO64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00084616 _____ (Dolby Laboratories) C:\windows\system32\R4EEG64A.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\SysWOW64\SFCOM.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00075544 _____ (TOSHIBA CORPORATION.) C:\windows\system32\tepeqapo64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00023696 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoLDR64.dll
2016-09-26 16:00 - 2016-08-26 09:18 - 00005604 _____ C:\windows\system32\cxapo.lncs
2016-09-26 16:00 - 2016-08-26 09:18 - 00000736 _____ C:\windows\system32\cxapo.prop
2016-09-26 15:35 - 2016-10-19 04:52 - 07471705 _____ C:\windows\system32\nvcoproc.bin
2016-09-26 15:35 - 2016-10-19 04:52 - 06386232 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
2016-09-26 15:35 - 2016-10-19 04:52 - 02477624 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
2016-09-26 15:35 - 2016-10-19 04:52 - 01762752 _____ (NVIDIA Corporation) C:\windows\system32\nvsvcr.dll
2016-09-26 15:35 - 2016-10-19 04:52 - 00546752 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshext.dll
2016-09-26 15:35 - 2016-10-19 04:52 - 00392128 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
2016-09-26 15:35 - 2016-10-19 04:52 - 00083512 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll
2016-09-26 15:35 - 2016-10-19 04:52 - 00071224 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
2016-09-26 15:34 - 2016-10-20 07:48 - 01595456 _____ (NVIDIA Corporation) C:\windows\system32\nvhdagenco6420103.dll
2016-09-26 15:34 - 2016-10-19 06:23 - 19917400 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2016-09-26 15:34 - 2016-10-19 06:23 - 03930688 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2016-09-26 15:34 - 2016-10-19 06:23 - 03469408 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2016-09-26 15:34 - 2016-10-19 06:23 - 00041344 _____ C:\windows\system32\nvinfo.pb
2016-09-26 15:34 - 2016-09-17 09:46 - 01922616 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6437290.dll
2016-09-26 15:34 - 2016-09-17 09:46 - 01585088 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6437290.dll
2016-09-26 15:34 - 2016-09-17 09:46 - 00213952 _____ (Khronos Group) C:\windows\system32\OpenCL.dll
2016-09-26 15:34 - 2016-09-17 09:46 - 00203320 _____ (Khronos Group) C:\windows\SysWOW64\OpenCL.dll
2016-09-26 15:31 - 2016-10-22 20:44 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-09-26 15:31 - 2016-10-22 20:43 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2016-09-26 15:31 - 2016-10-22 20:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-09-26 15:31 - 2016-10-12 16:32 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA
2016-09-26 15:31 - 2016-09-30 13:25 - 00106040 _____ (NVIDIA Corporation) C:\windows\system32\nvaudcap64v.dll
2016-09-26 15:31 - 2016-09-30 13:25 - 00095800 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2016-09-26 15:31 - 2016-09-30 13:25 - 00047672 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2016-09-26 15:31 - 2016-09-26 15:31 - 00000000 ____D C:\NVIDIA
2016-09-26 14:18 - 2016-09-26 14:17 - 00189112 _____ (Power Admin LLC) C:\windows\PAExec.exe
2016-09-26 14:16 - 2016-09-26 14:17 - 00000000 ____D C:\Users\user\Documents\DDU

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-26 14:31 - 2015-10-22 17:01 - 00000684 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-26 14:12 - 2009-07-14 13:45 - 00022736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-26 14:12 - 2009-07-14 13:45 - 00022736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-26 14:03 - 2015-10-22 15:43 - 00000622 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-10-26 11:29 - 2015-10-25 23:07 - 03952752 _____ (AhnLab, Inc.) C:\windows\system32\btscan.exe
2016-10-26 09:31 - 2015-10-22 17:01 - 00000680 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-26 08:39 - 2015-10-22 15:37 - 01256121 _____ C:\windows\WindowsUpdate.log
2016-10-26 08:17 - 2010-11-22 02:21 - 00473458 _____ C:\windows\system32\perfh012.dat
2016-10-26 08:17 - 2010-11-22 02:21 - 00174156 _____ C:\windows\system32\perfc012.dat
2016-10-26 08:17 - 2009-07-14 14:13 - 01424304 _____ C:\windows\system32\PerfStringBackup.INI
2016-10-26 08:10 - 2016-09-15 11:00 - 00009063 _____ C:\windows\setupact.log
2016-10-26 08:10 - 2015-10-22 15:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-26 08:10 - 2009-07-14 14:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-10-26 00:03 - 2016-02-14 17:13 - 00000000 ____D C:\GOG Games
2016-10-26 00:03 - 2009-07-14 14:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-25 23:31 - 2015-10-22 17:02 - 00002169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2016-10-25 23:31 - 2015-10-22 17:02 - 00002157 _____ C:\Users\Public\Desktop\Chrome.lnk
2016-10-25 19:52 - 2015-10-23 18:25 - 00000000 ____D C:\Users\user\AppData\Local\LOOT
2016-10-24 10:36 - 2016-09-21 19:59 - 00284952 _____ C:\windows\PFRO.log
2016-10-23 22:42 - 2016-05-03 12:10 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-10-22 20:44 - 2015-12-28 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-22 20:43 - 2015-10-22 15:53 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-22 12:31 - 2016-07-05 18:02 - 00000000 ____D C:\ProgramData\Foxit Software
2016-10-22 12:31 - 2016-05-05 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-22 12:31 - 2016-05-05 09:23 - 00000000 ____D C:\Program Files\7-Zip
2016-10-19 16:21 - 2015-10-24 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-19 16:21 - 2015-10-24 11:48 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-19 16:05 - 2016-01-20 14:24 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-10-19 04:45 - 2016-09-15 16:07 - 00001951 _____ C:\windows\NvContainerRecovery.bat
2016-10-18 16:32 - 2016-04-29 09:13 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-18 16:32 - 2016-04-29 09:13 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-17 22:27 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\NDF
2016-10-17 19:45 - 2016-05-19 18:51 - 00000000 ____D C:\ProgramData\iptime
2016-10-15 22:27 - 2015-10-25 23:06 - 00101152 _____ (Kings Information & Network) C:\windows\system32\kck64.sys
2016-10-13 19:48 - 2015-10-22 17:19 - 00293352 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-10-12 22:16 - 2009-07-14 12:20 - 00000000 ____D C:\windows\rescache
2016-10-12 16:32 - 2016-09-15 16:07 - 00003828 _____ C:\windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-12 16:32 - 2016-09-15 16:07 - 00003828 _____ C:\windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-12 16:32 - 2016-09-15 16:07 - 00003778 _____ C:\windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-12 16:32 - 2016-09-15 16:07 - 00003766 _____ C:\windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-12 16:32 - 2016-09-15 16:07 - 00003530 _____ C:\windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-12 16:29 - 2009-07-14 13:45 - 05284200 _____ C:\windows\system32\FNTCACHE.DAT
2016-10-12 16:28 - 2015-10-22 22:50 - 00000000 ___SD C:\windows\system32\CompatTel
2016-10-12 16:28 - 2015-10-22 22:50 - 00000000 ____D C:\windows\system32\appraiser
2016-10-12 16:28 - 2009-07-14 12:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2016-10-12 16:28 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\Dism
2016-10-12 13:55 - 2015-10-22 22:45 - 00000000 ____D C:\windows\system32\MRT
 
2016-10-12 13:44 - 2015-10-22 22:45 - 143495576 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-10-12 10:03 - 2015-10-22 15:43 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-10-12 10:03 - 2015-10-22 15:43 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-12 10:03 - 2015-10-22 15:43 - 00003560 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-10-12 10:03 - 2015-10-22 15:43 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-10-12 10:03 - 2015-10-22 15:43 - 00000000 ____D C:\windows\system32\Macromed
2016-10-07 15:44 - 2016-07-15 20:18 - 00000000 ____D C:\Users\user\AppData\Roaming\AIMP
2016-10-07 15:44 - 2016-02-13 17:48 - 00000000 ____D C:\Users\user\Desktop\임시
2016-09-30 13:14 - 2016-05-11 18:38 - 00001456 _____ C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-09-27 13:16 - 2016-03-23 09:09 - 00004520 _____ C:\windows\system32\Drivers\fvstore.dat
2016-09-27 10:37 - 2015-10-24 10:34 - 00001947 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2016-09-26 16:01 - 2015-12-19 19:08 - 00000000 ____D C:\windows\system32\DAX2
2016-09-26 16:01 - 2015-10-23 19:00 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-09-26 16:00 - 2015-10-27 17:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-26 15:37 - 2015-10-22 15:35 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2016-09-26 15:35 - 2009-07-14 12:20 - 00000000 ____D C:\windows\Help

==================== Files in the root of some directories =======

2016-08-13 14:19 - 2016-08-13 14:55 - 0000286 _____ () C:\Users\user\AppData\Roaming\burnaware.ini
2016-05-11 18:38 - 2016-09-30 13:14 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-09-26 16:01 - 2016-09-26 16:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\user\AppData\Local\Temp\HV-SETUP__.EXE
C:\Users\user\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\user\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll
[2016-09-14 17:49] - [2010-08-06 13:52] - 1008640 ____A (Microsoft Corporation) F78E7BD7ADC829D9DD92C558180E09DB

C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-15 14:49

==================== End of FRST.txt ============================
 
Addition.txt log:




Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by user (2016-10-26 14:50:54)
Running from C:\Users\user\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-10-22 06:35:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2207781790-2766300111-2274446720-500 - Administrator - Disabled)
Guest (S-1-5-21-2207781790-2766300111-2274446720-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2207781790-2766300111-2274446720-1002 - Limited - Enabled)
user (S-1-5-21-2207781790-2766300111-2274446720-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DP Chip v16.08 (HKLM-x32\...\3DP Chip) (Version: v16.08 - 3DP)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6597 - Acronis)
Adobe Acrobat Reader DC - Korean (HKLM-x32\...\{AC76BA86-7AD7-1042-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version: - AhnLab, Inc)
AhnLab Safe Transaction (HKLM\...\{19DD1D8D-927F-45DF-ADF4-75D38267848D}) (Version: 1.3.13.711 - AhnLab, Inc.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.02.1725, 17.06.2016 - AIMP DevTeam)
Ansel (Version: 375.57 - NVIDIA Corporation) Hidden
AnySign4PC 1.1.0.7 (HKLM-x32\...\AnySign4PC) (Version: 1.1.0.7 - HANCOM SECURE Inc.)
ArtMoney SE v7.44.1 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.44 - System SoftLab)
Autodesk DirectConnect 2016 64-bit (HKLM\...\Autodesk DirectConnect 2016 64-bit) (Version: 10.0.98.0 - Autodesk)
Autodesk DirectConnect 2016 64-bit (Version: 10.0.98.0 - Autodesk) Hidden
Autodesk Maya 2014/2015/2016 Bonus Tools (HKLM\...\{69BA19B1-41E7-6228-3439-DA3936B515A9}) (Version: 16.0.4 - Autodesk, Inc.)
Autodesk Maya 2016 (HKLM\...\Autodesk Maya 2016) (Version: 16.5.2360.0 - Autodesk)
Autodesk Maya 2016 (Version: 16.5.2360.0 - Autodesk) Hidden
Autodesk Maya 2016 SP1 (Version: 16.5.2360.0 - Autodesk) Hidden
Autodesk Maya 2016 SP2 (Version: 16.5.2360.0 - Autodesk) Hidden
Autodesk Maya 2016 SP3 (Version: 16.5.2360.0 - Autodesk) Hidden
Autodesk Maya 2016 SP3P02 (Version: 16.5.2360.0 - Autodesk) Hidden
Autodesk Maya 2016 SP4 (Version: 16.5.2360.0 - Autodesk) Hidden
Autodesk Maya 2016 SP4P04 (Version: 16.5.2360.0 - Autodesk) Hidden
Autodesk Maya 2016 SP4P05 (Version: 16.5.2360.0 - Autodesk) Hidden
Autodesk Maya 2016 SP5 (HKLM\...\Autodesk Maya 2016 SP5) (Version: 16.5.2360.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
BOSS (HKLM\...\BOSS) (Version: 2.3.2 - BOSS Development Team)
BurnAware Free 9.3 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
COMODO Firewall (HKLM\...\{38F898C8-272F-455F-9BD6-71FEBA3E4AF5}) (Version: 8.2.0.4703 - COMODO Security Solutions Inc.)
CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
eISP 1.0 (HKLM-x32\...\eISP) (Version: 1.0 - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.0.1013 - Foxit Software Inc.)
Free MP3 Cutter 2.1 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: 2.1 - PolySoft Solutions)
Free MP4 to MP3 Converter 1.0 (HKLM-x32\...\{1D6B0375-C07F-4BCB-878A-F53803282A60}_is1) (Version: - PolySoft Solutions)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
headus UVLayout v2 Professional (HKLM-x32\...\{A1086DA0-903E-4DEA-A83F-6317923CC63D}) (Version: 2.08.00 - headus)
INISAFE MoaSign S v1.0 (HKLM-x32\...\INISAFE MoaSign S) (Version: 1.0.43 - INITECH, Inc.)
INISAFE SandBox 1.0 (HKLM-x32\...\INISAFE SandBox) (Version: 1.0 - Initech, Inc.)
INISAFE Web EX Client (HKLM-x32\...\UnINISafeWebEX) (Version: 1.0.0.1 - Initech, Inc.)
Innorix File Transfer Solution(G) (HKLM-x32\...\Innorix File Transfer Solution(G)) (Version: 7.2.0.579 - INNORIX)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.8 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
IPinside LWS Agent (HKLM-x32\...\IPinside LWS Agent) (Version: 3.0.0.2 - interezen)
IPinside Non-p Agent (HKLM-x32\...\IPinside Non-p Agent) (Version: 2.0.0.2 - interezen)
ipTIME Wizard (HKLM-x32\...\ipTIMEHelper) (Version: - )
 
ipTIME 업그레이드 알리미 (HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\ipTIME_Upgrade_Notification) (Version: - )
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
K-Lite Mega Codec Pack 12.3.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.0 - KLCP)
KOS - Kings Online Security (HKLM-x32\...\KOS) (Version: 1.0.0.3 - Kings Information & Network Co., Ltd.)
LOOT version 0.9.2 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.9.2 - LOOT Team)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MAWS_MMASJ - 증명서 발급 시스템 (HKLM-x32\...\MAWS_MMASJ - 증명서 발급 시스템) (Version: v2.5 - MarkAny Inc.)
mental ray renderer for Autodesk Maya 2016 (HKLM\...\{59AC9438-6EE3-4B22-860F-525308329228}) (Version: 16.3.2006.0 - mental ray)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime(x64) 언어 팩 - 한국어 (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - KOR) (Version: 10.0.50903 - Microsoft Corporation)
MPEG2코덱(libmpeg2/mad) (HKLM-x32\...\MPEG2코덱(libmpeg2/mad)) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
nProtect KeyCrypt V6.0 (HKLM-x32\...\npkfx) (Version: 6.0 - INCA Internet Co., Ltd.)
nProtect Online Security V1.0(PFS) (HKLM-x32\...\nProtect Online Security V1.0(PFS)) (Version: 2015.10.08.1 - INCA Internet Co., Ltd.)
NTSMagicLineMBX (HKLM-x32\...\NTSMagicLineMBX) (Version: 1.0.10.12 - Dreamsecurity Inc.)
Nuke 6.2v1 (HKLM\...\Nuke 6.2v1_is1) (Version: - The Foundry)
NVIDIA 3D Vision 드라이버 375.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.57 - NVIDIA Corporation)
NVIDIA 3D Vision 컨트롤러 드라이버 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA HD 오디오 드라이버 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX 시스템 소프트웨어 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA 그래픽 드라이버 375.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.57 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
oCam 버전 294.0 (HKLM-x32\...\oCam_is1) (Version: 294.0 - http://ohsoft.net/)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Python 2.7 comtypes-0.6.2 (HKLM-x32\...\comtypes-py2.7) (Version: - )
Python 2.7 pywin32-218 (HKLM-x32\...\pywin32-py2.7) (Version: - )
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
qBittorrent 2.4.11 (HKLM-x32\...\{73262004-8473-4672-8558-0AA4277E0287}_is1) (Version: 2.4.11 - qBittorrent)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7917 - Realtek Semiconductor Corp.)
Rexpert30 Viewer 1,0,0,404 (HKLM-x32\...\Rexpert30 Viewer) (Version: 1,0,0,404 - ClipSoft)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Skyrim Performance Monitor (HKLM-x32\...\{84AEB93A-ECBB-4568-8F59-D4516EF59079}) (Version: 3.81 - SirGarnon on Skyrim Nexus)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
The Elder Scrolls IV Oblivion version 1.2.0416.00 (HKLM-x32\...\The Elder Scrolls IV Oblivion_is1) (Version: 1.2.0416.00 - Mr DJ)
The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version: - Bethesda Softworks)
TouchEn key with E2E for 32bit (HKLM-x32\...\TouchEn_key) (Version: - RaonSecure Co., Ltd.)
TouchEn nxKey with E2E for 32bit (HKLM-x32\...\TouchEn nxKey) (Version: 1.0.0.28 - RaonSecure Co., Ltd.)
Ultra CDROM (HKLM-x32\...\Ultra CDROM) (Version: 1.20 - ieungSoft)
VapshionCut (HKLM-x32\...\VapshionCut) (Version: 1.0 - UNKNOWN)
VapshionCut (x32 Version: 1.0 - UNKNOWN) Hidden
Veraport(보안모듈 관리 프로그램) G3 - 3,0,3,6 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 3,0,3,6 - Wizvera)
V-Ray for Maya 2016 for x64 (HKLM\...\V-Ray for Maya 2016 for x64) (Version: 3.10.01 - Chaos Software Ltd)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 드라이버 패키지 - Intel (e1dexpress) Net (05/10/2016 12.15.23.1) (HKLM\...\D17C19F27C594950CEF93600FC72EA53A2CD5D86) (Version: 05/10/2016 12.15.23.1 - Intel)
Windows 드라이버 패키지 - Intel (e1dexpress) Net (11/24/2015 12.15.22.3) (HKLM\...\C54D5605E87DCA245CAD692DCEDC37638EBD52BA) (Version: 11/24/2015 12.15.22.3 - Intel)
Windows 드라이버 패키지 - Qualcomm Atheros Communications Inc. (athr) Net (08/14/2015 10.0.0.326) (HKLM\...\56B1A735BC0841E802E7BB371D433BD236941875) (Version: 08/14/2015 10.0.0.326 - Qualcomm Atheros Communications Inc.)
WinRAR 압축기 (HKLM\...\WinRAR archiver) (Version: - )
WIZVERA Process Manager 1,0,1,5 (HKLM-x32\...\{8941A397-4065-4F41-92CE-0EB610846EED}_is1) (Version: 1,0,1,5 - WIZVERA)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM-x32\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
XecureWeb UnifiedPlugin (HKLM-x32\...\XecureWeb UnifiedPlugin) (Version: 1.0.6.12 - SoftForum Co., Ltd.)
꿀뷰 (HKLM\...\Honeyview) (Version: 5.18 - 반디소프트)
네이버 미디어 플레이어 (HKLM-x32\...\NaverMediaPlayer) (Version: 1.8.1.0 - NAVER Corp. )
네이버 업데이터 (HKLM-x32\...\NaverUpdater) (Version: 1.0.2.30 - NAVER Corp.)
반디집 (HKLM\...\Bandizip) (Version: 5.16 - 반디소프트)
우리은행 보안 로그 수집기 (HKLM-x32\...\우리은행 보안 로그 수집기 ) (Version: 1.0.1 - 우리은행)
한컴오피스 한글 2010 (HKLM-x32\...\Haansoft HWord 80 Korean) (Version: 8.0.1 - Hancom)
한컴오피스 한글 2010 (x32 Version: 8.0.1 - hancom) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com)

