Solved Virus appeared when my relative use my computer

neowing

Posts: 308   +1
Recently my relative visited my home and use the computer.

That time, I didn't stay home but he told me there is a virus in the computer.
The problem is, I was outside and he [relative] clicked "Ok" when pop up showed up.

As a result, I am nout sure if my computer is safe or not.

So, I am posting my log today.

The First :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by user (administrator) on USER-PC (24-04-2016 19:42:50)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: 한국어(대한민국)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(SOFTFORUM) C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\StSess.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(EFM Networks) C:\Users\user\AppData\Local\ipTIME\ipTIME_Upgrade_Notification\ipTIME_Upgrade_Notification.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe
(SOFTFORUM) C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\AnySign4PC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(MarkAny) C:\Windows\ImageSAFERSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(INNORIX) C:\Program Files (x86)\INNORIX\common\innosvc7.exe
(NAVER Corp.) C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X86.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Teruten) C:\Windows\SysWOW64\TUCTLSystem.exe
() C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe
(우리은행) C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\Nz32\StSess32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 **D�<*>] => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Run: [IME14 KOR Setup] => C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110776 2015-10-13] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-04-08] (COMODO)
HKLM\...\Run: [AhnLab Safe Transaction Application] => C:\Program Files\AhnLab\Safe Transaction\stsess.exe [4017848 2016-04-11] (AhnLab, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-12-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5695296 2011-01-17] (Acronis)
HKLM-x32\...\Run: [IME14 KOR Setup] => C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81080 2015-10-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-23] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [wizvera-veraport] => C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe [1413352 2015-12-10] (WIZVERA)
HKLM-x32\...\Run: [AnySign4PC] => C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PC.exe [2382144 2015-12-10] (SOFTFORUM)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-12-19] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-21] (Oracle Corporation)
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Run: [ipTIME_Upgrade_Notification] => C:\Users\user\AppData\Local\ipTIME\ipTIME_Upgrade_Notification\ipTIME_Upgrade_Notification.exe [1133296 2016-02-07] (EFM Networks)
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-23] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{2329FCF1-CEA7-43B7-B585-E4E5E1740705}: [DhcpNameServer] 210.220.163.82 219.250.36.130

Internet Explorer:
==================
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://naver.com/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-23] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-23] (AVAST Software)
BHO-x32: Triangle Trail -> {aeef4389-6327-45e5-9552-021c0f5aef2d} -> C:\Program Files (x86)\Triangle Trail\Extensions\aeef4389-6327-45e5-9552-021c0f5aef2d.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000 -> is enabled.
DPF: HKLM-x32 {063F7D71-5E0B-48F2-87D5-F63C5917947E} hxxps://secwebclinic.ahnlab.com/aos/plugin/aosmgr.cab
DPF: HKLM-x32 {1c0ac0ca-0ffa-5798-98eb-b4c11f0bc8f9} ${CAB_URL}
DPF: HKLM-x32 {1CBDCD5A-18EE-4CCA-9AEA-93D5D27E310B} hxxps://supdate.nprotect.net/nprotect2007/keycrypt/choiyh/140521/npkfxx_14042901.cab
DPF: HKLM-x32 {406FDD84-AA88-4BE6-AEF3-5BD7D6499985} hxxp://safer.skbroadband.com/WRoicX/rioInstallX.cab
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Program Files (x86)\INCAInternet\nProtect Online Security\raon\TouchEnKey_Installer_32bit.exe
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E42F7FEB-DE20-43F4-A342-47F1DA77F667} hxxps://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.3.cab
DPF: HKLM-x32 {FA550500-1012-4D36-BB9E-E9B02B88FE99} hxxp://yebigun1.mil.kr/MAWS_MMASJ/bin/MAOnFPS_MMASJ.cab
Handler-x32: crosswebex - {d03424de-4f7e-11e5-a44a-005056c00008} - C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.752\CrossEXProtocol.dll [2015-08-31] (iniLINE Co., Ltd.)
Handler-x32: touchenex - {74f917de-707e-11e5-80c3-005056c00008} - C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.774\CrossEXProtocol.dll [2015-10-12] (iniLINE Co., Ltd.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: innorix.com/InnoGMP -> C:\Program Files\INNORIX\npinnogmp7.dll [2015-02-11] (INNORIX)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_584\npaosmgr.dll [2016-03-21] (AhnLab, Inc.)
FF Plugin-x32: @clipsoft.com/rexpert30 -> C:\Program Files (x86)\clipsoft\rexpert30\bin\viewer\nprexpert3.0.plugin.dll [2015-07-31] ( )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @initech.com/moasign_s -> C:\Program Files (x86)\INITECH\INISAFE MoaSignS\npMoasignMime.dll [2015-12-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @markany.com/npMAOnFPS_MultiBrowser2 -> C:\Users\user\AppData\Local\MarkAny\npMAOnFPS_MultiBrowser2.dll [2012-12-31] (MarkAny)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-28] (NVIDIA Corporation)
FF Plugin-x32: @softforum.com/npKeyPro -> C:\windows\system32\npKeyPro.dll [No File]
FF Plugin-x32: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2015-10-25] (Softforum Co., LTD.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2015-12-10] ()
FF Plugin-x32: crosswebex@iniline.com/npCrossEXPlugin -> C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.752\npinilinecrosswebex.dll [2015-08-31] (iniLINE Co., Ltd.)
FF Plugin-x32: innorix.com/InnoGMP -> C:\Program Files (x86)\INNORIX\npinnogmp7.dll [2015-02-11] (INNORIX)
FF Plugin-x32: touchenex@raon.com/npCrossEXPlugin -> C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.774\npraontouchenex.dll [2015-10-12] (iniLINE Co., Ltd.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @initech.com/moasign_s -> C:\Program Files (x86)\INITECH\INISAFE MoaSignS\npMoasignMime.dll [2015-12-10] ()
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @initech.com/npSandBox -> C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.10056.dll [2015-05-26] (Initech Co., Ltd.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2015-10-25] (Softforum Co., LTD.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: naver.com/NaverMultiTrackPlugin -> C:\windows\Downloaded Program Files\npNaverMultiTrackPlugin.dll [2016-01-08] (NAVER)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-10-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-23]
FF HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Firefox\Extensions: [npSandBox@initech.com] - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi
FF Extension: INISAFE SandBox - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi [2015-05-26] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "chrome://newtab/","hxxps://www.google.co.kr/search?q=chrome+%ED%99%88%ED%8E%98%EC%9D%B4%EC%A7%80+%EC%84%A4%EC%A0%95&aq=0&oq=chrome+%ED%99%88&aqs=chrome.3.57j60l2j0.5137j0&sourceid=chrome&ie=UTF-8","hxxp://support.google.com/chrome/bin/answer.py?hl=ko&answer=95314","hxxp://support.google.com/chrome/bin/answer.py?hl=ko&answer=95421"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google 슬라이드) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-22]
CHR Extension: (Google 문서도구) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-22]
CHR Extension: (Google 드라이브) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google 시트) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-22]
CHR Extension: (Google 문서 오프라인) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Kiwi IRC) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\malkpgopfalejggcogglkiemcknbiphe [2015-10-22]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2015-12-14]
CHR Extension: (Chrome 웹 스토어 결제) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-23]
 
==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnySign4PC Launcher; C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe [2300224 2015-12-10] (SOFTFORUM)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-23] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5799552 2016-04-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-04-08] (COMODO)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249320 2015-12-19] (DTS, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-12-28] (NVIDIA Corporation)
R2 Image Protection; C:\windows\ImageSAFERSvc.exe [237568 2016-02-17] (MarkAny) [File not signed]
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 Innosvc7; C:\Program Files (x86)\INNORIX\common\innosvc7.exe [197720 2016-01-13] (INNORIX)
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2010-06-16] () [File not signed]
S3 MyFw40Service; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe [676832 2015-06-25] (AhnLab, Inc.)
R2 Naver Updater; C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe [263136 2016-03-11] (NAVER Corp.)
R2 nossvc; C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [1673032 2016-04-07] (INCA Internet Co., Ltd.)
S2 npkfxsvc; C:\windows\SysWow64\npkfxsvc.exe [197224 2016-02-12] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-12-28] (NVIDIA Corporation)
R2 SafeTransactionSVC; C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe [738784 2015-11-13] (AhnLab, Inc.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-12-21] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TUCtlSystem; C:\windows\SysWOW64\TUCTLSystem.exe [376384 2016-01-18] (Teruten)
R2 VPWalletService; C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe [371232 2015-11-15] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WizveraPMSvc; C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe [3068768 2015-12-10] (WIZVERA)
R2 WooriBankSecLogGather; C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe [1332736 2015-12-10] (우리은행) [File not signed]
S2 KOS_Service; C:\Kings\KOS\KOSSvc.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AhnFlt2K; C:\windows\system32\drivers\AhnFlt2K.sys [84048 2015-09-03] (AhnLab, Inc.)
S3 AhnRec2K; C:\windows\system32\drivers\AhnRec2K.sys [36280 2015-09-03] (AhnLab, Inc.)
R3 AhnRghNt; C:\windows\system32\drivers\AhnRghNt.sys [68448 2015-11-02] (AhnLab, Inc.)
R1 AMonTDLH; C:\windows\system32\Drivers\AMonTDLH.sys [155272 2015-09-03] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys [52920 2015-10-27] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASDF; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys [191032 2015-10-27] (AhnLab, Inc.)
R3 AntiStealth_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\AHAWKENT.sys [52920 2015-11-02] (AhnLab, Inc.)
R3 AntiStealth_SafeTransactionF; C:\Program Files\AhnLab\Safe Transaction\TfFRegNt.sys [191032 2015-11-02] (AhnLab, Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49560 2012-09-18] (Asmedia Technology)
S3 ascrts_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\asc\ascrts.sys [3907456 2016-03-30] (AhnLab, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-23] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-23] (AVAST Software)
S3 ATamptNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\atamptnt.sys [325168 2015-10-27] (AhnLab, Inc.)
R3 ATamptNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\AtamptNt.sys [325168 2015-10-06] (AhnLab, Inc.)
R3 Cdm2DrNt; C:\windows\system32\Drivers\Cdm2DrNt.sys [98216 2014-09-17] (AhnLab, Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-04-06] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [823848 2016-04-06] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56464 2016-04-06] (COMODO)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-30] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 HSBDrv64; C:\Windows\System32\drivers\HSBDrv64.sys [130800 2015-10-30] (AhnLab, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-03-13] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-04-06] (COMODO)
R3 ISMgr; C:\windows\system32\ImageSAFERDrv64.sys [11256 2009-11-26] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R3 JRSUKD25; C:\windows\system32\JRSUKD25.SYS [20560 2015-10-25] (RaonSecure Co., Ltd.)
S3 kck64; C:\windows\system32\kck64.sys [101152 2016-04-23] (Kings Information & Network)
S3 MeDCoreD_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\MeDCoreD.sys [979632 2016-04-08] (AhnLab, Inc.)
S3 MeDVpDrv_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\MeDVpDrv.sys [555184 2016-04-08] (AhnLab, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [108384 2016-03-10] (AhnLab, Inc.)
R3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [148344 2016-03-10] (AhnLab, Inc.)
R3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [207160 2016-03-10] (AhnLab, Inc.)
R3 noskp; C:\windows\syswow64\noskp64.sys [38472 2016-04-06] (INCA Internet Co.,Ltd.)
R3 nosku; C:\windows\syswow64\nosku64.sys [47296 2016-04-06] (INCA Internet Co.,Ltd.)
S3 NPF; C:\Windows\System32\drivers\efm-npf.sys [47632 2010-03-30] (CACE Technologies, Inc.)
S3 npkfxs; c:\windows\syswow64\npkfxs.sys [23752 2016-02-12] (INCA Internet Co.,Ltd.)
S3 npkfxu; c:\windows\syswow64\npkfxu.sys [26824 2016-02-12] (INCA Internet Co.,Ltd.)
R3 np_ck64s; C:\windows\syswow64\np_ck64s.sys [75680 2014-08-13] (INCA Internet Co.,Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-10-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-12-28] (NVIDIA Corporation)
S3 ProDefense; C:\windows\system32\drivers\ProDefense.sys [18176 2015-10-29] (Bluegem Security)
R3 TKCtrl; C:\windows\system32\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKCtrl; C:\windows\SysWOW64\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\windows\system32\TKFsAv64.sys [179336 2015-08-13] (INCA Internet Co., Ltd.)
R3 TKFsFtM; C:\windows\system32\TKFsFt64.sys [28824 2014-07-07] (INCA Internet Co., Ltd.)
R3 TKPcFt; C:\windows\system32\TKPcFtCb64.sys [39280 2015-08-07] (INCA Internet Co., Ltd.)
R3 TKRgAc; C:\windows\system32\TKRgAc2k64.sys [96584 2013-09-09] (INCA Internet Co., Ltd.)
R3 TKRgFt; C:\windows\system32\TKRgFtXp64.sys [51464 2013-11-18] (INCA Internet Co., Ltd.)
S3 TNFwNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys [162752 2015-08-21] (AhnLab, Inc.)
S3 TNFwNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TNFwNt.sys [163536 2015-09-03] (AhnLab, Inc.)
S3 TNNipsNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys [202544 2015-08-21] (AhnLab, Inc.)
S3 TNNipsNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TNNipsNt.sys [203544 2015-09-03] (AhnLab, Inc.)
S3 TSFLTDRV_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TSFltDrv.sys [302160 2015-11-19] (AhnLab, Inc.)
S3 JRSKD24; \??\C:\windows\system32\JRSKD24.SYS [X]
S3 ProMDefense; \??\C:\Windows\SysWOW64\drivers\ProMDefense.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 x64kdss; syswow64\Drivers\x64kdss.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 19:42 - 2016-04-24 19:43 - 00030144 _____ C:\Users\user\Desktop\FRST.txt
2016-04-24 19:41 - 2016-04-24 19:42 - 00000000 ____D C:\FRST
2016-04-24 19:40 - 2016-04-24 19:41 - 02375680 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-04-23 18:48 - 2016-04-23 18:48 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-04-23 18:48 - 2016-04-23 18:48 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-04-23 08:45 - 2016-04-23 08:45 - 00164360 ____R (RaonSecure Co., Ltd.) C:\windows\SysWOW64\CKAgent.exe
2016-04-23 08:45 - 2016-04-23 08:45 - 00164360 ____R (RaonSecure Co., Ltd.) C:\windows\system32\CKAgent.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 25817600 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 13811712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 02892800 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-04-13 16:52 - 2016-04-13 16:52 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-04-13 16:52 - 2016-04-13 16:52 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 01169408 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00698368 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00394952 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00038120 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-04-13 16:52 - 2016-03-31 09:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-04-13 16:52 - 2016-03-31 09:27 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-04-13 16:52 - 2016-03-31 09:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-04-13 16:52 - 2016-03-31 08:52 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-04-13 16:52 - 2016-03-30 02:53 - 03216896 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-04-13 16:52 - 2016-03-18 08:04 - 05551336 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-04-13 16:52 - 2016-03-18 08:04 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-04-13 16:52 - 2016-03-18 08:04 - 00154344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-04-13 16:52 - 2016-03-18 08:04 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-04-13 16:52 - 2016-03-18 08:01 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-04-13 16:52 - 2016-03-18 08:01 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-04-13 16:52 - 2016-03-18 07:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-04-13 16:52 - 2016-03-18 07:57 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-04-13 16:52 - 2016-03-18 07:57 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-04-13 16:52 - 2016-03-18 07:57 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-04-13 16:52 - 2016-03-18 07:57 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-04-13 16:52 - 2016-03-18 07:57 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-04-13 16:52 - 2016-03-18 07:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-04-13 16:52 - 2016-03-18 07:56 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-04-13 16:52 - 2016-03-18 07:54 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-04-13 16:52 - 2016-03-18 07:54 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-04-13 16:52 - 2016-03-18 07:53 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-04-13 16:52 - 2016-03-18 07:53 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-04-13 16:52 - 2016-03-18 07:53 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-04-13 16:52 - 2016-03-18 07:53 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-04-13 16:52 - 2016-03-18 07:36 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-04-13 16:52 - 2016-03-18 07:36 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-04-13 16:52 - 2016-03-18 07:33 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-04-13 16:52 - 2016-03-18 07:31 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-04-13 16:52 - 2016-03-18 07:31 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-04-13 16:52 - 2016-03-18 07:31 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-04-13 16:52 - 2016-03-18 07:31 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-04-13 16:52 - 2016-03-18 07:30 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-04-13 16:52 - 2016-03-18 07:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-04-13 16:52 - 2016-03-18 07:30 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-04-13 16:52 - 2016-03-18 07:29 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-04-13 16:52 - 2016-03-18 07:29 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-04-13 16:52 - 2016-03-18 07:29 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-04-13 16:52 - 2016-03-18 07:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-04-13 16:52 - 2016-03-18 07:27 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-04-13 16:52 - 2016-03-18 07:27 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-04-13 16:52 - 2016-03-18 07:26 - 00553984 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-04-13 16:52 - 2016-03-18 07:25 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-04-13 16:52 - 2016-03-18 07:24 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-04-13 16:52 - 2016-03-18 07:24 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-04-13 16:52 - 2016-03-18 07:24 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-04-13 16:52 - 2016-03-18 06:53 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-04-13 16:52 - 2016-03-18 06:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-04-13 16:52 - 2016-03-18 06:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-04-13 16:52 - 2016-03-18 06:51 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-04-13 16:52 - 2016-03-18 06:44 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-04-13 16:52 - 2016-03-18 06:43 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-04-13 16:52 - 2016-03-18 06:38 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-04-13 16:52 - 2016-03-18 06:37 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-04-13 16:52 - 2016-03-18 06:37 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-04-13 16:52 - 2016-03-18 06:35 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-04-13 16:52 - 2016-03-18 06:35 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-04-13 16:52 - 2016-03-18 06:30 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-04-13 16:52 - 2016-03-18 06:29 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-04-13 16:52 - 2016-03-17 03:50 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-04-13 16:52 - 2016-03-17 03:28 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-04-13 16:52 - 2016-03-17 03:28 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-04-13 16:52 - 2016-03-07 03:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-04-13 16:52 - 2016-03-07 03:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-04-13 16:52 - 2016-03-07 03:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-04-13 16:52 - 2016-03-07 03:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-04-13 16:52 - 2016-02-03 03:57 - 00511488 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-04-13 16:52 - 2016-01-21 09:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-04-07 10:53 - 2016-04-07 10:53 - 00000000 ____D C:\Users\user\AppData\Local\GWX
 