==================== Restore Points =========================

12-10-2016 13:42:43 Windows Update
13-10-2016 00:19:55 Windows Update
20-10-2016 19:28:44 예약된 검사점

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 11:34 - 2016-04-27 19:01 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F4C0DEC-FA23-4602-9E8F-901C860BF58B} - System32\Tasks\SafeZone scheduled Autoupdate 1458725500 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {23F217E8-7630-43E2-AEE3-27484F0741CE} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {240C3D08-7A50-41CB-ACF4-82F0E76826F7} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-15] (COMODO)
Task: {2AEAD87E-AA66-44FA-8A4F-8BE4BAA572CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {2E9E1DE4-EB32-4CA8-9BD3-6D32AAEBBA1E} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-09-13] (Microsoft Corporation)
Task: {2F626FFB-2902-493F-8C11-3389040E76B3} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-15] (COMODO)
Task: {4ABBFE72-C8DF-44D0-99B9-43A96D02742A} - System32\Tasks\{4EBD9C8C-51F9-459D-B1AE-A76C4C7FD97B} => pcalua.exe -a "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1IFHWKH\jre-8u65-windows-i586.exe" -d C:\Users\user\Desktop
Task: {576A3CF9-DD44-4D1B-B815-AC8FFEACC3E7} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {61B36435-EF31-4067-BD5E-6FD3A33B3268} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-22] (Google Inc)
Task: {727B8B19-C01C-4691-ADD6-88374E10642F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {8F54D7C8-B9E8-4735-AECE-6D9EDAE3BFB0} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-15] (COMODO)
Task: {95EE2706-D56B-4A67-80FF-BFA09A9BC1AE} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-01] ()
Task: {9B923B4A-1344-41A4-8095-3D28E90E2C30} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated)
Task: {9C10B691-12E2-4F87-A569-88332CEB11D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-22] (Google Inc)
Task: {9F507384-0E35-4A00-B65F-4EA9BE7357E6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {A8E70675-50B8-46FE-B209-6C7FAF53C738} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {B29B5E46-12AD-4938-8893-C5367222DDD8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {D77A5562-B264-4DC5-A577-DDDCEE36DA62} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-21] (AVAST Software)
Task: {E57732F1-3DEC-43AE-87CD-42565596ABC0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-05] (AVAST Software)
Task: {F439ED82-408D-4B65-88ED-D692AA405C44} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
Task: {F5702F98-5843-4EE3-AABE-C10B59304ADF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-27] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-10-22 15:40 - 2013-05-07 16:45 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-10-12 16:32 - 2016-09-30 13:25 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-12 16:32 - 2016-09-30 13:25 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-12 16:32 - 2016-09-30 13:25 - 00419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2015-11-15 12:49 - 2015-11-15 12:49 - 00371232 _____ () C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
2016-09-26 15:35 - 2016-10-19 04:52 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-21 19:48 - 2016-09-21 19:48 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-21 19:48 - 2016-09-21 19:48 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-26 12:11 - 2016-10-26 12:11 - 03122008 _____ () C:\Program Files\AVAST Software\Avast\defs\16102501\algo.dll
2011-01-17 19:56 - 2011-01-17 19:56 - 11158480 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2016-09-21 19:48 - 2016-09-21 19:48 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-04-27 16:33 - 2016-04-27 16:33 - 00120840 _____ () C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\xwm_smartcard.dll
2016-04-25 18:42 - 2016-04-25 18:42 - 00014336 _____ () C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\KEBSFSC_WR.dll
2016-01-14 14:44 - 2016-01-14 14:44 - 00143360 _____ () C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\NSLDAP32V50.dll
2016-04-27 16:33 - 2016-04-27 16:33 - 00120840 _____ () C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\xwm_smartcard.dll
2016-04-25 18:42 - 2016-04-25 18:42 - 00014336 _____ () C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\KEBSFSC_WR.dll
2016-01-14 14:44 - 2016-01-14 14:44 - 00143360 _____ () C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\NSLDAP32V50.dll
2015-10-22 15:40 - 2016-10-26 08:10 - 00036496 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-10-22 15:40 - 2013-05-07 16:45 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-10-12 16:32 - 2016-09-30 02:20 - 00500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-12 16:32 - 2016-09-30 02:20 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-12 16:32 - 2016-09-30 02:20 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-12 16:32 - 2016-09-30 02:20 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-12 16:32 - 2016-09-30 02:20 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-12 16:32 - 2016-09-30 02:20 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-12 16:32 - 2016-09-30 02:20 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-10-12 16:32 - 2016-09-30 13:25 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-12 16:32 - 2016-09-30 13:25 - 60819000 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\ImageSAFERSvc.exe:$CmdTcID
AlternateDataStreams: C:\windows\INISandBoxMonitor.10034.exe:$CmdTcID
AlternateDataStreams: C:\windows\INISandBoxMonitor.10035.exe:$CmdTcID
AlternateDataStreams: C:\windows\uninstallkdf8.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\CKAgent.dat:$CmdTcID
AlternateDataStreams: C:\windows\system32\CKAgentNXE.dat:$CmdTcID
AlternateDataStreams: C:\windows\system32\CKAgentNXE.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\devenum.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\FsExService64.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\fveapi.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\fveapibase.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\icaapi.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ImageSAFERMessage.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ImageSAFERRecovery.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ImageSAFERStart_X64.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ImageSAFERStart_X86.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\windows\system32\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\mcmde.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\msmpeg2adec.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\qasf.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\rdpendp_winip.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\seclogon.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\tbs.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\WdfCoInstaller01009.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\CKAgentNXE.dat:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\CKAgentNXE.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\CKSetup32.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\COLORCNV.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\CPFilters.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\devenum.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\fixmapi.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\FsExService64.Exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ImageSAFERMessage.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ImageSAFERRecovery.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\INICRYPTOSDK.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\kck86.sys:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\kck86s.sys:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\kcu86.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ksuser.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\mapi32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\mapistub.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\MASetupCleaner.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\mfvdsp.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\MP3DMOD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\MP43DECD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\MP4SDECD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\MPG4DECD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2adec.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\muzapp.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfx.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxa.sys:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxcv.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxe64.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxes.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxexp.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxext.ocx:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxjv.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxmi.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxmp.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxne.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxpa.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxrsen.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxrskr.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxsdk.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxsvc.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxtr.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxup.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxupd.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxust.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\npkfxx.ocx:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\nvISWOW64.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\nvPhotoshopUtil.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\qasf.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\qedit.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\rdpendp_winip.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\samlib.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\SCSKLoader.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\tbs.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\TDepend.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\TDepend64.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\tknetcfg.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\tknetcfg64.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\TUCtlMng.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\TUCTLSystem.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\uninst_MAWS_MMASJ.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\VIDRESZR.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\winver.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WMADMOD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WMADMOE.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wmpmde.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WMVSENCD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\XPayExtension.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\drmkaud.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\iusb3hcs.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\iusb3hub.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\iusb3xhc.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\ssudbus.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\ssudmdm.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\terminpt.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\winusb.sys:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\358.50-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\359.06-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1511.exe:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1601.exe:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\AMDA00_(764_14472348)_by3DP.exe:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\ipTIME_Wizard_ver_2_60.exe:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\Realtek_HD_(v78_6017647)_by3DP.exe:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.53.0.exe:$CmdTcID
AlternateDataStreams: C:\Users\user\Downloads\정문석(820623)-2015년도자료.pdf:$CmdTcID
AlternateDataStreams: C:\Users\user\AppData\Local\Temporary Internet Files:aeGHh1xfWE2Y9FVvwQPB
 
==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\dacom.net -> dacom.net
IE trusted site: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\lgdacom.net -> lgdacom.net
IE trusted site: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\uplus.co.kr -> uplus.co.kr


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 210.220.163.82 - 219.250.36.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4877199F-8B28-4DE9-B140-02BBEDDB95B6}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{0644085A-D44D-4F0B-92C4-43140149F047}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{21888B48-7349-406A-9072-7B45094DA55B}] => (Allow) LPort=7935
FirewallRules: [{17D52D07-475D-4E3C-B7C8-CE11CCE032E1}] => (Allow) C:\Program Files\AhnLab\Safe Transaction\StSess.exe
FirewallRules: [{029F772C-296D-4E4E-AEC4-B33C8C7EE5CD}] => (Allow) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
FirewallRules: [{9DEF9BB8-6E9A-44FA-A3B7-7A485EEBAC0C}] => (Allow) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
FirewallRules: [{69496BC1-DE23-4B48-A6C1-11CAF247D62B}] => (Allow) C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe
FirewallRules: [{81E00E1C-E501-40D2-AFF9-81CBADBCAF9C}] => (Allow) C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe
FirewallRules: [{ABD4FE81-F3D7-4691-A1CE-D537F778A14A}] => (Allow) LPort=52798
FirewallRules: [{C20349A1-5D17-44E2-8158-07F3D18B1EF8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{7F7C9017-7880-4570-B28F-188526129FAD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{A1B40AB8-0EE0-4757-B020-B89C926F3331}] => (Allow) C:\Program Files (x86)\INNORIX\common\innogmp7.exe
FirewallRules: [{C317B7C8-1B81-4D0E-B2F4-8B4AEF1B60B4}] => (Allow) C:\Program Files (x86)\INNORIX\common\innogmp7.exe
FirewallRules: [{43CD288C-F439-4BB4-95CC-80CB103C7FD9}] => (Allow) C:\Program Files (x86)\INNORIX\common\innosvc7.exe
FirewallRules: [{37D8CBCA-6414-423B-AD44-7E8FE0D85331}] => (Allow) C:\Program Files (x86)\INNORIX\common\innosvc7.exe
FirewallRules: [{5BA10EFD-B994-45C6-93FB-3A5C98AD384C}] => (Allow) C:\Program Files (x86)\Naver\NaverMediaPlayer\NaverAdminAPI.exe
FirewallRules: [{85EA3F4B-9C54-4D79-A3DA-B558B35B827F}] => (Allow) C:\Program Files (x86)\Naver\NaverMediaPlayer\NaverAdminAPI.exe
FirewallRules: [{8C3DEDD8-23AB-4059-94CE-ED3DA30A174D}] => (Allow) C:\Users\user\AppData\Roaming\Kamuse\kcsDownloadV32\KCSDownloadV32.exe
FirewallRules: [{737B2BAD-963E-4A04-BA00-E04BA4D11F7B}] => (Allow) C:\Users\user\AppData\Roaming\Kamuse\kcsDownloadV32\KCSDownloadV32.exe
FirewallRules: [{D6B7B93D-2B39-49E1-B67C-CEFA3951DE31}] => (Allow) C:\Program Files\Autodesk\Maya2016\vray\bin\vray.exe
FirewallRules: [{5D5B09EE-D1B2-4B2C-ABCE-70BA0E67AFAA}] => (Allow) C:\Program Files\Autodesk\Maya2016\vray\bin\vray.exe
FirewallRules: [{DD6C6F85-39C3-49FD-A3C9-87ABB7C61B29}] => (Allow) C:\Program Files (x86)\IPinside_LWS\I3GProc.exe
FirewallRules: [{25D133F6-3D28-4A52-810B-DC3B241A981E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{B45D5310-585E-465F-961E-5D89BEEE710E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{26EA5DDC-BBBE-42F3-B5EA-2FB2FA456D21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A71CC35F-1029-4969-91DD-4679ED9C14B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9A7CCD0A-9DC6-4D67-9923-055EE1C7E15F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7B3403FD-C583-43A7-A895-79A38FB40462}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A3F0CD96-73DC-4AB7-B879-30FA69457F2F}] => (Allow) C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe
FirewallRules: [{459EDC72-7F07-4915-AA86-2D5EF9422E35}] => (Allow) C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe

==================== Faulty Device Manager Devices =============
 
==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2016 08:10:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/26/2016 12:00:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1"에 대한 활성화 컨텍스트를 생성하지 못했습니다. manifest 또는 정책 파일 "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2"의 C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3줄에서 오류가 발생했습니다.
응용 프로그램에서 필요로 하는 구성 요소 버전이 이미 활성화된 다른 구성 요소 버전과 충돌합니다.
충돌하는 구성 요소는 다음과 같습니다.
구성 요소 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
구성 요소 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (10/25/2016 03:27:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/25/2016 11:43:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/24/2016 04:30:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/24/2016 10:36:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2016 10:42:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: TESV.exe, 버전: 1.9.32.0, 타임스탬프: 0x51437ce5
오류 있는 모듈 이름: ntdll.dll, 버전: 6.1.7601.23543, 타임스탬프: 0x57d2f8a2
예외 코드: 0xc0000374
오류 오프셋: 0x000ce843
오류 있는 프로세스 ID: 0xbe4
오류 있는 응용 프로그램 시작 시간: 0xTESV.exe0
오류 있는 응용 프로그램 경로: TESV.exe1
오류 있는 모듈 경로: TESV.exe2
보고서 ID: TESV.exe3

Error: (10/23/2016 06:38:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: TESV.exe, 버전: 1.9.32.0, 타임스탬프: 0x51437ce5
오류 있는 모듈 이름: ntdll.dll, 버전: 6.1.7601.23543, 타임스탬프: 0x57d2f8a2
예외 코드: 0xc0000374
오류 오프셋: 0x000ce843
오류 있는 프로세스 ID: 0x2924
오류 있는 응용 프로그램 시작 시간: 0xTESV.exe0
오류 있는 응용 프로그램 경로: TESV.exe1
오류 있는 모듈 경로: TESV.exe2
보고서 ID: TESV.exe3

Error: (10/23/2016 03:06:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: TESV.exe, 버전: 1.9.32.0, 타임스탬프: 0x51437ce5
오류 있는 모듈 이름: TESV.exe, 버전: 1.9.32.0, 타임스탬프: 0x51437ce5
예외 코드: 0xc0000417
오류 오프셋: 0x00b53759
오류 있는 프로세스 ID: 0x2674
오류 있는 응용 프로그램 시작 시간: 0xTESV.exe0
오류 있는 응용 프로그램 경로: TESV.exe1
오류 있는 모듈 경로: TESV.exe2
보고서 ID: TESV.exe3

Error: (10/23/2016 02:22:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/26/2016 02:35:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: AnySign4PC Launcher 서비스에서 트랜잭션 응답을 기다리는 동안 제한 시간에 도달했습니다(30000밀리초).

Error: (10/26/2016 02:23:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: AnySign4PC Launcher 서비스에서 트랜잭션 응답을 기다리는 동안 제한 시간에 도달했습니다(30000밀리초).

Error: (10/26/2016 01:42:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (10/26/2016 12:42:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (10/26/2016 11:42:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (10/26/2016 10:42:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (10/26/2016 09:42:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (10/26/2016 08:42:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (10/26/2016 08:10:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: 다음 오류로 인해 TKTool 서비스를 시작하지 못했습니다.
%%2

Error: (10/26/2016 08:10:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: 응용 프로그램별로컬시작{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost(LRPC 사용)


CodeIntegrity:
===================================
Date: 2016-09-15 11:09:00.351
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-15 11:04:22.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-15 10:42:29.443
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-15 10:13:11.481
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-15 08:58:33.482
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-15 00:37:57.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-15 00:20:50.777
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-14 23:52:55.738
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-14 23:25:36.398
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-14 23:19:58.075
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 11%
Total physical RAM: 16321.69 MB
Available physical RAM: 14455.73 MB
Total Virtual: 32641.56 MB
Available Virtual: 29456.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.94 GB) (Free:317.08 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:30.85 GB) NTFS
Drive e: () (Fixed) (Total:465.76 GB) (Free:119.92 GB) NTFS
Drive f: () (Fixed) (Total:465.75 GB) (Free:69.55 GB) NTFS
Drive g: () (Fixed) (Total:298.09 GB) (Free:52.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C67C912F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 7E6A949C)
Partition 1: (Active) - (Size=476.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A644CBDA)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FCC0FCC0)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

Already installed:
2.0 Threat Scan
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • To open a Cleaning log, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
I have a problem with "RogueKiller" Report.
After Delete 6 bad things, I forgot to Click "Report".
As a result, I cannot find RKreport.txt on the desktop.
How can I retrive Report ?
 
I re-Run it and found the log.
I am going to post 2 log of RK.

In addition, When I do "AdwCleaner",
I only scan it and did not fix it.

I am posting all log below post.
 
R o g u e K I l l e r V 1 2 . 7 . 4 . 0 ( x 6 4 ) [ O c t 2 4 2 0 1 6 ] ( F r e e ) b y A d l I c e S o f t w a r e

T?? : h t t p : / / w w w . a d l I c e . c o m / c o n t a c t /

<粱?? : h t t p : / / f o r u m . a d l I c e . c o m

遐Юt퓔? : h t t p : / / w w w . a d l I c e . c o m / d o w n l o a d / r o g u e k I l l e r /

?못? : h t t p : / / w w w . a d l I c e . c o m



늠? 늬? : W I n d o w s 7 ( 6 . 1 . 7 6 0 1 S e r v I c e P a c k 1 ) 6 4 b I t s v e r s I o n

堡뫧 堡? : |?? ㉩幷

Ю㈕먉 : u s e r [ ?퉸?

堡뫧? ?? : C : \ P r o g r a m F I l e s \ R o g u e K I l l e r \ R o g u e K I l l e r 6 4 . e x e

㉩幷 : €К? - - 젾潽 : 1 0 / 2 7 / 2 0 1 6 1 2 : 1 2 : 4 9 ( D u r a t I o n : 0 0 : 1 3 : 4 9 )



? ? ? ??정? : 0 ? ? ?