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 19:18 - 2015-10-22 17:01 - 00000684 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-24 19:03 - 2015-10-22 15:43 - 00000622 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-24 18:27 - 2009-07-14 13:45 - 00016864 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-24 18:27 - 2009-07-14 13:45 - 00016864 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-24 12:18 - 2015-10-22 17:01 - 00000680 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-24 10:34 - 2010-11-22 02:21 - 00473458 _____ C:\windows\system32\perfh012.dat
2016-04-24 10:34 - 2010-11-22 02:21 - 00174156 _____ C:\windows\system32\perfc012.dat
2016-04-24 10:34 - 2009-07-14 14:13 - 01424304 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-24 10:34 - 2009-07-14 12:20 - 00000000 ____D C:\windows\inf
2016-04-24 10:27 - 2015-10-22 15:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-24 10:27 - 2009-07-14 14:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-23 18:49 - 2016-03-23 18:31 - 00003040 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1458725500
2016-04-23 18:48 - 2016-03-23 18:31 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00465792 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00287528 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00166432 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-04-23 08:45 - 2015-10-25 23:06 - 00101152 _____ (Kings Information & Network) C:\windows\system32\kck64.sys
2016-04-22 13:41 - 2015-10-25 23:06 - 00001451 _____ C:\windows\system32\Drivers\etc\hosts_tmp
2016-04-21 11:50 - 2016-01-20 14:24 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-21 11:50 - 2015-10-24 11:48 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2016-04-21 11:50 - 2015-10-24 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-21 11:50 - 2015-10-24 11:48 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-17 17:49 - 2009-07-14 14:08 - 00032602 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-04-15 09:53 - 2010-11-21 12:27 - 00453280 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-14 16:55 - 2009-07-14 12:20 - 00000000 ____D C:\windows\rescache
2016-04-14 10:54 - 2013-07-29 09:58 - 00000000 ____D C:\Users\user\Desktop\PassThrought
2016-04-13 22:49 - 2015-10-22 22:50 - 00000000 ____D C:\windows\system32\appraiser
2016-04-13 22:49 - 2009-07-14 13:45 - 05284200 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-13 19:47 - 2015-10-22 22:45 - 00000000 ____D C:\windows\system32\MRT
2016-04-13 19:43 - 2015-10-22 22:45 - 135176864 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-04-12 16:05 - 2015-10-22 17:38 - 00000000 ____D C:\Program Files\Honeyview
2016-04-12 11:19 - 2015-10-22 17:02 - 00002169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2016-04-12 11:19 - 2015-10-22 17:02 - 00002157 _____ C:\Users\Public\Desktop\Chrome.lnk
2016-04-12 10:51 - 2009-07-14 14:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-04-11 21:25 - 2016-01-18 22:52 - 00001253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\네이버 미디어 플레이어.lnk
2016-04-11 21:25 - 2016-01-18 22:52 - 00001247 _____ C:\Users\Public\Desktop\네이버 미디어 플레이어.lnk
2016-04-11 21:25 - 2015-10-23 11:08 - 00000000 ____D C:\Users\user\AppData\Roaming\AIMP3
2016-04-11 21:16 - 2009-07-14 13:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-11 12:51 - 2015-10-25 12:48 - 00000600 _____ C:\Users\user\PUTTY.RND
2016-04-08 15:03 - 2015-10-22 15:43 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 15:03 - 2015-10-22 15:43 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 15:03 - 2015-10-22 15:43 - 00003560 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-04-08 11:48 - 2016-03-23 09:09 - 00003800 _____ C:\windows\system32\Drivers\fvstore.dat
2016-04-08 11:17 - 2015-10-24 10:34 - 00001947 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2016-04-07 10:57 - 2015-11-14 19:16 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-04-07 10:57 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\NDF
2016-04-06 21:19 - 2015-08-05 01:31 - 00116248 _____ (COMODO) C:\windows\system32\Drivers\inspect.sys
2016-04-06 21:19 - 2015-08-05 01:31 - 00056464 _____ (COMODO) C:\windows\system32\Drivers\cmdhlp.sys
2016-04-06 21:18 - 2015-08-05 01:31 - 00823848 _____ (COMODO) C:\windows\system32\Drivers\cmdguard.sys
2016-04-06 21:18 - 2015-08-05 01:31 - 00031648 _____ (COMODO) C:\windows\system32\Drivers\cmderd.sys
2016-04-06 21:17 - 2015-08-05 01:29 - 00051800 _____ (COMODO) C:\windows\system32\cmdcsr.dll
2016-04-06 21:16 - 2015-09-03 12:52 - 00596232 _____ (COMODO) C:\windows\system32\guard64.dll
2016-04-06 21:16 - 2015-09-03 12:52 - 00461648 _____ (COMODO) C:\windows\SysWOW64\guard32.dll
2016-04-06 21:14 - 2015-08-05 01:28 - 00365752 _____ (COMODO) C:\windows\system32\cmdvrt64.dll
2016-04-06 21:14 - 2015-08-05 01:28 - 00051896 _____ (COMODO) C:\windows\system32\cmdkbd64.dll
2016-04-06 21:12 - 2015-08-05 01:27 - 00296120 _____ (COMODO) C:\windows\SysWOW64\cmdvrt32.dll
2016-04-06 21:11 - 2015-08-05 01:26 - 00046776 _____ (COMODO) C:\windows\SysWOW64\cmdkbd32.dll
2016-04-06 09:53 - 2015-09-25 14:41 - 00038472 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\noskp64.sys
2016-04-06 09:53 - 2015-09-25 14:40 - 00034056 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\noskp.sys
2016-04-06 09:53 - 2015-09-14 20:03 - 00047296 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\nosku64.sys
2016-04-06 09:53 - 2015-09-14 20:03 - 00045832 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\nosku.sys
2016-04-06 09:53 - 2015-08-13 18:05 - 00049128 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\noska.sys
2016-03-30 15:25 - 2015-10-25 23:07 - 03816056 _____ (AhnLab, Inc.) C:\windows\system32\btscan.exe
2016-03-28 23:16 - 2015-10-22 22:50 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-03-28 23:16 - 2015-10-22 22:50 - 00000000 ___SD C:\windows\system32\GWX
2016-03-28 14:52 - 2015-10-22 17:37 - 00000000 ____D C:\Program Files\Bandizip
2016-03-28 14:28 - 2015-10-24 11:48 - 00000000 ____D C:\ProgramData\Oracle

==================== Files in the root of some directories =======

2015-11-05 15:28 - 2016-02-03 16:42 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-02-08 18:13 - 2016-02-08 18:13 - 0001298 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-10-22 15:40 - 2015-10-22 15:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\BANDIZIP-SETUP-KR.EXE
C:\Users\user\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\user\AppData\Local\Temp\HONEYVIEW-SETUP-KR.EXE
C:\Users\user\AppData\Local\Temp\inicore_v2.3.16.dll
C:\Users\user\AppData\Local\Temp\inicore_v2.3.51.dll
C:\Users\user\AppData\Local\Temp\inicrypto_v5.1.9.dll
C:\Users\user\AppData\Local\Temp\inicrypto_v5.1.dll
C:\Users\user\AppData\Local\Temp\inipki_v5.1.19.dll
C:\Users\user\AppData\Local\Temp\inipki_v5.1.42.dll
C:\Users\user\AppData\Local\Temp\ipTIME_Upgrade_Noti_Setup_1.14.exe
C:\Users\user\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\user\AppData\Local\Temp\NaverAdminAPISetup.exe
C:\Users\user\AppData\Local\Temp\nvStInst.exe
C:\Users\user\AppData\Local\Temp\unins000.exe
C:\Users\user\AppData\Local\Temp\x1.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe
[2015-10-22 20:59] - [2015-12-09 19:53] - 0389632 ____A (Microsoft Corporation) 87A00ED70FEC36D0DD968E5058C29AA1

C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll
[2015-12-09 17:23] - [2010-08-06 13:52] - 1008640 ____A (Microsoft Corporation) F78E7BD7ADC829D9DD92C558180E09DB

C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 16:15

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by user (2016-04-24 19:43:09)
Running from C:\Users\user\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-10-22 06:35:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2207781790-2766300111-2274446720-500 - Administrator - Disabled)
Guest (S-1-5-21-2207781790-2766300111-2274446720-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2207781790-2766300111-2274446720-1002 - Limited - Enabled)
user (S-1-5-21-2207781790-2766300111-2274446720-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DP Chip v16.01 (HKLM-x32\...\3DP Chip) (Version: v16.01 - 3DP)
Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6597 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader 9 - Korean (HKLM-x32\...\{AC76BA86-7AD7-1042-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Agarest - Generations of War 2 (HKLM-x32\...\1438083997_is1) (Version: 2.0.0.1 - GOG.com)
AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version: - AhnLab, Inc)
AhnLab Safe Transaction (HKLM\...\{19DD1D8D-927F-45DF-ADF4-75D38267848D}) (Version: 1.3.4.393 - AhnLab, Inc.)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)
AnySign4PC 1.1.0.4 (HKLM-x32\...\AnySign4PC) (Version: 1.1.0.4 - SoftForum Co., Ltd.)
ArtMoney SE v7.44.1 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.44 - System SoftLab)
Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)
Autodesk DirectConnect 2013 64-bit (HKLM\...\Autodesk DirectConnect 2013 64-bit) (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit) (Version: - Autodesk)
Autodesk MatchMover 2013 64-bit (HKLM\...\{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}) (Version: 14.00.0000 - Autodesk)
Autodesk Maya 2013 64-bit (HKLM\...\Autodesk Maya 2013 64-bit) (Version: 15.0.0.0 - Autodesk)
Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2261 - AVAST Software)
Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Combined Community Codec Pack 2015-10-18 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2015.10.19.0 - CCCP Project)
COMODO Firewall (HKLM\...\{38F898C8-272F-455F-9BD6-71FEBA3E4AF5}) (Version: 8.2.0.4703 - COMODO Security Solutions Inc.)
Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk)
eISP 1.0 (HKLM-x32\...\eISP) (Version: 1.0 - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
headus UVLayout v2 Professional (HKLM-x32\...\{A1086DA0-903E-4DEA-A83F-6317923CC63D}) (Version: 2.08.00 - headus)
INISAFE MoaSign S v1.0 (HKLM-x32\...\INISAFE MoaSign S) (Version: 1.0.43 - INITECH, Inc.)
INISAFE SandBox 1.0 (HKLM-x32\...\INISAFE SandBox) (Version: 1.0 - Initech, Inc.)
INISAFE Web EX Client (HKLM-x32\...\UnINISafeWebEX) (Version: 1.0.0.1 - Initech, Inc.)
Innorix File Transfer Solution(G) (HKLM-x32\...\Innorix File Transfer Solution(G)) (Version: 7.2.0.579 - INNORIX)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.8 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
IPinside Non-p Agent (HKLM-x32\...\IPinside Non-p Agent) (Version: 2.0.0.2 - interezen)
ipTIME Wizard (HKLM-x32\...\ipTIMEHelper) (Version: - )
ipTIME 업그레이드 알리미 (HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\ipTIME_Upgrade_Notification) (Version: - )
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
KOS - Kings Online Security (HKLM-x32\...\KOS) (Version: 1.0.0.3 - Kings Information & Network Co., Ltd.)
LOOT version 0.8.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.1 - LOOT Team)
MAWS_MMASJ - 증명서 발급 시스템 (HKLM-x32\...\MAWS_MMASJ - 증명서 발급 시스템) (Version: v2.5 - MarkAny Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2(한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime(x64) 언어 팩 - 한국어 (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - KOR) (Version: 10.0.50903 - Microsoft Corporation)
MPEG2코덱(libmpeg2/mad) (HKLM-x32\...\MPEG2코덱(libmpeg2/mad)) (Version: - )
nProtect KeyCrypt V6.0 (HKLM-x32\...\npkfx) (Version: 6.0 - INCA Internet Co., Ltd.)
nProtect Online Security V1.0(PFS) (HKLM-x32\...\nProtect Online Security V1.0(PFS)) (Version: 2015.10.08.1 - INCA Internet Co., Ltd.)
NTSMagicLineMBX (HKLM-x32\...\NTSMagicLineMBX) (Version: 1.0.10.12 - Dreamsecurity Inc.)
Nuke 6.2v1 (HKLM\...\Nuke 6.2v1_is1) (Version: - The Foundry)
NVIDIA 3D Vision 드라이버 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA 3D Vision 컨트롤러 드라이버 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA HD 오디오 드라이버 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX 시스템 소프트웨어 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA 그래픽 드라이버 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Python 2.7 comtypes-0.6.2 (HKLM-x32\...\comtypes-py2.7) (Version: - )
Python 2.7 pywin32-218 (HKLM-x32\...\pywin32-py2.7) (Version: - )
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
qBittorrent 2.4.11 (HKLM-x32\...\{73262004-8473-4672-8558-0AA4277E0287}_is1) (Version: 2.4.11 - qBittorrent)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.)
Rexpert30 Viewer 1,0,0,404 (HKLM-x32\...\Rexpert30 Viewer) (Version: 1,0,0,404 - ClipSoft)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.) Hidden
The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version: - Bethesda Softworks)
TouchEn key with E2E for 32bit (HKLM-x32\...\TouchEn_key) (Version: - RaonSecure Co., Ltd.)
TouchEn nxKey with E2E for 32bit (HKLM-x32\...\TouchEn nxKey) (Version: 1.0.0.28 - RaonSecure Co., Ltd.)
Triangle Trail (HKLM-x32\...\Triangle Trail) (Version: 2.0.5821.38533 - Triangle Trail) <==== ATTENTION
UltraISO Premium V9.32 (HKLM-x32\...\UltraISO_is1) (Version: - )
VapshionCut (HKLM-x32\...\VapshionCut) (Version: 1.0 - UNKNOWN)
VapshionCut (x32 Version: 1.0 - UNKNOWN) Hidden
Veraport(보안모듈 관리 프로그램) G3 - 3,0,3,6 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 3,0,3,6 - Wizvera)
WinRAR 압축기 (HKLM\...\WinRAR archiver) (Version: - )
WIZVERA Process Manager 1,0,1,5 (HKLM-x32\...\{8941A397-4065-4F41-92CE-0EB610846EED}_is1) (Version: 1,0,1,5 - WIZVERA)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM-x32\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
XecureWeb UnifiedPlugin (HKLM-x32\...\XecureWeb UnifiedPlugin) (Version: 1.0.6.12 - SoftForum Co., Ltd.)
꿀뷰 (HKLM\...\Honeyview) (Version: 5.17 - 반디소프트)
네이버 미디어 플레이어 (HKLM-x32\...\NaverMediaPlayer) (Version: 1.6.1.0 - NAVER Corp. )
네이버 업데이터 (HKLM-x32\...\NaverUpdater) (Version: 1.0.2.30 - NAVER Corp.)
반디집 (HKLM\...\Bandizip) (Version: 5.13 - 반디소프트)
우리은행 보안 로그 수집기 (HKLM-x32\...\우리은행 보안 로그 수집기 ) (Version: 1.0.1 - 우리은행)
한컴오피스 한글 2010 (HKLM-x32\...\Haansoft HWord 80 Korean) (Version: 8.0.1 - Hancom)
한컴오피스 한글 2010 (x32 Version: 8.0.1 - hancom) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com)
 
==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {049A94BC-E191-4CED-B2D8-D59DAA06EF71} - System32\Tasks\SafeZone scheduled Autoupdate 1458725500 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {240C3D08-7A50-41CB-ACF4-82F0E76826F7} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-08] (COMODO)
Task: {2F626FFB-2902-493F-8C11-3389040E76B3} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-08] (COMODO)
Task: {4ABBFE72-C8DF-44D0-99B9-43A96D02742A} - System32\Tasks\{4EBD9C8C-51F9-459D-B1AE-A76C4C7FD97B} => pcalua.exe -a "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1IFHWKH\jre-8u65-windows-i586.exe" -d C:\Users\user\Desktop
Task: {576A3CF9-DD44-4D1B-B815-AC8FFEACC3E7} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {61B36435-EF31-4067-BD5E-6FD3A33B3268} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-22] (Google Inc)
Task: {8F54D7C8-B9E8-4735-AECE-6D9EDAE3BFB0} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-08] (COMODO)
Task: {9B923B4A-1344-41A4-8095-3D28E90E2C30} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {9C10B691-12E2-4F87-A569-88332CEB11D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-22] (Google Inc)
Task: {CBDCE6E2-BBD3-4EE3-AF76-CE1173AFC404} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-23] (AVAST Software)
Task: {E57732F1-3DEC-43AE-87CD-42565596ABC0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-28 11:19 - 2015-10-03 11:49 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-10-22 15:40 - 2013-05-07 16:45 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-11-15 12:49 - 2015-11-15 12:49 - 00371232 _____ () C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
2016-04-23 18:48 - 2016-04-23 18:48 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-23 18:48 - 2016-04-23 18:48 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-23 18:37 - 2016-04-23 18:37 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16042300\algo.dll
2016-04-24 10:27 - 2016-04-24 10:27 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16042301\algo.dll
2016-04-23 18:48 - 2016-04-23 18:48 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-11-26 13:30 - 2015-11-26 13:30 - 00121152 _____ () C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\xwm_smartcard.dll
2015-08-25 18:38 - 2015-08-25 18:38 - 00014336 _____ () C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\KEBSFSC_WR.dll
2015-08-25 18:39 - 2015-08-25 18:39 - 00143360 _____ () C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\NSLDAP32V50.dll
2015-12-28 11:19 - 2015-10-03 14:06 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-22 15:40 - 2016-04-24 10:27 - 00036496 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-10-22 15:40 - 2013-05-07 16:45 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2011-01-17 19:56 - 2011-01-17 19:56 - 11158480 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2015-12-10 16:17 - 2015-12-10 16:17 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-26 13:30 - 2015-11-26 13:30 - 00121152 _____ () C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\xwm_smartcard.dll
2015-08-25 18:38 - 2015-08-25 18:38 - 00014336 _____ () C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\KEBSFSC_WR.dll
2015-08-25 18:39 - 2015-08-25 18:39 - 00143360 _____ () C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\NSLDAP32V50.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\avastSS.scr:$CmdTcID [43]
AlternateDataStreams: C:\windows\explorer.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\ImageSAFERSvc.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\INISandBoxMonitor.10034.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\INISandBoxMonitor.10035.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\uninstallkdf8.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\acmigration.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\AcpiServiceVnA64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\adtschema.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\aeinv.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\aepic.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\AERTAC64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\AERTAR64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\apisetschema.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\appraiser.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\atmlib.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\audioLibVc.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\authui.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\catsrvut.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\CKAgent.dat:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\CKAgent.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\CKAgentNXE.dat:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\CKAgentNXE.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\COLORCNV.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\CompatTelRunner.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\comsvcs.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\CPFilters.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\CX64APO.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\dciman32.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DDPA64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DDPA64F3.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DDPD64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DDPD64AF3.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DDPO64A.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DDPO64AF3.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DDPP64A.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DDPP64AF3.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\devenum.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\devinv.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DolbyDAX2APOProp.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DolbyDAX2APOv201.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DolbyDAX2APOv211.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\DTSBoostDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSGFXAPO64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSGFXAPONS64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DTSLFXAPO64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DTSLimiterDLL64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DTSU2PGFX64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSU2PLFX64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSU2PREC64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\dxmasf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\dxtmsft.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\dxtrans.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\els.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\EncDec.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\evr.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ExplorerFrame.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\fixmapi.exe:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\FMAPO64.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\fontsub.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\FsExService64.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\fveapi.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\fveapibase.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\gdi32.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\generaltel.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\HiFiDAX2API.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\icaapi.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ICEsoundAPO64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ie4uinit.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ieapfltr.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\iedkcs32.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\ieetwcollector.exe:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\ieetwcollectorres.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ieetwproxystub.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ieframe.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\iernonce.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\iertutil.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\iesetup.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ieui.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ImageSAFERMessage.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ImageSAFERRecovery.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ImageSAFERStart_X64.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\ImageSAFERStart_X86.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\inetcpl.cpl:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\inseng.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\IntelSSTAPO.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\IntelSstCApoPropPage.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\invagent.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\jscript.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\jscript9.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\jscript9diag.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\jsproxy.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\KAAPORT64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ksproxy.ax:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\ksuser.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\lpk.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO20.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO30.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO4064.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO5064.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO6064.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO7064.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\MaxxAudioEQ64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MaxxAudioRealtek64.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\MaxxSpeechAPO64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\MaxxVoiceAPO3064.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxVoiceAPO4064.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\mcmde.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\mf.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\mferror.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\mfplat.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\mfpmp.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\mfps.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\mfvdsp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MFWMAAEC.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MISS_APO.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MP3DMOD.DLL:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\MP43DECD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MP4SDECD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MPG4DECD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MpSigStub.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\msaudite.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\msdxm.ocx:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\msfeeds.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\mshtml.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MshtmlDac.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\mshtmled.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\mshtmlmedia.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\msmpeg2adec.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MSMPEG2ENC.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\msmpeg2vdec.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\msobjs.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\msrating.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\MsRdpWebAccess.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\mstsc.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\mstscax.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\NAHIMICAPOlfx.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\NahimicAPONSControl.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\NAHIMICV2apo.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\nvapi64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvaudcap64v.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvcuda.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvcuvid.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\nvd3dumx.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\nvdispco6435850.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\nvdispco6435891.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\nvdispco6435906.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvdispco6436143.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\nvdispgenco6435850.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvdispgenco6435891.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\nvdispgenco6435906.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvdispgenco6436143.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\nvEncodeAPI64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\NvFBC64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvhdagenco6420103.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvhdap64.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\NvIFR64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\NvIFROpenGL.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvinitx.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvoglshim64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvoglv64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvopencl.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvumdshimx.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvvsvc.exe:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\nvwgf2umx.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\occache.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\OpenCL.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\qasf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\qdvd.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\qedit.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\quartz.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\R4EEA64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\R4EED64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\R4EEG64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\R4EEL64A.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\R4EEP64A.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\RCoInstII64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\rdpendp_winip.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\rdvidcrl.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RESAMPLEDMO.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RltkAPO64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\RP3DAA64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RP3DHT64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\rrinstaller.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RTCOM64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\RtDataProc64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RTEED64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RTEEG64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RTEEL64A.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RTEEP64A.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RtkApi64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\RtkCfg64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RtkCoLDR64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RtlCPAPI64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RtPgEx64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RTSnMg64.cpl:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\samlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\samsrv.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\SEAPO64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\seclogon.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SECOMN64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\SEHDRA64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\SFAPO64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SFCOM64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SFNHK64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SFSS_APO.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\shell32.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\sl3apo64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\slcnt64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\slprp64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\sltech64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\spwmp.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\SRAPO64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SRCOM.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SRCOM64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SRRPTR64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SRSHP64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SRSTSH64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SRSTSX64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\SRSWOW64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\SysFxUI.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\tadefxapo.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tadefxapo264.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tbs.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\tepeqapo64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tosade.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\tosasfapo64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\toseaeapo64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tossaeapo64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\tossaemaxapo64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\tsgqec.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tzres.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\urlmon.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\vbscript.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\VIDRESZR.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\WavesGUILib64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WdfCoInstaller01009.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\webcheck.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\wininet.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\winlogon.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\winver.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\wksprt.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\wksprtPS.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\WMADMOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMADMOE.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMALFXGFXDSP.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\wmp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\wmploc.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\wmpmde.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMSPDMOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMSPDMOE.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\WMVDECOD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\WMVENCOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMVSDECD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMVSENCD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\WMVXENCD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WpdMtp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WpdMtpUS.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\wshrm.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\YamahaAE.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\YamahaAE2.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\adtschema.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\apisetschema.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\atmfd.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\atmlib.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\auditpol.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\authui.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\catsrvut.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\CKAgent.dat:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\CKAgent.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\CKAgentNXE.dat:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\CKAgentNXE.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\CKSetup32.exe:$CmdTcID [46]
AlternateDataStreams: C:\windows\SysWOW64\COLORCNV.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\comsvcs.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\CPFilters.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\dciman32.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\devenum.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\dxmasf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\dxtmsft.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\dxtrans.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\els.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\EncDec.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\evr.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\explorer.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\fixmapi.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\fontsub.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\FsExService64.Exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\gdi32.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\ieapfltr.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\iedkcs32.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ieframe.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\iernonce.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\iertutil.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\iesetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\ieUnatt.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ImageSAFERMessage.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ImageSAFERRecovery.exe:$CmdTcID [46]
AlternateDataStreams: C:\windows\SysWOW64\inetcpl.cpl:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\INICRYPTOSDK.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\inseng.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\instnm.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\jscript.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\jscript9.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\jscript9diag.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\jsproxy.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\kck86.sys:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\kck86s.sys:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\kcu86.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\ksproxy.ax:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\ksuser.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\lpk.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mapi32.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mapistub.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\MASetupCleaner.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\mf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\mferror.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mfplat.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mfpmp.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\mfps.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mfvdsp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\MP43DECD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\msaudite.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\msdxm.ocx:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\msfeeds.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mshtml.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\MshtmlDac.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\mshtmled.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\msobjs.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\msrating.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\mstsc.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\mstscax.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\muzapp.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfx.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxa.sys:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxcv.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxe64.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfxes.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxexp.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxext.ocx:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxjv.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfxmi.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxmp.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxne.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfxpa.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxrsen.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxrskr.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxsdk.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxsvc.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfxtr.exe:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxup.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxupd.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxust.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\npkfxx.ocx:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvapi.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvaudcap32v.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvcompiler.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvcuda.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvcuvid.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvd3dum.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvEncodeAPI.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\NvFBC.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\NvIFR.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvinit.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvISWOW64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\nvoglshim32.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\nvoglv32.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\nvopencl.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvPhotoshopUtil.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\nvStreaming.exe:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\nvumdshim.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvwgf2um.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\occache.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\OpenCL.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\qasf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\qdvd.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\qedit.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\quartz.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\rdpendp_winip.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\SysWOW64\rdvidcrl.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\RltkAPO.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\rrinstaller.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\samlib.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\SCSKLoader.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\SECOMN32.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\setup16.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\SFCOM.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\shell32.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\spwmp.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\SRCOM.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\tbs.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\TDepend.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\TDepend64.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\tknetcfg.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\tknetcfg64.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\tsgqec.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\TUCtlMng.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\TUCTLSystem.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\tzres.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\uninst_MAWS_MMASJ.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\urlmon.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\user.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\vbscript.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\webcheck.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\wininet.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\winver.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\wksprtPS.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOE.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\wmp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\wmploc.DLL:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\wmpmde.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\wow32.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\wshrm.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\XPayExtension.exe:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\Drivers\drmk.sys:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\Drivers\drmkaud.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\iusb3hcs.sys:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\Drivers\iusb3hub.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\iusb3xhc.sys:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\Drivers\nvhda64v.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\nvlddmkm.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\nvvad64v.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\portcls.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\ssudbus.sys:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\Drivers\ssudmdm.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\terminpt.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\tssecsrv.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\TsUsbGD.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\winusb.sys:$CmdTcID [44]
AlternateDataStreams: C:\Program Files\Common Files\System:BSf4lYkfRPryHxt26PTRG4lAJelg [2082]
AlternateDataStreams: C:\ProgramData\Microsoft:0I6ihMVHWEJMwBokIcCb [2130]
AlternateDataStreams: C:\ProgramData\Microsoft:13eAKNOiTRuxOdaLHa4PNTgq [2402]
AlternateDataStreams: C:\ProgramData\Microsoft:7Ui8pQoAlWDkJY1tGX [2052]
AlternateDataStreams: C:\Users\user\Desktop\FRST64.exe:$CmdTcID [45]
AlternateDataStreams: C:\Users\user\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\358.50-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID [43]
AlternateDataStreams: C:\Users\user\Downloads\359.06-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\user\Downloads\359.06-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql (1).exe:$CmdTcID [43]
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1511.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1511.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1601.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1601.exe.vqhlv62.partial:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\AMDA00_(764_14472348)_by3DP.exe:$CmdTcID [43]
AlternateDataStreams: C:\Users\user\Downloads\AMDA00_(764_14472348)_by3DP.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\ipTIME_Wizard_ver_2_60.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\user\Downloads\ipTIME_Wizard_ver_2_60.exe.7slorg6.partial:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\Realtek_HD_(v78_6017647)_by3DP.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Downloads\Realtek_HD_(v78_6017647)_by3DP.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip:$CmdTcID [43]
AlternateDataStreams: C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.53.0.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Downloads\정문석(820623)-2015년도자료.pdf:$CmdTcID [45]
AlternateDataStreams: C:\Users\user\Downloads\정문석(820623)-2015년도자료.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\AppData\Local\Temp:8GAbOwzMl9ir2g2Rd9gDW3esQS [1976]
AlternateDataStreams: C:\Users\user\AppData\Local\Temporary Internet Files:aeGHh1xfWE2Y9FVvwQPB [2130]
AlternateDataStreams: C:\Users\user\Documents\이력서.DOC:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\dacom.net -> dacom.net
IE trusted site: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\lgdacom.net -> lgdacom.net
IE trusted site: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\uplus.co.kr -> uplus.co.kr