? ? ? 맛쨍乃? : 0 ? ? ?



? ? ? 뫧탤 : 0 ? ? ?



? ? ? ?? : 0 ? ? ?



? ? ? W M I : 0 ? ? ?



? ? ? 8聯쨍? ?? : 0 ? ? ?



? ? ? H퇴漏만衲龜? : 0 ( D r I v e r : \??? ? ? ?



? ? ? 遐 ?럭? ? : 0 ? ? ?



? ? ? M B R €К? : ? ? ?

+ + + + + P h y s I c a l D r I v e 0 : S T 5 0 0 D M 0 0 2 - 1 B D 1 4 2 A T A D e v I c e + + + + +

- - - U s e r - - -

[ M B R ] 2 a 5 3 3 8 4 d b 0 a 8 1 a 9 6 a 0 c 5 e 0 9 6 7 6 6 e 1 8 3 f

[ B S P ] 5 a 9 e 3 5 1 4 5 7 4 6 2 e b d 0 4 6 9 8 4 3 8 e b 1 3 9 3 8 5 : E m p t y | V T . U n k n o w n M B R C o d e

P a r t I t I o n t a b l e :

0 - [ X X X X X X ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 2 0 4 8 | S I z e : 4 7 6 9 3 7 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

U s e r = L L 1 . . . O K

U s e r = L L 2 . . . O K



+ + + + + P h y s I c a l D r I v e 1 : A D A T A S P 9 0 0 A T A D e v I c e + + + + +

- - - U s e r - - -

[ M B R ] 3 e c 6 3 6 9 3 7 7 7 3 d e 4 d 1 9 1 e 2 d d 2 f 5 7 8 c 8 2 1

[ B S P ] 9 4 f 2 a 1 a 3 1 0 1 1 7 3 0 3 d d b d d 4 a b f 9 5 0 a e 7 2 : W I n d o w s V I s t a / 7 / 8 | V T . U n k n o w n M B R C o d e

P a r t I t I o n t a b l e :

0 - [ A C T I V E ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 2 0 4 8 | S I z e : 4 8 8 3 8 4 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

U s e r = L L 1 . . . O K

U s e r = L L 2 . . . O K



+ + + + + P h y s I c a l D r I v e 2 : S T 1 0 0 0 D M 0 0 3 - 1 C H 1 6 2 S C S I D I s k D e v I c e + + + + +

- - - U s e r - - -

[ M B R ] 2 4 9 c f 3 b d 6 a 2 6 e 8 8 d 0 9 3 1 1 d e 9 2 4 e 0 a 9 4 d

[ B S P ] 4 f f 8 4 6 e 5 2 f 1 1 e b b 6 c b c 8 e 6 d 7 0 9 f c 0 d c 6 : W I n d o w s V I s t a / 7 / 8 M B R C o d e

P a r t I t I o n t a b l e :

0 - [ A C T I V E ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 2 0 4 8 | S I z e : 4 7 6 9 3 4 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

1 - [ X X X X X X ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 9 7 6 7 6 2 8 8 0 | S I z e : 4 7 6 9 3 2 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

U s e r = L L 1 . . . O K

U s e r = L L 2 . . . O K



+ + + + + P h y s I c a l D r I v e 3 : S A M S U N G H D 3 2 2 H J S C S I D I s k D e v I c e + + + + +

- - - U s e r - - -

[ M B R ] 4 0 9 6 8 9 5 a e 9 8 3 8 5 3 3 4 7 e e 1 1 e 9 2 3 7 3 7 e c 6

[ B S P ] e 0 4 6 9 f 3 7 e e 1 0 b 2 1 1 5 6 6 c f f 4 b b 3 9 a c e 3 c : W I n d o w s V I s t a / 7 / 8 | V T . U n k n o w n M B R C o d e

P a r t I t I o n t a b l e :

0 - [ X X X X X X ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 2 0 4 8 | S I z e : 3 0 5 2 4 3 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

U s e r = L L 1 . . . O K

U s e r = L L 2 . . . O K
 
R o g u e K I l l e r V 1 2 . 7 . 4 . 0 ( x 6 4 ) [ O c t 2 4 2 0 1 6 ] ( F r e e ) b y A d l I c e S o f t w a r e

T?? : h t t p : / / w w w . a d l I c e . c o m / c o n t a c t /

<粱?? : h t t p : / / f o r u m . a d l I c e . c o m

遐Юt퓔? : h t t p : / / w w w . a d l I c e . c o m / d o w n l o a d / r o g u e k I l l e r /

?못? : h t t p : / / w w w . a d l I c e . c o m



늠? 늬? : W I n d o w s 7 ( 6 . 1 . 7 6 0 1 S e r v I c e P a c k 1 ) 6 4 b I t s v e r s I o n

堡뫧 堡? : |?? ㉩幷

Ю㈕먉 : u s e r [ ?퉸?

堡뫧? ?? : C : \ P r o g r a m F I l e s \ R o g u e K I l l e r \ R o g u e K I l l e r 6 4 . e x e

㉩幷 : ?? - - 젾潽 : 1 0 / 2 7 / 2 0 1 6 1 0 : 4 0 : 3 6 ( D u r a t I o n : 0 0 : 1 4 : 4 8 )



? ? ? ??정? : 0 ? ? ?



? ? ? 맛쨍乃? : 2 ? ? ?

[ P U M . H o m e P a g e ] ( X 6 4 ) H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 2 0 7 7 8 1 7 9 0 - 2 7 6 6 3 0 0 1 1 1 - 2 2 7 4 4 4 6 7 2 0 - 1 0 0 0 \ S o f t w a r e \ M I c r o s o f t \ I n t e r n e t E x p l o r e r \ M a I n | S t a r t P a g e : h t t p : / / n a v e r . c o m / - > 낫?? ( h t t p : / / g o . m I c r o s o f t . c o m / f w l I n k / p / ? L I n k I d = 2 5 5 1 4 1 )

[ P U M . H o m e P a g e ] ( X 8 6 ) H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 2 0 7 7 8 1 7 9 0 - 2 7 6 6 3 0 0 1 1 1 - 2 2 7 4 4 4 6 7 2 0 - 1 0 0 0 \ S o f t w a r e \ M I c r o s o f t \ I n t e r n e t E x p l o r e r \ M a I n | S t a r t P a g e : h t t p : / / n a v e r . c o m / - > 낫?? ( h t t p : / / g o . m I c r o s o f t . c o m / f w l I n k / p / ? L I n k I d = 2 5 5 1 4 1 )



? ? ? 뫧탤 : 0 ? ? ?



? ? ? ?? : 4 ? ? ?

[ H j . N a m e ] [ ?? C : \ U s e r s \ u s e r \ A p p D a t a \ L o c a l \ T e m p \ R a r S F X 0 \ d a t a \ x 6 4 P \ w I n l o g o n . e x e - > ???
[ H j . N a m e ] [ ?? C : \ U s e r s \ u s e r \ A p p D a t a \ L o c a l \ T e m p \ R a r S F X 0 \ d a t a \ x 6 4 T \ w I n l o g o n . e x e - > ???
[ H j . N a m e ] [ ?? C : \ U s e r s \ u s e r \ A p p D a t a \ L o c a l \ T e m p \ R a r S F X 0 \ d a t a \ x 8 6 P \ w I n l o g o n . e x e - > ???
[ H j . N a m e ] [ ?? C : \ U s e r s \ u s e r \ A p p D a t a \ L o c a l \ T e m p \ R a r S F X 0 \ d a t a \ x 8 6 T \ w I n l o g o n . e x e - > ???


? ? ? W M I : 0 ? ? ?



? ? ? 8聯쨍? ?? : 0 ? ? ?



? ? ? H퇴漏만衲龜? : 0 ( D r I v e r : \??? ? ? ?



? ? ? 遐 ?럭? ? : 0 ? ? ?



? ? ? M B R €К? : ? ? ?

+ + + + + P h y s I c a l D r I v e 0 : S T 5 0 0 D M 0 0 2 - 1 B D 1 4 2 A T A D e v I c e + + + + +

- - - U s e r - - -

[ M B R ] 2 a 5 3 3 8 4 d b 0 a 8 1 a 9 6 a 0 c 5 e 0 9 6 7 6 6 e 1 8 3 f

[ B S P ] 5 a 9 e 3 5 1 4 5 7 4 6 2 e b d 0 4 6 9 8 4 3 8 e b 1 3 9 3 8 5 : E m p t y | V T . U n k n o w n M B R C o d e

P a r t I t I o n t a b l e :

0 - [ X X X X X X ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 2 0 4 8 | S I z e : 4 7 6 9 3 7 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

U s e r = L L 1 . . . O K

U s e r = L L 2 . . . O K



+ + + + + P h y s I c a l D r I v e 1 : A D A T A S P 9 0 0 A T A D e v I c e + + + + +

- - - U s e r - - -

[ M B R ] 3 e c 6 3 6 9 3 7 7 7 3 d e 4 d 1 9 1 e 2 d d 2 f 5 7 8 c 8 2 1

[ B S P ] 9 4 f 2 a 1 a 3 1 0 1 1 7 3 0 3 d d b d d 4 a b f 9 5 0 a e 7 2 : W I n d o w s V I s t a / 7 / 8 | V T . U n k n o w n M B R C o d e