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 11:34 - 2015-10-22 19:59 - 00001451 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
127.0.0.1 ereg.wip3.adobe.com

There are 17 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 210.220.163.82 - 219.250.36.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3695B223-12A7-4B09-85EA-C8C4D8586212}] => (Allow) c:\program files\estsoft\alyac\ayupdsrv.aye
FirewallRules: [{E6F8A274-687C-47AB-8110-0F8B14958ED4}] => (Allow) c:\program files\estsoft\alyac\ayupdsrv.aye
FirewallRules: [TCP Query User{AC577563-10D0-40D7-81ED-3C14AA9E1636}C:\users\user\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{E81A7F6C-D3CE-4FD7-B5B7-E650D97B8A7A}C:\users\user\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{34E9F6F1-F843-461A-9A30-97815D96C232}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{39BA916F-9988-41C3-B52F-8193EDF5C26E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{B4C0DEAA-78AD-4404-96C6-71093E9F14B8}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F420F28B-FDC4-46E4-B29F-6F56160994D5}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4877199F-8B28-4DE9-B140-02BBEDDB95B6}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{0644085A-D44D-4F0B-92C4-43140149F047}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{21888B48-7349-406A-9072-7B45094DA55B}] => (Allow) LPort=7935
FirewallRules: [{88DDE670-2CED-42A6-847A-35812EBBE485}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{8F81D7F2-13D9-4120-99E3-9E126FC1AE0B}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{E1806290-9E5D-480E-B2A8-556B6D7CF6A1}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{6B2D349B-3CC2-4849-8EE6-082BFF7DFA83}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{7605097B-5C0F-4B0E-8CB9-307807385699}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{9898047C-7D36-4A8B-A18D-E14E36B85F23}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{17D52D07-475D-4E3C-B7C8-CE11CCE032E1}] => (Allow) C:\Program Files\AhnLab\Safe Transaction\StSess.exe
FirewallRules: [{029F772C-296D-4E4E-AEC4-B33C8C7EE5CD}] => (Allow) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
FirewallRules: [{9DEF9BB8-6E9A-44FA-A3B7-7A485EEBAC0C}] => (Allow) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
FirewallRules: [{69496BC1-DE23-4B48-A6C1-11CAF247D62B}] => (Allow) C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe
FirewallRules: [{81E00E1C-E501-40D2-AFF9-81CBADBCAF9C}] => (Allow) C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe
FirewallRules: [{ABD4FE81-F3D7-4691-A1CE-D537F778A14A}] => (Allow) LPort=52798
FirewallRules: [{C20349A1-5D17-44E2-8158-07F3D18B1EF8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{7F7C9017-7880-4570-B28F-188526129FAD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{7AF0090E-A984-4D12-8FE9-6B3775968BBD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{433CD8FA-DE21-4B40-A4BF-4712DF1A8A44}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B75E2ED4-5FE5-4046-A4D8-E8093C6A9F15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{09EC3A4C-817F-4A54-B2F1-B4CD129E49E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FEB28322-6EDA-450C-BBCB-5AEEF8670355}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{147BC2A8-8898-40A7-BA7D-C2C37052C8A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2EF25F6A-4DA0-4570-919A-8EF8EF22AE14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A1B40AB8-0EE0-4757-B020-B89C926F3331}] => (Allow) C:\Program Files (x86)\INNORIX\common\innogmp7.exe
FirewallRules: [{C317B7C8-1B81-4D0E-B2F4-8B4AEF1B60B4}] => (Allow) C:\Program Files (x86)\INNORIX\common\innogmp7.exe
FirewallRules: [{43CD288C-F439-4BB4-95CC-80CB103C7FD9}] => (Allow) C:\Program Files (x86)\INNORIX\common\innosvc7.exe
FirewallRules: [{37D8CBCA-6414-423B-AD44-7E8FE0D85331}] => (Allow) C:\Program Files (x86)\INNORIX\common\innosvc7.exe
FirewallRules: [{5BA10EFD-B994-45C6-93FB-3A5C98AD384C}] => (Allow) C:\Program Files (x86)\Naver\NaverMediaPlayer\NaverAdminAPI.exe
FirewallRules: [{85EA3F4B-9C54-4D79-A3DA-B558B35B827F}] => (Allow) C:\Program Files (x86)\Naver\NaverMediaPlayer\NaverAdminAPI.exe
FirewallRules: [{0F30AB7F-CEE8-4D04-BD6D-E16F8E8E781B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D1EA9EFD-8EF9-45B4-A4F7-E088511E00BC}] => (Allow) C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe
FirewallRules: [{B8C99998-B9B1-4B5E-9E02-2DE5AD579F92}] => (Allow) C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe

==================== Restore Points =========================

04-04-2016 09:10:14 Windows Update
09-04-2016 11:22:10 Windows Update
13-04-2016 16:50:37 Windows Update
13-04-2016 19:40:45 Windows Update
20-04-2016 11:51:19 Windows Update

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR946x Wireless Network Adapter
Description: Qualcomm Atheros AR946x Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2016 10:27:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2016 06:50:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2016 06:37:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2016 08:44:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2016 10:09:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2016 01:10:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2016 11:17:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2016 09:43:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2016 05:13:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: npkfxsvc.exe, 버전: 2014.4.29.1, 타임스탬프: 0x535f3e5d
오류 있는 모듈 이름: npkfxsvc.exe, 버전: 2014.4.29.1, 타임스탬프: 0x535f3e5d
예외 코드: 0xc0000005
오류 오프셋: 0x00011b41
오류 있는 프로세스 ID: 0x1388
오류 있는 응용 프로그램 시작 시간: 0xnpkfxsvc.exe0
오류 있는 응용 프로그램 경로: npkfxsvc.exe1
오류 있는 모듈 경로: npkfxsvc.exe2
보고서 ID: npkfxsvc.exe3

Error: (04/21/2016 05:13:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/24/2016 06:57:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (04/24/2016 05:57:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (04/24/2016 04:57:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (04/24/2016 03:57:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (04/24/2016 02:57:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (04/24/2016 01:57:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (04/24/2016 12:57:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (04/24/2016 11:57:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (04/24/2016 10:57:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (04/24/2016 10:27:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: 응용 프로그램별로컬시작{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost(LRPC 사용)


CodeIntegrity:
===================================
Date: 2015-12-09 19:40:08.886
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 19:29:17.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 19:28:30.947
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 19:25:40.000
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 19:17:20.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 19:11:48.725
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 18:42:51.624
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 18:21:10.543
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 18:11:52.539
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 18:09:29.690
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 19%
Total physical RAM: 16321.69 MB
Available physical RAM: 13195.59 MB
Total Virtual: 32641.56 MB
Available Virtual: 29886.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.94 GB) (Free:348.5 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:4.7 GB) NTFS
Drive e: () (Fixed) (Total:465.76 GB) (Free:16 GB) NTFS
Drive f: () (Fixed) (Total:465.75 GB) (Free:12.97 GB) NTFS
Drive g: () (Fixed) (Total:298.09 GB) (Free:12.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C67C912F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 7E6A949C)
Partition 1: (Active) - (Size=476.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A644CBDA)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FCC0FCC0)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==========================

redtarget.gif
Uninstall following unwanted program: Triangle Trail.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
I tried to "Uninstall following unwanted program: Triangle Trail"
however, it is not respond to uninstall.

Edit:

Whenever I uninstalled it, there is error and abort uninstall.
Therefore, I go to the safe mod, but it also didn't uninstall the program.

In addition, I don't know what this program is.
 
Last edited:
1] RogueKiller log

R o g u e K I l l e r V 1 2 . 1 . 4 . 0 [ A p r 2 5 2 0 1 6 ] ( F r e e ) b y A d l I c e S o f t w a r e

T?? : h t t p : / / w w w . a d l I c e . c o m / c o n t a c t /

<粱?? : h t t p : / / f o r u m . a d l I c e . c o m

遐Юt퓔? : h t t p : / / w w w . a d l I c e . c o m / s o f t w a r e / r o g u e k I l l e r /

?못? : h t t p : / / w w w . a d l I c e . c o m



늠? 늬? : W I n d o w s 7 ( 6 . 1 . 7 6 0 1 S e r v I c e P a c k 1 ) 6 4 b I t s v e r s I o n

堡뫧 堡? : |?? ㉩幷

Ю㈕먉 : u s e r [ ?퉸?

堡뫧? ?? : C : \ U s e r s \ u s e r \ D e s k t o p \ R o g u e K I l l e r . e x e

㉩幷 : ?? - - 젾潽 : 0 4 / 2 6 / 2 0 1 6 1 8 : 2 1 : 0 3



? ? ? ??정? : 0 ? ? ?



? ? ? 맛쨍乃? : 4 ? ? ?

[ P U M . H o m e P a g e ] ( X 6 4 ) H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 2 0 7 7 8 1 7 9 0 - 2 7 6 6 3 0 0 1 1 1 - 2 2 7 4 4 4 6 7 2 0 - 1 0 0 0 \ S o f t w a r e \ M I c r o s o f t \ I n t e r n e t E x p l o r e r \ M a I n | S t a r t P a g e : h t t p : / / n a v e r . c o m / - > 낫?? ( h t t p : / / g o . m I c r o s o f t . c o m / f w l I n k / p / ? L I n k I d = 2 5 5 1 4 1 )

[ P U M . H o m e P a g e ] ( X 8 6 ) H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 2 0 7 7 8 1 7 9 0 - 2 7 6 6 3 0 0 1 1 1 - 2 2 7 4 4 4 6 7 2 0 - 1 0 0 0 \ S o f t w a r e \ M I c r o s o f t \ I n t e r n e t E x p l o r e r \ M a I n | S t a r t P a g e : h t t p : / / n a v e r . c o m / - > 낫?? ( h t t p : / / g o . m I c r o s o f t . c o m / f w l I n k / p / ? L I n k I d = 2 5 5 1 4 1 )

[ P U M . P o l I c I e s ] ( X 6 4 ) H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ M I c r o s o f t \ W I n d o w s \ C u r r e n t V e r s I o n \ P o l I c I e s \ S y s t e m | C o n s e n t P r o m p t B e h a v I o r A d m I n : 0 - > 낫?? ( 2 )

[ P U M . P o l I c I e s ] ( X 8 6 ) H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ M I c r o s o f t \ W I n d o w s \ C u r r e n t V e r s I o n \ P o l I c I e s \ S y s t e m | C o n s e n t P r o m p t B e h a v I o r A d m I n : 0 - > 낫?? ( 2 )



? ? ? 뫧탤 : 0 ? ? ?



? ? ? ?? : 0 ? ? ?



? ? ? 8聯쨍? ?? : 0 ? ? ?



? ? ? H퇴漏만衲龜? : 0 ( D r I v e r : \?? H?? [ 0 x c 0 0 0 0 3 6 b ] ) ? ? ?



? ? ? 遐 ?럭? ? : 0 ? ? ?



? ? ? M B R €К? : ? ? ?

+ + + + + P h y s I c a l D r I v e 0 : S T 5 0 0 D M 0 0 2 - 1 B D 1 4 2 A T A D e v I c e + + + + +

- - - U s e r - - -

[ M B R ] 2 a 5 3 3 8 4 d b 0 a 8 1 a 9 6 a 0 c 5 e 0 9 6 7 6 6 e 1 8 3 f

[ B S P ] 5 a 9 e 3 5 1 4 5 7 4 6 2 e b d 0 4 6 9 8 4 3 8 e b 1 3 9 3 8 5 : E m p t y | V T . U n k n o w n M B R C o d e

P a r t I t I o n t a b l e :

0 - [ X X X X X X ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 2 0 4 8 | S I z e : 4 7 6 9 3 7 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

U s e r = L L 1 . . . O K

U s e r = L L 2 . . . O K



+ + + + + P h y s I c a l D r I v e 1 : A D A T A S P 9 0 0 A T A D e v I c e + + + + +

- - - U s e r - - -

[ M B R ] 3 e c 6 3 6 9 3 7 7 7 3 d e 4 d 1 9 1 e 2 d d 2 f 5 7 8 c 8 2 1

[ B S P ] 9 4 f 2 a 1 a 3 1 0 1 1 7 3 0 3 d d b d d 4 a b f 9 5 0 a e 7 2 : W I n d o w s V I s t a / 7 / 8 | V T . U n k n o w n M B R C o d e

P a r t I t I o n t a b l e :

0 - [ A C T I V E ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 2 0 4 8 | S I z e : 4 8 8 3 8 4 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

U s e r = L L 1 . . . O K

U s e r = L L 2 . . . O K



+ + + + + P h y s I c a l D r I v e 2 : S T 1 0 0 0 D M 0 0 3 - 1 C H 1 6 2 S C S I D I s k D e v I c e + + + + +

- - - U s e r - - -

[ M B R ] 2 4 9 c f 3 b d 6 a 2 6 e 8 8 d 0 9 3 1 1 d e 9 2 4 e 0 a 9 4 d

[ B S P ] 4 f f 8 4 6 e 5 2 f 1 1 e b b 6 c b c 8 e 6 d 7 0 9 f c 0 d c 6 : W I n d o w s V I s t a / 7 / 8 M B R C o d e

P a r t I t I o n t a b l e :

0 - [ A C T I V E ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 2 0 4 8 | S I z e : 4 7 6 9 3 4 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

1 - [ X X X X X X ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 9 7 6 7 6 2 8 8 0 | S I z e : 4 7 6 9 3 2 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

U s e r = L L 1 . . . O K

U s e r = L L 2 . . . O K



+ + + + + P h y s I c a l D r I v e 3 : S A M S U N G H D 3 2 2 H J S C S I D I s k D e v I c e + + + + +

- - - U s e r - - -

[ M B R ] 4 0 9 6 8 9 5 a e 9 8 3 8 5 3 3 4 7 e e 1 1 e 9 2 3 7 3 7 e c 6

[ B S P ] e 0 4 6 9 f 3 7 e e 1 0 b 2 1 1 5 6 6 c f f 4 b b 3 9 a c e 3 c : W I n d o w s V I s t a / 7 / 8 | V T . U n k n o w n M B R C o d e

P a r t I t I o n t a b l e :

0 - [ X X X X X X ] N T F S ( 0 x 7 ) [ V I S I B L E ] O f f s e t ( s e c t o r s ) : 2 0 4 8 | S I z e : 3 0 5 2 4 3 M B [ W I n d o w s V I s t a / 7 / 8 B o o t s t r a p | W I n d o w s V I s t a / 7 / 8 B o o t l o a d e r ]

U s e r = L L 1 . . . O K

U s e r = L L 2 . . . O K
 
2] MBAM log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-04-26
Scan Time: 오후 6:36
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.26.02
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375937
Time Elapsed: 4 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 36
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{aeef4389-6327-45e5-9552-021c0f5aef2d}, Quarantined, [2e3c7a393960d1659178eed9f70b22de],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{dd22e081-d617-4b49-bf04-d4ed5f4e54f1}, Quarantined, [2e3c7a393960d1659178eed9f70b22de],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{F46515E3-C82D-4243-BAF9-2CA377FF4622}, Quarantined, [2e3c7a393960d1659178eed9f70b22de],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F46515E3-C82D-4243-BAF9-2CA377FF4622}, Quarantined, [2e3c7a393960d1659178eed9f70b22de],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F46515E3-C82D-4243-BAF9-2CA377FF4622}, Quarantined, [2e3c7a393960d1659178eed9f70b22de],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{dd22e081-d617-4b49-bf04-d4ed5f4e54f1}, Quarantined, [2e3c7a393960d1659178eed9f70b22de],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{dd22e081-d617-4b49-bf04-d4ed5f4e54f1}, Quarantined, [2e3c7a393960d1659178eed9f70b22de],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AEEF4389-6327-45E5-9552-021C0F5AEF2D}, Quarantined, [2e3c7a393960d1659178eed9f70b22de],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AEEF4389-6327-45E5-9552-021C0F5AEF2D}, Quarantined, [2e3c7a393960d1659178eed9f70b22de],
PUP.Optional.Yontoo, HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AEEF4389-6327-45E5-9552-021C0F5AEF2D}, Quarantined, [2e3c7a393960d1659178eed9f70b22de],
PUP.Optional.Yontoo, HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AEEF4389-6327-45E5-9552-021C0F5AEF2D}, Quarantined, [2e3c7a393960d1659178eed9f70b22de],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}, Quarantined, [bfab4a69a1f8d26453076b5c1be728d8],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}, Quarantined, [bfab4a69a1f8d26453076b5c1be728d8],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [31391f947920c076de80b215946e35cb],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [31391f947920c076de80b215946e35cb],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Triangle Trail, Quarantined, [165406adfd9c8ea85184399f6998f709],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\TriangleTrail, Quarantined, [5d0d149f44552115f1ce9ba842c14ab6],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.Yontoo, C:\Program Files (x86)\Common Files\dc7f92b9-bbae-4a98-8d52-722397ce851b, Quarantined, [61091a99990032049c4307309c67a45c],
PUP.Optional.Yontoo, C:\Program Files (x86)\Triangle Trail, Quarantined, [492111a2cacf0c2ad8082611fa09ff01],
PUP.Optional.Yontoo, C:\Program Files (x86)\Triangle Trail\Extensions, Quarantined, [492111a2cacf0c2ad8082611fa09ff01],
PUP.Optional.Yontoo, C:\Users\user\AppData\Local\Temp\Triangle Trail, Quarantined, [1f4b3083326764d281606bccfc07f709],

Files: 13
PUP.Optional.Yontoo, C:\Program Files (x86)\Triangle Trail\Uninstaller.exe, Quarantined, [165406adfd9c8ea85184399f6998f709],
PUP.Optional.OpenCandy, C:\Users\user\AppData\Local\Temp\HYD1FF0.tmp.1454917531\HTA\install.1454917531.zip, Quarantined, [b5b57e35f1a82b0b75fe76bd689d7f81],
PUP.Optional.OpenCandy, C:\Users\user\AppData\Local\Temp\HYD8AF2.tmp.1454918148\HTA\install.1454918148.zip, Quarantined, [9dcd5261405955e163106ac97392fe02],
PUP.Optional.OpenCandy, C:\Users\user\AppData\Local\Temp\HYD8AF2.tmp.1454918148\HTA\3rdparty\OCComSDK.dll, Quarantined, [7ceed7dcc1d87bbba0d351e2a85d52ae],
PUP.Optional.OpenCandy, C:\Users\user\AppData\Local\Temp\HYDAAD0.tmp.1454918156\HTA\install.1454918156.zip, Quarantined, [4a20d1e246535adc4a2989aaad58f709],
PUP.Optional.OpenCandy, C:\Users\user\AppData\Local\Temp\HYDAAD0.tmp.1454918156\HTA\3rdparty\OCComSDK.dll, Quarantined, [02680aa9dabfe353f67dcd6629dc01ff],
PUP.Optional.OpenCandy, C:\Users\user\AppData\Local\Temp\HYDB5E7.tmp.1454917766\HTA\install.1454917766.zip, Quarantined, [84e613a0fa9fcc6a91e2c66d7c897789],
PUP.Optional.OpenCandy, C:\Users\user\AppData\Local\Temp\HYDB5E7.tmp.1454917766\HTA\3rdparty\OCComSDK.dll, Quarantined, [6a001c97782184b25f14b18240c55ca4],
PUP.Optional.Yontoo, C:\Users\user\AppData\Local\Temp\~nsu.tmp\Au_.exe, Quarantined, [b9b110a35b3ec175a332cd0bd829a25e],
PUP.Optional.CrossRider, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarantined, [a9c17241643562d4a6baa3ffc53faa56],
PUP.Optional.CrossRider, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Quarantined, [0b5fb8fb08911224e47c851dcb3914ec],
PUP.Optional.Yontoo, C:\Program Files (x86)\Triangle Trail\7za.exe, Quarantined, [492111a2cacf0c2ad8082611fa09ff01],
PUP.Optional.Yontoo, C:\Program Files (x86)\Triangle Trail\Extensions\oblndfpchbjdpapfhdhicaejlkipaanl.crx, Quarantined, [492111a2cacf0c2ad8082611fa09ff01],

Physical Sectors: 0
(No malicious items detected)


(end)
 
3] AdwClearner Log

# AdwCleaner v5.113 - Logfile created 26/04/2016 at 18:51:04
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner_5.113.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\user\AppData\Local\Temp\ASP
[-] Folder Deleted : C:\users\user\AppData\Roaming\RPEng

***** [ Files ] *****

[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_darkautism.deviantart.com_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_darkautism.deviantart.com_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_land.pckeeper.software_0.localstorage-journal
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.newtabtvgamasearch.com_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.newtabtvgamasearch.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\triangletrail-a.akamaihd.net

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1959 bytes] - [26/04/2016 18:51:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [2036 bytes] - [26/04/2016 18:49:04]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2105 bytes] ##########
 
4] JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 7 Ultimate x64
Ran by user (Administrator) on 2016-04-26 at 18:55:06.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 42

Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JCEUIGT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GFD77OM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IHMDY7X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5Q94ADM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6O23DTV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUZHQILB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCNJW61Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJ8MBLPF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2W4MSNN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RF2YD0IZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0URTX9J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0URTX9J (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCJ0W3GZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X186E6S5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI4FXN9Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1IFHWKH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSZJ4GTB (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JCEUIGT (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GFD77OM (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IHMDY7X (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5Q94ADM (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C6O23DTV (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUZHQILB (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DCNJW61Y (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJ8MBLPF (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2W4MSNN (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RF2YD0IZ (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0URTX9J (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S0URTX9J (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCJ0W3GZ (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X186E6S5 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XI4FXN9Q (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1IFHWKH (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSZJ4GTB (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-04-26 at 19:02:08.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
When I run "Combo Fix, there are 5 error messages:

"Unable to create a backup of the current registry file
c:W ~~~~~SYSTEM !
continue restoration of this file ? "

And I clicked "Yes" but I believe it is not created backup.