P a r t I t I o n t a b l e :

0 - [ A C T I V E ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 2 0 4 8 | S I z e : 4 8 8 3 8 4 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

U s e r = L L 1 . . . O K

U s e r = L L 2 . . . O K



+ + + + + P h y s I c a l D r I v e 2 : S T 1 0 0 0 D M 0 0 3 - 1 C H 1 6 2 S C S I D I s k D e v I c e + + + + +

- - - U s e r - - -

[ M B R ] 2 4 9 c f 3 b d 6 a 2 6 e 8 8 d 0 9 3 1 1 d e 9 2 4 e 0 a 9 4 d

[ B S P ] 4 f f 8 4 6 e 5 2 f 1 1 e b b 6 c b c 8 e 6 d 7 0 9 f c 0 d c 6 : W I n d o w s V I s t a / 7 / 8 M B R C o d e

P a r t I t I o n t a b l e :

0 - [ A C T I V E ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 2 0 4 8 | S I z e : 4 7 6 9 3 4 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

1 - [ X X X X X X ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 9 7 6 7 6 2 8 8 0 | S I z e : 4 7 6 9 3 2 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

U s e r = L L 1 . . . O K

U s e r = L L 2 . . . O K



+ + + + + P h y s I c a l D r I v e 3 : S A M S U N G H D 3 2 2 H J S C S I D I s k D e v I c e + + + + +

- - - U s e r - - -

[ M B R ] 4 0 9 6 8 9 5 a e 9 8 3 8 5 3 3 4 7 e e 1 1 e 9 2 3 7 3 7 e c 6

[ B S P ] e 0 4 6 9 f 3 7 e e 1 0 b 2 1 1 5 6 6 c f f 4 b b 3 9 a c e 3 c : W I n d o w s V I s t a / 7 / 8 | V T . U n k n o w n M B R C o d e

P a r t I t I o n t a b l e :

0 - [ X X X X X X ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 2 0 4 8 | S I z e : 3 0 5 2 4 3 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

U s e r = L L 1 . . . O K

U s e r = L L 2 . . . O K
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-10-27
Scan Time: 오후 12:35
Logfile: MAM_Log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.27.02
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350278
Time Elapsed: 3 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.Agent.Trace, C:\Windows\SysWOW64\auction.ico, Quarantined, [ab832a74b9e1a294d0c7daeda55e7789],
Trojan.Agent.Trace, C:\Windows\SysWOW64\gmarket.ico, Quarantined, [47e7f2acd6c462d47d84c404d33027d9],

Physical Sectors: 0
(No malicious items detected)


(end)
 
# AdwCleaner v6.030 - Logfile created 27/10/2016 at 12:49:35
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-27.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis True Image Home\도구 및 유틸리티\이미지 마운트.lnk ( /mount_image )


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [787 Bytes] - [01/06/2016 11:59:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [1212 Bytes] - [27/10/2016 12:49:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1285 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Ultimate x64
Ran by user (Administrator) on 2016-10-27 at 12:54:57.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8

Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7PXO74X7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPCQMD8I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNBP1B5R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZI17O4Z (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7PXO74X7 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPCQMD8I (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNBP1B5R (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZI17O4Z (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-10-27 at 13:02:51.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 16-10-23.01 - user 2016-10-27 13:40:24.1.4 - x64
Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.16322.13803 [GMT 9:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Disabled* {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Comodo Defense+ *Enabled/Updated* {6BAD9487-8DE8-D130-293E-C6A728B4104F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Roaming\Local
c:\users\user\AppData\Roaming\Local\Skyrim\DLCList.txt
c:\users\user\AppData\Roaming\Local\Skyrim\plugins.txt
c:\users\user\Desktop\Setup.exe
c:\windows\Downloaded Program Files\XPayPlugin
c:\windows\Downloaded Program Files\XPayPlugin\LGDacomPaymentView.ocx
c:\windows\hipiw.dll
c:\windows\SysWow64\11st.ico
c:\windows\SysWow64\CKAgent.dat
.
Infected copy of c:\windows\System32\winver.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
.
.
((((((((((((((((((((((((( Files Created from 2016-09-27 to 2016-10-27 )))))))))))))))))))))))))))))))
.
.
2016-10-27 04:47 . 2016-10-27 04:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-10-27 04:47 . 2016-10-27 04:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-27 01:39 . 2016-10-27 01:39 -------- d-----w- c:\program files\RogueKiller
2016-10-26 05:49 . 2016-10-26 05:51 -------- d-----w- C:\FRST
2016-10-22 11:43 . 2016-10-18 19:31 134712 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2016-10-22 11:43 . 2016-09-09 18:25 269600 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-10-22 11:43 . 2016-09-09 18:25 110880 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-10-22 11:43 . 2016-09-09 18:25 261920 ----a-w- c:\windows\system32\vulkan-1.dll
2016-10-22 11:43 . 2016-09-09 18:24 125216 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-10-22 11:43 . 2016-10-22 11:43 -------- d-----w- c:\program files (x86)\VulkanRT
2016-10-19 07:06 . 2016-10-19 07:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-10-15 13:27 . 2016-10-15 13:27 164360 ----a-r- c:\windows\system32\CKAgent.exe
2016-10-15 13:27 . 2016-10-15 13:27 164360 ----a-r- c:\windows\SysWow64\CKAgent.exe
2016-10-12 07:37 . 2016-10-01 21:15 1935808 ----a-w- c:\windows\system32\nvdispco6437306.dll
2016-10-12 07:37 . 2016-10-01 21:15 1585088 ----a-w- c:\windows\system32\nvdispgenco6437306.dll
2016-10-12 07:32 . 2016-09-30 04:25 1844280 ----a-w- c:\windows\system32\nvspcap64.dll
2016-10-12 07:32 . 2016-09-30 04:25 1756728 ----a-w- c:\windows\system32\nvspbridge64.dll
2016-10-12 07:32 . 2016-09-30 04:25 1445944 ----a-w- c:\windows\SysWow64\nvspcap.dll
2016-10-12 07:32 . 2016-09-30 04:25 1318968 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2016-10-12 07:32 . 2016-09-30 04:25 121912 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2016-10-02 13:26 . 2016-10-25 11:12 -------- d-----w- C:\TES5LODGenOutput
2016-09-29 11:24 . 2016-10-06 07:50 -------- d-----w- c:\users\user\AppData\Roaming\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-27 04:03 . 2015-10-22 06:43 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-10-27 04:03 . 2015-10-22 06:43 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-27 03:43 . 2016-04-26 09:33 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-10-27 03:12 . 2016-04-26 09:03 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-10-26 02:29 . 2015-10-25 14:07 3952752 ----a-w- c:\windows\system32\btscan.exe
2016-10-19 22:48 . 2016-09-26 06:34 1595456 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2016-10-19 07:05 . 2016-01-20 05:24 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-10-18 21:23 . 2016-09-26 06:34 19917400 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-10-18 21:23 . 2016-09-26 06:34 3930688 ----a-w- c:\windows\system32\nvapi64.dll
2016-10-18 21:23 . 2016-09-26 06:34 3469408 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-10-18 19:52 . 2016-09-26 06:35 2477624 ----a-w- c:\windows\system32\nvsvc64.dll
2016-10-18 19:52 . 2016-09-26 06:35 6386232 ----a-w- c:\windows\system32\nvcpl.dll
2016-10-18 19:52 . 2016-09-26 06:35 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-10-18 19:52 . 2016-09-26 06:35 71224 ----a-w- c:\windows\system32\nvshext.dll
2016-10-18 19:52 . 2016-09-26 06:35 546752 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-10-18 19:52 . 2016-09-26 06:35 392128 ----a-w- c:\windows\system32\nvmctray.dll
2016-10-18 19:52 . 2016-09-26 06:35 1762752 ----a-w- c:\windows\system32\nvsvcr.dll
2016-10-18 19:52 . 2016-09-26 06:35 7471705 ----a-w- c:\windows\system32\nvcoproc.bin
2016-10-18 19:45 . 2016-09-15 07:07 1951 ----a-w- c:\windows\NvContainerRecovery.bat
2016-10-15 13:27 . 2015-10-25 14:06 101152 ----a-w- c:\windows\system32\kck64.sys
2016-10-13 10:48 . 2015-10-22 08:19 293352 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-10-12 04:44 . 2015-10-22 13:45 143495576 -c--a-w- c:\windows\system32\MRT.exe
2016-09-30 04:25 . 2016-09-26 06:31 47672 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2016-09-30 04:25 . 2016-09-26 06:31 95800 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2016-09-30 04:25 . 2016-09-26 06:31 106040 ----a-w- c:\windows\system32\nvaudcap64v.dll
2016-09-26 05:17 . 2016-09-26 05:18 189112 ----a-w- c:\windows\PAExec.exe
2016-09-23 01:06 . 2015-10-22 08:19 513632 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-21 10:48 . 2015-10-22 08:19 969184 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-09-21 10:48 . 2016-09-21 10:48 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-09-21 10:48 . 2015-10-22 08:19 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-09-21 10:48 . 2015-10-22 08:19 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-09-21 10:48 . 2015-10-22 08:19 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-09-21 10:48 . 2015-10-22 08:19 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-09-21 10:48 . 2015-10-22 08:19 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-09-21 10:48 . 2016-09-21 10:48 53208 ----a-w- c:\windows\avastSS.scr
2016-09-21 10:48 . 2016-03-23 09:31 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-09-17 00:46 . 2016-09-26 06:34 213952 ----a-w- c:\windows\system32\OpenCL.dll
2016-09-17 00:46 . 2016-09-26 06:34 203320 ----a-w- c:\windows\SysWow64\OpenCL.dll
2016-09-17 00:46 . 2016-09-26 06:34 1922616 ----a-w- c:\windows\system32\nvdispco6437290.dll
2016-09-17 00:46 . 2016-09-26 06:34 1585088 ----a-w- c:\windows\system32\nvdispgenco6437290.dll
2016-09-14 23:07 . 2015-08-04 16:29 51800 ----a-w- c:\windows\system32\cmdcsr.dll
2016-09-14 23:07 . 2015-09-03 03:52 642976 ----a-w- c:\windows\SysWow64\guard32.dll
2016-09-14 23:07 . 2015-09-03 03:52 813824 ----a-w- c:\windows\system32\guard64.dll
2016-09-14 23:05 . 2015-08-04 16:28 365752 ----a-w- c:\windows\system32\cmdvrt64.dll
2016-09-14 23:04 . 2015-08-04 16:28 51896 ----a-w- c:\windows\system32\cmdkbd64.dll
2016-09-14 23:02 . 2015-08-04 16:27 296120 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2016-09-14 23:01 . 2015-08-04 16:26 46776 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2016-09-13 14:33 . 2016-09-13 14:33 139264 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{84AEB93A-ECBB-4568-8F59-D4516EF59079}\ARPPRODUCTICON.exe
2016-09-13 14:33 . 2016-09-13 14:33 139264 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{84AEB93A-ECBB-4568-8F59-D4516EF59079}\_96EBF971B10B4CB5BF2753AEAAB064E5.exe
2016-09-13 14:33 . 2016-09-13 14:33 139264 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{84AEB93A-ECBB-4568-8F59-D4516EF59079}\_5CBF720004C34C82A394A37641F2D9C1.exe
2016-09-09 18:25 . 2016-09-09 18:25 269600 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-26-0.dll
2016-09-09 18:25 . 2016-09-09 18:25 110880 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-26-0.exe
2016-09-09 18:25 . 2016-09-09 18:25 261920 ----a-w- c:\windows\system32\vulkan-1-1-0-26-0.dll
2016-09-09 18:24 . 2016-09-09 18:24 125216 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-26-0.exe
2016-09-09 17:59 . 2016-10-12 00:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-09-06 08:07 . 2015-09-25 05:41 47976 ----a-w- c:\windows\SysWow64\noskp64.sys
2016-09-06 08:07 . 2015-09-25 05:40 43824 ----a-w- c:\windows\SysWow64\noskp.sys
2016-09-06 08:07 . 2015-09-14 11:03 56288 ----a-w- c:\windows\SysWow64\nosku64.sys
2016-09-06 08:07 . 2015-09-14 11:03 54824 ----a-w- c:\windows\SysWow64\nosku.sys
2016-09-06 08:07 . 2015-08-13 09:05 60456 ----a-w- c:\windows\SysWow64\noska.sys
2016-09-06 08:07 . 2015-08-13 08:28 227104 ----a-w- c:\windows\SysWow64\TKFsAv.sys
2016-09-06 08:07 . 2015-08-13 08:28 191544 ----a-w- c:\windows\system32\TKFsAv64.sys
2016-08-31 11:49 . 2015-08-04 16:31 116248 ----a-w- c:\windows\system32\drivers\inspect.sys
2016-08-31 11:49 . 2015-08-04 16:31 56976 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2016-08-31 11:49 . 2015-08-04 16:31 830624 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2016-08-31 11:49 . 2015-08-04 16:31 31648 ----a-w- c:\windows\system32\drivers\cmderd.sys
2016-08-26 00:18 . 2016-09-26 07:00 3299824 ----a-w- c:\windows\system32\YamahaAE2.dll
2016-08-26 00:18 . 2016-09-26 07:00 15202040 ----a-w- c:\windows\system32\YamahaAE3.dll
2016-08-26 00:18 . 2016-09-26 07:00 962136 ----a-w- c:\windows\system32\tosasfapo64.dll
2016-08-26 00:18 . 2016-09-26 07:00 601144 ----a-w- c:\windows\system32\tossaemaxapo64.dll
2016-08-26 00:18 . 2016-09-26 07:00 447184 ----a-w- c:\windows\system32\toseaeapo64.dll
2016-08-26 00:18 . 2016-09-26 07:00 2190992 ----a-w- c:\windows\system32\YamahaAE.dll
2016-08-26 00:18 . 2016-09-26 07:00 2110600 ----a-w- c:\windows\system32\WavesGUILib64.dll
2016-08-26 00:18 . 2016-09-26 07:00 1382240 ----a-w- c:\windows\system32\tosade.dll
2016-08-26 00:18 . 2016-09-26 07:00 1337648 ----a-w- c:\windows\system32\tossaeapo64.dll
2016-08-26 00:18 . 2016-09-26 07:00 873464 ----a-w- c:\windows\system32\tadefxapo264.dll
2016-08-26 00:18 . 2016-09-26 07:00 75544 ----a-w- c:\windows\system32\tepeqapo64.dll
2016-08-26 00:18 . 2016-09-26 07:00 571376 ----a-w- c:\windows\system32\tbb_waves.dll
2016-08-26 00:18 . 2016-09-26 07:00 532384 ----a-w- c:\windows\system32\SRSTSX64.dll
2016-08-26 00:18 . 2016-09-26 07:00 221968 ----a-w- c:\windows\system32\SRSTSH64.dll
2016-08-26 00:18 . 2016-09-26 07:00 209536 ----a-w- c:\windows\system32\SRSHP64.dll
2016-08-26 00:18 . 2016-09-26 07:00 166208 ----a-w- c:\windows\system32\SRSWOW64.dll
2016-08-26 00:18 . 2016-09-26 07:00 158704 ----a-w- c:\windows\system32\tadefxapo.dll
2016-08-26 00:18 . 2016-09-26 07:00 1435144 ----a-w- c:\windows\system32\SRRPTR64.dll
2016-08-26 00:18 . 2016-09-26 07:00 467160 ----a-w- c:\windows\system32\SRAPO64.dll