Other 4 message are the same thing but different location.

However, I got log file.




---------

ComboFix 16-04-22.01 - user 2016-04-27 18:42:53.1.4 - x64
Microsoft Windows 7 Ultimate K 6.1.7601.1.949.82.1042.18.16322.14079 [GMT 9:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Disabled* {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Comodo Defense+ *Enabled/Updated* {6BAD9487-8DE8-D130-293E-C6A728B4104F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Roaming\Local
c:\users\user\AppData\Roaming\Local\Skyrim\DLCList.txt
c:\users\user\AppData\Roaming\Local\Skyrim\plugins.txt
c:\windows\Downloaded Program Files\.svn
c:\windows\Downloaded Program Files\.svn\all-wcprops
c:\windows\Downloaded Program Files\.svn\entries
c:\windows\Downloaded Program Files\.svn\prop-base\NmpLauncher.exe.svn-base
c:\windows\Downloaded Program Files\.svn\prop-base\npNaverMultiTrackPlugin.dll.svn-base
c:\windows\Downloaded Program Files\.svn\text-base\NmpLauncher.exe.svn-base
c:\windows\Downloaded Program Files\.svn\text-base\npNaverMultiTrackPlugin.dll.svn-base
c:\windows\Downloaded Program Files\.svn\text-base\npNaverMultiTrackPlugin.inf.svn-base
c:\windows\Downloaded Program Files\XPayPlugin
c:\windows\Downloaded Program Files\XPayPlugin\LGDacomPaymentView.ocx
c:\windows\SysWow64\CKAgent.dat
.
Infected copy of c:\windows\System32\winver.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2016-03-27 to 2016-04-27 )))))))))))))))))))))))))))))))
.
.
2016-04-27 09:54 . 2016-04-27 09:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-26 09:48 . 2016-04-26 09:51 -------- d-----w- C:\AdwCleaner
2016-04-26 09:33 . 2016-04-26 09:43 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-26 09:33 . 2016-04-26 09:33 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-04-26 09:33 . 2016-04-26 09:33 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-26 09:33 . 2016-04-26 09:33 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-26 09:33 . 2016-04-26 09:33 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-26 09:33 . 2016-04-26 09:33 -------- d-----w- c:\programdata\Malwarebytes
2016-04-26 09:03 . 2016-04-26 09:03 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-04-26 09:01 . 2016-04-26 09:02 -------- d-----w- c:\programdata\RogueKiller
2016-04-26 08:59 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4EBEDF11-02E3-4702-94C7-A6EB718FFA23}\mpengine.dll
2016-04-24 10:41 . 2016-04-24 10:45 -------- d-----w- C:\FRST
2016-04-23 09:48 . 2016-04-23 09:48 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-04-23 09:48 . 2016-04-23 09:48 52184 ----a-w- c:\windows\avastSS.scr
2016-04-22 23:45 . 2016-04-22 23:45 164360 ----a-r- c:\windows\system32\CKAgent.exe
2016-04-22 23:45 . 2016-04-22 23:45 164360 ----a-r- c:\windows\SysWow64\CKAgent.exe
2016-04-21 02:50 . 2016-04-21 02:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-04-07 01:53 . 2016-04-07 01:53 -------- d-----w- c:\users\user\AppData\Local\GWX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-27 01:43 . 2015-10-25 14:07 3932792 ----a-w- c:\windows\system32\btscan.exe
2016-04-26 08:59 . 2010-11-21 03:27 453288 ----a-w- c:\windows\system32\MpSigStub.exe
2016-04-23 09:48 . 2015-10-22 08:19 287528 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-04-23 09:48 . 2015-10-22 08:19 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-04-23 09:48 . 2015-10-22 08:19 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-04-23 09:48 . 2015-10-22 08:19 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-04-23 09:48 . 2015-10-22 08:19 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-04-23 09:48 . 2015-10-22 08:19 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-04-23 09:48 . 2015-10-22 08:19 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-04-23 09:48 . 2016-03-23 09:31 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-04-23 09:48 . 2015-10-22 08:19 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-04-22 23:45 . 2015-10-25 14:06 101152 ----a-w- c:\windows\system32\kck64.sys
2016-04-21 05:48 . 2015-12-10 02:22 207160 ----a-w- c:\windows\system32\drivers\mkd3kfnt.sys
2016-04-21 05:48 . 2015-12-10 02:22 148344 ----a-w- c:\windows\system32\drivers\mkd2nadr.sys
2016-04-21 02:50 . 2016-01-20 05:24 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-04-13 10:43 . 2015-10-22 13:45 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-08 06:03 . 2015-10-22 06:43 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-08 06:03 . 2015-10-22 06:43 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-06 12:19 . 2015-08-04 16:31 116248 ----a-w- c:\windows\system32\drivers\inspect.sys
2016-04-06 12:19 . 2015-08-04 16:31 56464 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2016-04-06 12:18 . 2015-08-04 16:31 823848 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2016-04-06 12:18 . 2015-08-04 16:31 31648 ----a-w- c:\windows\system32\drivers\cmderd.sys
2016-04-06 12:17 . 2015-08-04 16:29 51800 ----a-w- c:\windows\system32\cmdcsr.dll
2016-04-06 12:16 . 2015-09-03 03:52 461648 ----a-w- c:\windows\SysWow64\guard32.dll
2016-04-06 12:16 . 2015-09-03 03:52 596232 ----a-w- c:\windows\system32\guard64.dll
2016-04-06 12:14 . 2015-08-04 16:28 365752 ----a-w- c:\windows\system32\cmdvrt64.dll
2016-04-06 12:14 . 2015-08-04 16:28 51896 ----a-w- c:\windows\system32\cmdkbd64.dll
2016-04-06 12:12 . 2015-08-04 16:27 296120 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2016-04-06 12:11 . 2015-08-04 16:26 46776 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2016-04-06 00:53 . 2015-09-25 05:41 38472 ----a-w- c:\windows\SysWow64\noskp64.sys
2016-04-06 00:53 . 2015-09-25 05:40 34056 ----a-w- c:\windows\SysWow64\noskp.sys
2016-04-06 00:53 . 2015-09-14 11:03 47296 ----a-w- c:\windows\SysWow64\nosku64.sys
2016-04-06 00:53 . 2015-09-14 11:03 45832 ----a-w- c:\windows\SysWow64\nosku.sys
2016-04-06 00:53 . 2015-08-13 09:05 49128 ----a-w- c:\windows\SysWow64\noska.sys
2016-03-18 05:54 . 2015-05-26 08:27 2522 ----a-w- c:\windows\rescue_ocx_64.reg
2016-03-18 05:54 . 2015-05-26 08:27 2364 ----a-w- c:\windows\rescue_inisb_64.reg
2016-03-18 05:54 . 2015-05-26 08:39 1665320 ----a-w- c:\windows\INISandBoxMonitor.10035.exe
2016-03-17 22:24 . 2016-04-13 07:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-03-10 10:40 . 2015-12-10 02:22 108384 ----a-w- c:\windows\system32\drivers\mkd2bthf.sys
2016-03-09 02:14 . 2016-03-09 02:14 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-03-09 02:14 . 2016-03-09 02:14 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-03-09 02:14 . 2016-03-09 02:14 41472 ----a-w- c:\windows\system32\lpk.dll
2016-03-09 02:14 . 2016-03-09 02:14 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-03-09 02:14 . 2016-03-09 02:14 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-03-09 02:14 . 2016-03-09 02:14 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-03-09 02:14 . 2016-03-09 02:14 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-03-09 02:14 . 2016-03-09 02:14 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-03-09 02:14 . 2016-03-09 02:14 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-03-09 02:14 . 2016-03-09 02:14 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-03-09 02:14 . 2016-03-09 02:14 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-03-09 02:14 . 2016-03-09 02:14 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-03-09 02:14 . 2016-03-09 02:14 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-03-09 02:14 . 2016-03-09 02:14 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-03-09 02:14 . 2016-03-09 02:14 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-03-09 02:14 . 2016-03-09 02:14 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-03-09 02:14 . 2016-03-09 02:14 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-03-09 02:14 . 2016-03-09 02:14 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-03-09 02:14 . 2016-03-09 02:14 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-17 06:45 . 2016-02-17 06:45 61440 ----a-w- c:\windows\SysWow64\nvPhotoshopUtil.dll
2016-02-17 06:45 . 2016-02-17 06:45 40960 ----a-w- c:\windows\SysWow64\nvISWOW64.dll
2016-02-17 06:45 . 2016-02-17 06:45 151552 ----a-w- c:\windows\SysWow64\nvRegDev.dll
2016-02-17 03:11 . 2016-02-17 03:11 34515 ----a-w- c:\windows\SysWow64\uninst_MAWS_MMASJ.exe
2016-02-17 03:11 . 2013-04-02 04:12 237568 ----a-w- c:\windows\ImageSAFERSvc.exe
2016-02-17 03:11 . 2011-12-27 02:44 73728 ----a-w- c:\windows\SysWow64\ImageSAFERRecovery.exe
2016-02-17 03:11 . 2011-12-27 02:44 185856 ----a-w- c:\windows\system32\ImageSAFERStart_X86.exe
2016-02-17 03:11 . 2011-12-27 02:39 77312 ----a-w- c:\windows\system32\ImageSAFERRecovery.exe
2016-02-17 03:11 . 2011-12-27 02:39 210432 ----a-w- c:\windows\system32\ImageSAFERStart_X64.exe
2016-02-17 03:11 . 2010-07-27 02:18 62976 ----a-w- c:\windows\SysWow64\ImageSAFERMessage.exe
2016-02-17 03:11 . 2010-07-27 02:18 62976 ----a-w- c:\windows\system32\ImageSAFERMessage.exe
2016-02-12 18:52 . 2016-03-09 02:14 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 02:14 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 02:14 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 02:14 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 02:14 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 02:14 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 02:14 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 02:14 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 02:14 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 02:14 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 02:14 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 02:14 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 02:14 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 02:14 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 02:14 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 02:14 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-12 12:02 . 2016-02-12 12:02 197224 ----a-w- c:\windows\SysWow64\npkfxsvc.exe
2016-02-12 12:02 . 2016-02-12 12:02 76488 ----a-w- c:\windows\SysWow64\npkfxe64.exe
2016-02-12 12:02 . 2016-02-12 12:02 58464 ----a-w- c:\windows\SysWow64\kck64s.sys
2016-02-12 12:02 . 2014-05-08 08:06 26824 ----a-w- c:\windows\SysWow64\npkfxu.sys
2016-02-12 12:02 . 2014-05-08 08:06 23752 ----a-w- c:\windows\SysWow64\npkfxs.sys
2016-02-12 12:02 . 2014-05-08 08:06 565864 ----a-w- c:\windows\SysWow64\npkfxx.ocx
2016-02-12 12:02 . 2014-05-08 08:06 545384 ----a-w- c:\windows\SysWow64\npkfxext.ocx
2016-02-12 12:02 . 2014-05-08 08:06 422504 ----a-w- c:\windows\SysWow64\npkfx.dll
2016-02-12 12:02 . 2014-05-08 08:06 139880 ----a-w- c:\windows\SysWow64\npkfxes.dll
2016-02-12 12:02 . 2014-05-08 08:06 127592 ----a-w- c:\windows\SysWow64\npkfxcv.dll
2016-02-12 12:02 . 2014-05-08 08:06 488040 ----a-w- c:\windows\SysWow64\npkfxjv.dll
2016-02-12 12:02 . 2014-05-08 08:06 316008 ----a-w- c:\windows\SysWow64\npkfxexp.dll
2016-02-12 12:02 . 2014-05-08 08:06 229992 ----a-w- c:\windows\SysWow64\npkfxne.dll
2016-02-12 12:02 . 2014-05-08 08:06 201320 ----a-w- c:\windows\SysWow64\npkfxrsen.dll
2016-02-12 12:02 . 2014-05-08 08:06 135784 ----a-w- c:\windows\SysWow64\npkfxpa.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
[7] 2014-07-16 . 98AA0BFEE089C7E5DADB94190D93456C . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe
[7] 2014-03-04 . 6CE2AE073BD21C542FC2C707CAE944CC . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[7] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2015-12-09 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2015-11-10 . E42CB2576D5C8456C60988B1C908F41A . 1009152 . . [6.1.7601.23265] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_2bb2ca019d418cef\user32.dll
[7] 2015-11-10 . 06BF84D26A05D400F6B3FB3D3DE0B03A . 1008640 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_2b252a2884278aa2\user32.dll
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2010-08-06 . F78E7BD7ADC829D9DD92C558180E09DB . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ipTIME_Upgrade_Notification"="c:\users\user\AppData\Local\ipTIME\ipTIME_Upgrade_Notification\ipTIME_Upgrade_Notification.exe" [2016-02-07 1133296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-01-17 5695296]
"IME14 KOR Setup"="c:\progra~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2015-10-13 81080]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-04-23 7390608]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"wizvera-veraport"="c:\program files (x86)\Wizvera\Veraport20\veraport.exe" [2015-12-10 1413352]
"AnySign4PC"="c:\program files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PC.exe" [2015-12-10 2382144]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2015-12-19 296216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-04-21 596504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
Ime File REG_SZ IMKR14.IME
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 KOS_Service;Kings Online Security;c:\kings\KOS\KOSSvc.exe;c:\kings\KOS\KOSSvc.exe [x]
R2 npkfxsvc;npkfxsvc;c:\windows\SysWow64\npkfxsvc.exe;c:\windows\SysWow64\npkfxsvc.exe [x]
R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2K.sys;c:\windows\SYSNATIVE\drivers\AhnFlt2K.sys [x]
R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2K.sys;c:\windows\SYSNATIVE\drivers\AhnRec2K.sys [x]
R3 AntiStealth_MYFIREWALL40ASD;AntiStealth_MYFIREWALL40ASD;c:\program files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys [x]
R3 AntiStealth_MYFIREWALL40ASDF;AntiStealth_MYFIREWALL40ASDF;c:\program files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys [x]
R3 ascrts_SafeTransaction;ascrts_SafeTransaction;c:\program files\AhnLab\Safe Transaction\asc\ascrts.sys;c:\program files\AhnLab\Safe Transaction\asc\ascrts.sys [x]
R3 ATamptNt_MYFIREWALL40ASD;ATamptNt_MYFIREWALL40ASD;c:\progra~1\AhnLab\ASP\MYFIRE~1.0\ATamptNt.sys;c:\progra~1\AhnLab\ASP\MYFIRE~1.0\ATamptNt.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ISMgr;Image SAFER Process Managerment NT.;c:\windows\system32\ImageSAFERDrv64.sys;c:\windows\SYSNATIVE\ImageSAFERDrv64.sys [x]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS;c:\windows\SYSNATIVE\JRSKD24.SYS [x]
R3 kck64;kck64;c:\windows\system32\kck64.sys;c:\windows\SYSNATIVE\kck64.sys [x]
R3 MeDCoreD_SafeTransaction;MeDCoreD_SafeTransaction;c:\program files\AhnLab\Safe Transaction\MeDCoreD.sys;c:\program files\AhnLab\Safe Transaction\MeDCoreD.sys [x]
R3 MeDVpDrv_SafeTransaction;MeDVpDrv_SafeTransaction;c:\program files\AhnLab\Safe Transaction\MeDVpDrv.sys;c:\program files\AhnLab\Safe Transaction\MeDVpDrv.sys [x]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys;c:\windows\SYSNATIVE\drivers\Mkd2Bthf.sys [x]
R3 MyFw40Service;MyFirewall 4.0 Service;c:\program files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe;c:\program files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe [x]
R3 noskp;noskp;c:\windows\syswow64\noskp64.sys;c:\windows\syswow64\noskp64.sys [x]
R3 np_ck64s;np_ck64s;c:\windows\syswow64\np_ck64s.sys;c:\windows\syswow64\np_ck64s.sys [x]
R3 npkfxs;npkfxs;c:\windows\syswow64\npkfxs.sys;c:\windows\syswow64\npkfxs.sys [x]
R3 npkfxu;npkfxu;c:\windows\syswow64\npkfxu.sys;c:\windows\syswow64\npkfxu.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 ProDefense;ProDefense;c:\windows\system32\drivers\ProDefense.sys;c:\windows\SYSNATIVE\drivers\ProDefense.sys [x]
R3 ProMDefense;ProMDefense;c:\windows\SysWOW64\drivers\ProMDefense.sys;c:\windows\SysWOW64\drivers\ProMDefense.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\SysWOW64\Drivers\TFsExDisk.sys;c:\windows\SysWOW64\Drivers\TFsExDisk.sys [x]
R3 TKCtrl;TKCtrl;c:\windows\system32\TKCtrl2k64.sys;c:\windows\SYSNATIVE\TKCtrl2k64.sys [x]
R3 TNFwNt_MYFIREWALL40ASD;TNFwNt_MYFIREWALL40ASD;c:\program files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys [x]
R3 TNFwNt_SafeTransaction;TNFwNt_SafeTransaction;c:\program files\AhnLab\Safe Transaction\TNFwNt.sys;c:\program files\AhnLab\Safe Transaction\TNFwNt.sys [x]
R3 TNNipsNt_MYFIREWALL40ASD;TNNipsNt_MYFIREWALL40ASD;c:\program files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys;c:\program files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys [x]
R3 TNNipsNt_SafeTransaction;TNNipsNt_SafeTransaction;c:\program files\AhnLab\Safe Transaction\TNNipsNt.sys;c:\program files\AhnLab\Safe Transaction\TNNipsNt.sys [x]
R3 TSFLTDRV_SafeTransaction;TSFLTDRV_SafeTransaction;c:\progra~1\AhnLab\SAFETR~1\TSFLTDRV.sys;c:\progra~1\AhnLab\SAFETR~1\TSFLTDRV.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 x64kdss;x64kdss;syswow64\Drivers\x64kdss.sys;syswow64\Drivers\x64kdss.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;인텔(R) USB 3.0 호스트 컨트롤러 스위치 드라이버;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]
S1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys;c:\windows\SYSNATIVE\Drivers\AMonTDLH.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup 서비스;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AnySign4PC Launcher;AnySign4PC Launcher;c:\program files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe;c:\program files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Image Protection;Image Protect Service;c:\windows\ImageSAFERSvc.exe;c:\windows\ImageSAFERSvc.exe [x]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [x]
S2 Innosvc7;Innosvc7;c:\program files (x86)\INNORIX\common\innosvc7.exe;c:\program files (x86)\INNORIX\common\innosvc7.exe [x]
S2 Naver Updater;Naver Updater;c:\program files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe;c:\program files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe [x]
S2 nossvc;nProtect Online Security(PFS);c:\program files (x86)\INCAInternet\nProtect Online Security\nossvc.exe;c:\program files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 SafeTransactionSVC;AhnLab Safe Transaction Service;c:\program files\AhnLab\Safe Transaction\ASDSvc.exe;c:\program files\AhnLab\Safe Transaction\ASDSvc.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TUCtlSystem;TUCtlSystem;c:\windows\SysWOW64\TUCTLSystem.exe;c:\windows\SysWOW64\TUCTLSystem.exe [x]
S2 VPWalletService;VPWalletService;c:\program files (x86)\VP\VPWalletService\VPWalletService.exe;c:\program files (x86)\VP\VPWalletService\VPWalletService.exe [x]
S2 WizveraPMSvc;WIZVERA Process Manager Service;c:\program files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe;c:\program files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe [x]
S2 WooriBankSecLogGather;WooriBankSecLogGather;c:\program files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe;c:\program files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AhnRghNt;AhnRghNt;c:\windows\system32\drivers\AhnRghNt.sys;c:\windows\SYSNATIVE\drivers\AhnRghNt.sys [x]
S3 AntiStealth_SafeTransaction;AntiStealth_SafeTransaction;c:\program files\AhnLab\Safe Transaction\AHAWKENT.sys;c:\program files\AhnLab\Safe Transaction\AHAWKENT.sys [x]
S3 AntiStealth_SafeTransactionF;AntiStealth_SafeTransactionF;c:\program files\AhnLab\Safe Transaction\TfFRegNt.sys;c:\program files\AhnLab\Safe Transaction\TfFRegNt.sys [x]
S3 ATamptNt_SafeTransaction;ATamptNt_SafeTransaction;c:\progra~1\AhnLab\SAFETR~1\ATamptNt.sys;c:\progra~1\AhnLab\SAFETR~1\ATamptNt.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 Cdm2DrNt;Cdm2DrNt;c:\windows\system32\Drivers\Cdm2DrNt.sys;c:\windows\SYSNATIVE\Drivers\Cdm2DrNt.sys [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 HSBDrv64;HSBDrv64;c:\windows\system32\drivers\HSBDrv64.sys;c:\windows\SYSNATIVE\drivers\HSBDrv64.sys [x]
S3 iusb3hub;인텔(R) USB 3.0 허브 드라이버;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;인텔(R) USB 3.0 확장 가능한 호스트 컨트롤러 드라이버;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS;c:\windows\SYSNATIVE\JRSUKD25.SYS [x]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys;c:\windows\SYSNATIVE\drivers\Mkd2Nadr.sys [x]
S3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys;c:\windows\SYSNATIVE\drivers\Mkd3kfNt.sys [x]
S3 nosku;nosku;c:\windows\syswow64\nosku64.sys;c:\windows\syswow64\nosku64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 TKFsAvM;TKFsAvM;c:\windows\system32\TKFsAv64.sys;c:\windows\SYSNATIVE\TKFsAv64.sys [x]
S3 TKFsFtM;TKFsFtM;c:\windows\system32\TKFsFt64.sys;c:\windows\SYSNATIVE\TKFsFt64.sys [x]
S3 TKPcFt;TKPcFt;c:\windows\system32\TKPcFtCb64.sys;c:\windows\SYSNATIVE\TKPcFtCb64.sys [x]
S3 TKRgAc;TKRgAc;c:\windows\system32\TKRgAc2k64.sys;c:\windows\SYSNATIVE\TKRgAc2k64.sys [x]
S3 TKRgFt;TKRgFt;c:\windows\system32\TKRgFtXp64.sys;c:\windows\SYSNATIVE\TKRgFtXp64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-26 10:24 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-22 06:03]
.
2016-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-22 08:01]
.
2016-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-10-22 08:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-04-23 09:48 920784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 서비스"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-01-17 390768]
"IME14 KOR Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2015-10-13 110776]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-29 499608]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2016-04-08 1610936]
"AhnLab Safe Transaction Application"="c:\program files\AhnLab\Safe Transaction\stsess.exe" [2016-04-21 4017848]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2015-12-19 8725248]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2015-12-19 1407744]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-12-28 2634872]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-10-03 1710568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: OneNote로 보내기(&N) - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: dacom.net
Trusted Zone: lgdacom.net
Trusted Zone: uplus.co.kr
TCP: DhcpNameServer = 210.220.163.82 219.250.36.130
Handler: crosswebex - {d03424de-4f7e-11e5-a44a-005056c00008} - c:\program files (x86)\initech\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.752\CrossEXProtocol.dll
Handler: touchenex - {74f917de-707e-11e5-80c3-005056c00008} - c:\program files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.774\CrossEXProtocol.dll
DPF: {1c0ac0ca-0ffa-5798-98eb-b4c11f0bc8f9} - ${CAB_URL}
DPF: {1CBDCD5A-18EE-4CCA-9AEA-93D5D27E310B} - hxxps://supdate.nprotect.net/nprotect2007/keycrypt/choiyh/140521/npkfxx_14042901.cab
DPF: {406FDD84-AA88-4BE6-AEF3-5BD7D6499985} - hxxp://safer.skbroadband.com/WRoicX/rioInstallX.cab
DPF: {E42F7FEB-DE20-43F4-A342-47F1DA77F667} - hxxps://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.3.cab
DPF: {FA550500-1012-4D36-BB9E-E9B02B88FE99} - hxxp://yebigun1.mil.kr/MAWS_MMASJ/bin/MAOnFPS_MMASJ.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-Run-ZoneAlarm Windows 10 Upgrader - c:\programdata\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-MAWS_MMASJ - 증명서 발급 시스템 - c:\windows\system32\uninst_MAWS_MMASJ.exe
AddRemove-npkfx - c:\windows\system32\npkfxust.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:86,6d,25,8d,19,2d,9d,47,f5,b1,19,cd,c0,7e,3d,de,e1,62,f2,3b,cc,
7a,ad,7e,af,76,80,cd,ea,e2,6b,cc,9c,71,60,a8,67,ab,a6,9d,13,32,dd,7c,b1,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\COMODO\CIS\Installer\Sym_Cam\CIS]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:86,6d,25,8d,19,2d,9d,47,f5,b1,19,cd,c0,7e,3d,de,e1,62,f2,3b,cc,
7a,ad,7e,af,76,80,cd,ea,e2,6b,cc,9c,71,60,a8,67,ab,a6,9d,13,32,dd,7c,b1,28,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Configurations]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Data]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmdAgent\Mode\Options]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Cam]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,59,00,53,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2016-04-27 19:15:54 - machine was rebooted
ComboFix-quarantined-files.txt 2016-04-27 10:15
.
Pre-Run: 375,957,983,232 바이트 남음
Post-Run: 377,546,567,680 바이트 남음
.
- - End Of File - - B307D6162D2CEB37C4178A5ADB6A9E8A
5FB38429D5D77768867C76DCBDB35194
 
Last edited:
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
I re-download Farbar Recovery Scan Tool .
It is different version.