2016-08-26 00:18 . 2016-09-26 07:00 381416 ----a-w- c:\windows\system32\SRCOM64.dll
2016-08-26 00:18 . 2016-09-26 07:00 341152 ----a-w- c:\windows\SysWow64\SRCOM.dll
2016-08-26 00:18 . 2016-09-26 07:00 341152 ----a-w- c:\windows\system32\SRCOM.dll
2016-08-26 00:18 . 2016-09-26 07:00 2706864 ----a-w- c:\windows\system32\sltech64.dll
2016-08-26 00:18 . 2016-09-26 07:00 258864 ----a-w- c:\windows\system32\slprp64.dll
2016-08-26 00:18 . 2016-09-26 07:00 2203752 ----a-w- c:\windows\system32\slcnt64.dll
2016-08-26 00:18 . 2016-09-26 07:00 965032 ----a-w- c:\windows\system32\SFSS_APO.dll
2016-08-26 00:18 . 2016-09-26 07:00 90920 ----a-w- c:\windows\system32\SFCOM64.dll
2016-08-26 00:18 . 2016-09-26 07:00 88328 ----a-w- c:\windows\system32\SFAPO64.dll
2016-08-26 00:18 . 2016-09-26 07:00 864344 ----a-w- c:\windows\SysWow64\SEHDHF32.dll
2016-08-26 00:18 . 2016-09-26 07:00 858200 ----a-w- c:\windows\system32\SEHDRA64.dll
2016-08-26 00:18 . 2016-09-26 07:00 854032 ----a-w- c:\windows\system32\SECOMN64.dll
2016-08-26 00:18 . 2016-09-26 07:00 83632 ----a-w- c:\windows\SysWow64\SFCOM.dll
2016-08-26 00:18 . 2016-09-26 07:00 725944 ----a-w- c:\windows\SysWow64\SECOMN32.dll
2016-08-26 00:18 . 2016-09-26 07:00 498648 ----a-w- c:\windows\system32\SEAPO64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[7] 2014-07-16 . 98AA0BFEE089C7E5DADB94190D93456C . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[7] 2014-03-04 . 6CE2AE073BD21C542FC2C707CAE944CC . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[7] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2010-08-06 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2016-08-16 . 8F4B991E7837E8E0F90C856659456652 . 1009152 . . [6.1.7601.23528] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23528_none_2be110419d1e60a5\user32.dll
[7] 2015-11-10 . E42CB2576D5C8456C60988B1C908F41A . 1009152 . . [6.1.7601.23265] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_2bb2ca019d418cef\user32.dll
[7] 2015-11-10 . 06BF84D26A05D400F6B3FB3D3DE0B03A . 1008640 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_2b252a2884278aa2\user32.dll
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2010-08-06 . F78E7BD7ADC829D9DD92C558180E09DB . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ipTIME_Upgrade_Notification"="c:\users\user\AppData\Local\ipTIME\ipTIME_Upgrade_Notification\ipTIME_Upgrade_Notification.exe" [2016-02-07 1133296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-01-17 5695296]
"IME14 KOR Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2015-10-13 81080]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-10-14 9083840]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"wizvera-veraport"="c:\program files (x86)\Wizvera\Veraport20\veraport.exe" [2015-12-10 1413352]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-12-19 296216]
"AnySign4PC"="c:\program files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PC.exe" [2016-04-27 2377736]
"ipinside-lws"="c:\program files (x86)\IPinside_LWS\I3GProc.exe" [2016-09-24 269112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-09-22 587288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
Ime File REG_SZ IMKR14.IME
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 npkfxsvc;npkfxsvc;c:\windows\SysWow64\npkfxsvc.exe;c:\windows\SysWow64\npkfxsvc.exe [x]
R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2K.sys;c:\windows\SYSNATIVE\drivers\AhnFlt2K.sys [x]
R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2K.sys;c:\windows\SYSNATIVE\drivers\AhnRec2K.sys [x]
R3 AntiStealth_MYFIREWALL40ASD;AntiStealth_MYFIREWALL40ASD;c:\program files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys [x]
R3 AntiStealth_MYFIREWALL40ASDF;AntiStealth_MYFIREWALL40ASDF;c:\program files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys [x]
R3 ascrts_SafeTransaction;ascrts_SafeTransaction;c:\program files\AhnLab\Safe Transaction\asc\ascrts.sys;c:\program files\AhnLab\Safe Transaction\asc\ascrts.sys [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 ATamptNt_MYFIREWALL40ASD;ATamptNt_MYFIREWALL40ASD;c:\progra~1\AhnLab\ASP\MYFIRE~1.0\ATamptNt.sys;c:\progra~1\AhnLab\ASP\MYFIRE~1.0\ATamptNt.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS;c:\windows\SYSNATIVE\JRSKD24.SYS [x]
R3 kck64;kck64;c:\windows\system32\kck64.sys;c:\windows\SYSNATIVE\kck64.sys [x]
R3 MeDCoreD_SafeTransaction;MeDCoreD_SafeTransaction;c:\program files\AhnLab\Safe Transaction\MeDCoreD.sys;c:\program files\AhnLab\Safe Transaction\MeDCoreD.sys [x]
R3 MeDVpDrv_SafeTransaction;MeDVpDrv_SafeTransaction;c:\program files\AhnLab\Safe Transaction\MeDVpDrv.sys;c:\program files\AhnLab\Safe Transaction\MeDVpDrv.sys [x]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys;c:\windows\SYSNATIVE\drivers\Mkd2Bthf.sys [x]
R3 MyFw40Service;MyFirewall 4.0 Service;c:\program files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe;c:\program files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 npkfxs;npkfxs;c:\windows\syswow64\npkfxs.sys;c:\windows\syswow64\npkfxs.sys [x]
R3 npkfxu;npkfxu;c:\windows\syswow64\npkfxu.sys;c:\windows\syswow64\npkfxu.sys [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 ProDefense;ProDefense;c:\windows\system32\drivers\ProDefense.sys;c:\windows\SYSNATIVE\drivers\ProDefense.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\SysWOW64\Drivers\TFsExDisk.sys;c:\windows\SysWOW64\Drivers\TFsExDisk.sys [x]
R3 TNFwNt_MYFIREWALL40ASD;TNFwNt_MYFIREWALL40ASD;c:\program files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys [x]
R3 TNFwNt_SafeTransaction;TNFwNt_SafeTransaction;c:\program files\AhnLab\Safe Transaction\TNFwNt.sys;c:\program files\AhnLab\Safe Transaction\TNFwNt.sys [x]
R3 TNNipsNt_MYFIREWALL40ASD;TNNipsNt_MYFIREWALL40ASD;c:\program files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys [x]
R3 TNNipsNt_SafeTransaction;TNNipsNt_SafeTransaction;c:\program files\AhnLab\Safe Transaction\TNNipsNt.sys;c:\program files\AhnLab\Safe Transaction\TNNipsNt.sys [x]
R3 TSFLTDRV_SafeTransaction;TSFLTDRV_SafeTransaction;c:\progra~1\AhnLab\SAFETR~1\TSFLTDRV.sys;c:\progra~1\AhnLab\SAFETR~1\TSFLTDRV.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;인텔(R) USB 3.0 호스트 컨트롤러 스위치 드라이버;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]
S1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys;c:\windows\SYSNATIVE\Drivers\AMonTDLH.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 UltraCDROM;Ultra CDROM SCSI Controller;c:\windows\system32\DRIVERS\UltraCDROM.sys;c:\windows\SYSNATIVE\DRIVERS\UltraCDROM.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup 서비스;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AnySign4PC Launcher;AnySign4PC Launcher;c:\program files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe;c:\program files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 FoxitReaderService;Foxit Reader Service;c:\program files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [x]
S2 I3GMainSvc;Interezen LWS;c:\program files (x86)\IPinside_LWS\I3GMainSvc.exe;c:\program files (x86)\IPinside_LWS\I3GMainSvc.exe [x]
S2 Image Protection;Image Protect Service;c:\windows\ImageSAFERSvc.exe;c:\windows\ImageSAFERSvc.exe [x]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [x]
S2 Innosvc7;Innosvc7;c:\program files (x86)\INNORIX\common\innosvc7.exe;c:\program files (x86)\INNORIX\common\innosvc7.exe [x]
S2 Naver Updater;Naver Updater;c:\program files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe;c:\program files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe [x]
S2 nossvc;nProtect Online Security(PFS);c:\program files (x86)\INCAInternet\nProtect Online Security\nossvc.exe;c:\program files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [x]
S2 SafeTransactionSVC;AhnLab Safe Transaction Service;c:\program files\AhnLab\Safe Transaction\ASDSvc.exe;c:\program files\AhnLab\Safe Transaction\ASDSvc.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 TUCtlSystem;TUCtlSystem;c:\windows\SysWOW64\TUCTLSystem.exe;c:\windows\SysWOW64\TUCTLSystem.exe [x]
S2 VPWalletService;VPWalletService;c:\program files (x86)\VP\VPWalletService\VPWalletService.exe;c:\program files (x86)\VP\VPWalletService\VPWalletService.exe [x]
S2 WizveraPMSvc;WIZVERA Process Manager Service;c:\program files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe;c:\program files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe [x]
S2 WooriBankSecLogGather;WooriBankSecLogGather;c:\program files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe;c:\program files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys;c:\windows\SYSNATIVE\drivers\AhnRghNt.sys [x]
S3 AntiStealth_SafeTransaction;AntiStealth_SafeTransaction;c:\program files\AhnLab\Safe Transaction\AHAWKENT.sys;c:\program files\AhnLab\Safe Transaction\AHAWKENT.sys [x]
S3 AntiStealth_SafeTransactionF;AntiStealth_SafeTransactionF;c:\program files\AhnLab\Safe Transaction\TfFRegNt.sys;c:\program files\AhnLab\Safe Transaction\TfFRegNt.sys [x]
S3 ATamptNt_SafeTransaction;ATamptNt_SafeTransaction;c:\progra~1\AhnLab\SAFETR~1\ATamptNt.sys;c:\progra~1\AhnLab\SAFETR~1\ATamptNt.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 Cdm2DrNt;Cdm2DrNt;c:\windows\system32\Drivers\Cdm2DrNt.sys;c:\windows\SYSNATIVE\Drivers\Cdm2DrNt.sys [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 HSBDrv64;HSBDrv64;c:\windows\system32\drivers\HSBDrv64.sys;c:\windows\SYSNATIVE\drivers\HSBDrv64.sys [x]
S3 ISMgr;Image SAFER Process Managerment NT.;c:\windows\system32\ImageSAFERDrv64.sys;c:\windows\SYSNATIVE\ImageSAFERDrv64.sys [x]
S3 iusb3hub;인텔(R) USB 3.0 허브 드라이버;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;인텔(R) USB 3.0 확장 가능한 호스트 컨트롤러 드라이버;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS;c:\windows\SYSNATIVE\JRSUKD25.SYS [x]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys;c:\windows\SYSNATIVE\drivers\Mkd2Nadr.sys [x]
S3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys;c:\windows\SYSNATIVE\drivers\Mkd3kfNt.sys [x]
S3 noskp;noskp;c:\windows\syswow64\noskp64.sys;c:\windows\syswow64\noskp64.sys [x]
S3 nosku;nosku;c:\windows\syswow64\nosku64.sys;c:\windows\syswow64\nosku64.sys [x]
S3 np_ck64s;np_ck64s;c:\windows\syswow64\np_ck64s.sys;c:\windows\syswow64\np_ck64s.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 TKCtrl;TKCtrl;c:\windows\system32\TKCtrl2k64.sys;c:\windows\SYSNATIVE\TKCtrl2k64.sys [x]
S3 TKFsAvM;TKFsAvM;c:\windows\system32\TKFsAv64.sys;c:\windows\SYSNATIVE\TKFsAv64.sys [x]
S3 TKFsFtM;TKFsFtM;c:\windows\system32\TKFsFt64.sys;c:\windows\SYSNATIVE\TKFsFt64.sys [x]
S3 TKPcFt;TKPcFt;c:\windows\system32\TKPcFtCb64.sys;c:\windows\SYSNATIVE\TKPcFtCb64.sys [x]
S3 TKRgAc;TKRgAc;c:\windows\system32\TKRgAc2k64.sys;c:\windows\SYSNATIVE\TKRgAc2k64.sys [x]
S3 TKRgFt;TKRgFt;c:\windows\system32\TKRgFtXp64.sys;c:\windows\SYSNATIVE\TKRgFtXp64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-25 14:31 1363560 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-22 04:03]
.
2016-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-22 08:01]
.
2016-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-22 08:01]
.
.
 
Back