Now, I pasted log:



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by user (administrator) on USER-PC (28-04-2016 09:40:35)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: 한국어(대한민국)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(SOFTFORUM) C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\StSess.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(EFM Networks) C:\Users\user\AppData\Local\ipTIME\ipTIME_Upgrade_Notification\ipTIME_Upgrade_Notification.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe
(SOFTFORUM) C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\AnySign4PC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(MarkAny) C:\Windows\ImageSAFERSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(INNORIX) C:\Program Files (x86)\INNORIX\common\innosvc7.exe
(NAVER Corp.) C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X86.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe
(MarkAny) C:\Windows\System32\ImageSAFERStart_X64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Teruten) C:\Windows\SysWOW64\TUCTLSystem.exe
() C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(우리은행) C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\Nz32\StSess32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acronis Scheduler2 **D�<*>] => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" <===== ATTENTION (Value Name with invalid characters)
HKLM\...\Run: [IME14 KOR Setup] => C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110776 2015-10-13] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-04-08] (COMODO)
HKLM\...\Run: [AhnLab Safe Transaction Application] => C:\Program Files\AhnLab\Safe Transaction\stsess.exe [4017848 2016-04-21] (AhnLab, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-12-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-12-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5695296 2011-01-17] (Acronis)
HKLM-x32\...\Run: [IME14 KOR Setup] => C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81080 2015-10-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-23] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [wizvera-veraport] => C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe [1413352 2015-12-10] (WIZVERA)
HKLM-x32\...\Run: [AnySign4PC] => C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PC.exe [2382144 2015-12-10] (SOFTFORUM)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-12-19] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-21] (Oracle Corporation)
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Run: [ipTIME_Upgrade_Notification] => C:\Users\user\AppData\Local\ipTIME\ipTIME_Upgrade_Notification\ipTIME_Upgrade_Notification.exe [1133296 2016-02-07] (EFM Networks)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-23] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 210.220.163.82 219.250.36.130
Tcpip\..\Interfaces\{2329FCF1-CEA7-43B7-B585-E4E5E1740705}: [DhcpNameServer] 210.220.163.82 219.250.36.130

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-23] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-23] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000 -> is enabled.
DPF: HKLM-x32 {063F7D71-5E0B-48F2-87D5-F63C5917947E} hxxps://secwebclinic.ahnlab.com/aos/plugin/aosmgr.cab
DPF: HKLM-x32 {1c0ac0ca-0ffa-5798-98eb-b4c11f0bc8f9} ${CAB_URL}
DPF: HKLM-x32 {1CBDCD5A-18EE-4CCA-9AEA-93D5D27E310B} hxxps://supdate.nprotect.net/nprotect2007/keycrypt/choiyh/140521/npkfxx_14042901.cab
DPF: HKLM-x32 {406FDD84-AA88-4BE6-AEF3-5BD7D6499985} hxxp://safer.skbroadband.com/WRoicX/rioInstallX.cab
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Program Files (x86)\INCAInternet\nProtect Online Security\raon\TouchEnKey_Installer_32bit.exe
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E42F7FEB-DE20-43F4-A342-47F1DA77F667} hxxps://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.3.cab
DPF: HKLM-x32 {FA550500-1012-4D36-BB9E-E9B02B88FE99} hxxp://yebigun1.mil.kr/MAWS_MMASJ/bin/MAOnFPS_MMASJ.cab
Handler-x32: crosswebex - {d03424de-4f7e-11e5-a44a-005056c00008} - C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.752\CrossEXProtocol.dll [2015-08-31] (iniLINE Co., Ltd.)
Handler-x32: touchenex - {74f917de-707e-11e5-80c3-005056c00008} - C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.774\CrossEXProtocol.dll [2015-10-12] (iniLINE Co., Ltd.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: innorix.com/InnoGMP -> C:\Program Files\INNORIX\npinnogmp7.dll [2015-02-11] (INNORIX)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_584\npaosmgr.dll [2016-03-21] (AhnLab, Inc.)
FF Plugin-x32: @clipsoft.com/rexpert30 -> C:\Program Files (x86)\clipsoft\rexpert30\bin\viewer\nprexpert3.0.plugin.dll [2015-07-31] ( )
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-03-22] (Foxit Corporation)
FF Plugin-x32: @initech.com/moasign_s -> C:\Program Files (x86)\INITECH\INISAFE MoaSignS\npMoasignMime.dll [2015-12-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation)
FF Plugin-x32: @markany.com/npMAOnFPS_MultiBrowser2 -> C:\Users\user\AppData\Local\MarkAny\npMAOnFPS_MultiBrowser2.dll [2012-12-31] (MarkAny)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-28] (NVIDIA Corporation)
FF Plugin-x32: @softforum.com/npKeyPro -> C:\windows\system32\npKeyPro.dll [No File]
FF Plugin-x32: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2015-10-25] (Softforum Co., LTD.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2015-12-10] ()
FF Plugin-x32: crosswebex@iniline.com/npCrossEXPlugin -> C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.752\npinilinecrosswebex.dll [2015-08-31] (iniLINE Co., Ltd.)
FF Plugin-x32: innorix.com/InnoGMP -> C:\Program Files (x86)\INNORIX\npinnogmp7.dll [2015-02-11] (INNORIX)
FF Plugin-x32: touchenex@raon.com/npCrossEXPlugin -> C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.774\npraontouchenex.dll [2015-10-12] (iniLINE Co., Ltd.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @initech.com/moasign_s -> C:\Program Files (x86)\INITECH\INISAFE MoaSignS\npMoasignMime.dll [2015-12-10] ()
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @initech.com/npSandBox -> C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.10056.dll [2015-05-26] (Initech Co., Ltd.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2015-10-25] (Softforum Co., LTD.)
FF Plugin HKU\S-1-5-21-2207781790-2766300111-2274446720-1000: naver.com/NaverMultiTrackPlugin -> C:\windows\Downloaded Program Files\npNaverMultiTrackPlugin.dll [2016-01-08] (NAVER)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2015-10-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-23]
FF HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\Firefox\Extensions: [npSandBox@initech.com] - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi
FF Extension: INISAFE SandBox - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi [2015-05-26] [not signed]
 
Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google 슬라이드) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-26]
CHR Extension: (Google 문서도구) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-26]
CHR Extension: (Google 드라이브) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-26]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-26]
CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-04-26]
CHR Extension: (Google 시트) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-26]
CHR Extension: (Google 문서 오프라인) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-26]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-26]
CHR Extension: (Chrome 웹 스토어 결제) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnySign4PC Launcher; C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe [2300224 2015-12-10] (SOFTFORUM)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-23] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5799552 2016-04-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-04-08] (COMODO)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249320 2015-12-19] (DTS, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-12-28] (NVIDIA Corporation)
R2 Image Protection; C:\windows\ImageSAFERSvc.exe [237568 2016-02-17] (MarkAny) [File not signed]
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 Innosvc7; C:\Program Files (x86)\INNORIX\common\innosvc7.exe [197720 2016-01-13] (INNORIX)
S2 KMService; C:\windows\SysWOW64\srvany.exe [8192 2010-06-16] () [File not signed]
S3 MyFw40Service; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe [676832 2015-06-25] (AhnLab, Inc.)
R2 Naver Updater; C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe [263136 2016-03-11] (NAVER Corp.)
R2 nossvc; C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [1673032 2016-04-07] (INCA Internet Co., Ltd.)
S2 npkfxsvc; C:\windows\SysWow64\npkfxsvc.exe [197224 2016-02-12] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-12-28] (NVIDIA Corporation)
R2 SafeTransactionSVC; C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe [738784 2015-11-13] (AhnLab, Inc.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-12-21] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TUCtlSystem; C:\windows\SysWOW64\TUCTLSystem.exe [376384 2016-01-18] (Teruten)
R2 VPWalletService; C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe [371232 2015-11-15] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WizveraPMSvc; C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe [3068768 2015-12-10] (WIZVERA)
R2 WooriBankSecLogGather; C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe [1332736 2015-12-10] (우리은행) [File not signed]
S2 KOS_Service; C:\Kings\KOS\KOSSvc.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AhnFlt2K; C:\windows\system32\drivers\AhnFlt2K.sys [84048 2015-09-03] (AhnLab, Inc.)
S3 AhnRec2K; C:\windows\system32\drivers\AhnRec2K.sys [36280 2015-09-03] (AhnLab, Inc.)
R3 AhnRghNt; C:\windows\system32\drivers\AhnRghNt.sys [68448 2015-11-02] (AhnLab, Inc.)
R1 AMonTDLH; C:\windows\system32\Drivers\AMonTDLH.sys [155272 2015-09-03] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys [52920 2015-10-27] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASDF; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys [191032 2015-10-27] (AhnLab, Inc.)
R3 AntiStealth_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\AHAWKENT.sys [52920 2015-11-02] (AhnLab, Inc.)
R3 AntiStealth_SafeTransactionF; C:\Program Files\AhnLab\Safe Transaction\TfFRegNt.sys [191032 2015-11-02] (AhnLab, Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49560 2012-09-18] (Asmedia Technology)
S3 ascrts_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\asc\ascrts.sys [4025936 2016-04-27] (AhnLab, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-23] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-23] (AVAST Software)
S3 ATamptNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\atamptnt.sys [325168 2015-10-27] (AhnLab, Inc.)
R3 ATamptNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\AtamptNt.sys [325168 2015-10-06] (AhnLab, Inc.)
R3 Cdm2DrNt; C:\windows\system32\Drivers\Cdm2DrNt.sys [98216 2014-09-17] (AhnLab, Inc.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-04-06] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [823848 2016-04-06] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56464 2016-04-06] (COMODO)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-30] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 HSBDrv64; C:\Windows\System32\drivers\HSBDrv64.sys [130800 2015-10-30] (AhnLab, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-03-13] (Intel Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-04-06] (COMODO)
R3 ISMgr; C:\windows\system32\ImageSAFERDrv64.sys [11256 2009-11-26] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.)
R3 JRSUKD25; C:\windows\system32\JRSUKD25.SYS [20560 2015-10-25] (RaonSecure Co., Ltd.)
S3 kck64; C:\windows\system32\kck64.sys [101152 2016-04-23] (Kings Information & Network)
S3 MeDCoreD_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\MeDCoreD.sys [979632 2016-04-08] (AhnLab, Inc.)
S3 MeDVpDrv_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\MeDVpDrv.sys [555184 2016-04-08] (AhnLab, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [108384 2016-03-10] (AhnLab, Inc.)
R3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [148344 2016-04-21] (AhnLab, Inc.)
R3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [207160 2016-04-21] (AhnLab, Inc.)
R3 noskp; C:\windows\syswow64\noskp64.sys [38472 2016-04-06] (INCA Internet Co.,Ltd.)
R3 nosku; C:\windows\syswow64\nosku64.sys [47296 2016-04-06] (INCA Internet Co.,Ltd.)
S3 npkfxs; c:\windows\syswow64\npkfxs.sys [23752 2016-02-12] (INCA Internet Co.,Ltd.)
S3 npkfxu; c:\windows\syswow64\npkfxu.sys [26824 2016-02-12] (INCA Internet Co.,Ltd.)
R3 np_ck64s; C:\windows\syswow64\np_ck64s.sys [75680 2014-08-13] (INCA Internet Co.,Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-10-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-12-28] (NVIDIA Corporation)
S3 ProDefense; C:\windows\system32\drivers\ProDefense.sys [18176 2015-10-29] (Bluegem Security)
R3 TKCtrl; C:\windows\system32\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKCtrl; C:\windows\SysWOW64\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\windows\system32\TKFsAv64.sys [179336 2015-08-13] (INCA Internet Co., Ltd.)
R3 TKFsFtM; C:\windows\system32\TKFsFt64.sys [28824 2014-07-07] (INCA Internet Co., Ltd.)
R3 TKPcFt; C:\windows\system32\TKPcFtCb64.sys [39280 2015-08-07] (INCA Internet Co., Ltd.)
R3 TKRgAc; C:\windows\system32\TKRgAc2k64.sys [96584 2013-09-09] (INCA Internet Co., Ltd.)
R3 TKRgFt; C:\windows\system32\TKRgFtXp64.sys [51464 2013-11-18] (INCA Internet Co., Ltd.)
S3 TNFwNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys [162752 2015-08-21] (AhnLab, Inc.)
S3 TNFwNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TNFwNt.sys [163536 2015-09-03] (AhnLab, Inc.)
S3 TNNipsNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys [202544 2015-08-21] (AhnLab, Inc.)
S3 TNNipsNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TNNipsNt.sys [203544 2015-09-03] (AhnLab, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-26] ()
S3 TSFLTDRV_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TSFltDrv.sys [302160 2015-11-19] (AhnLab, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 JRSKD24; \??\C:\windows\system32\JRSKD24.SYS [X]
S3 ProMDefense; \??\C:\Windows\SysWOW64\drivers\ProMDefense.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 x64kdss; syswow64\Drivers\x64kdss.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-28 09:40 - 2016-04-28 09:40 - 00029569 _____ C:\Users\user\Desktop\FRST.txt
2016-04-27 19:16 - 2016-04-27 19:16 - 00042181 _____ C:\ComboFix.txt
2016-04-27 18:41 - 2011-06-26 15:45 - 00256000 _____ C:\windows\PEV.exe
2016-04-27 18:41 - 2010-11-08 02:20 - 00208896 _____ C:\windows\MBR.exe
2016-04-27 18:41 - 2009-04-20 13:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2016-04-27 18:41 - 2000-08-31 09:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2016-04-27 18:41 - 2000-08-31 09:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2016-04-27 18:41 - 2000-08-31 09:00 - 00098816 _____ C:\windows\sed.exe
2016-04-27 18:41 - 2000-08-31 09:00 - 00080412 _____ C:\windows\grep.exe
2016-04-27 18:41 - 2000-08-31 09:00 - 00068096 _____ C:\windows\zip.exe
2016-04-27 18:08 - 2016-04-27 19:16 - 00000000 ____D C:\Qoobox
2016-04-27 18:07 - 2016-04-27 19:10 - 00000000 ____D C:\windows\erdnt
2016-04-27 18:01 - 2016-04-27 18:01 - 05660058 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2016-04-26 19:02 - 2016-04-26 19:09 - 00007417 _____ C:\Users\user\Desktop\JRT.txt
2016-04-26 18:54 - 2016-04-26 18:54 - 01610008 _____ (Malwarebytes) C:\Users\user\Desktop\JRT.exe
2016-04-26 18:53 - 2016-04-26 18:53 - 00002184 _____ C:\Users\user\Desktop\AdwCleaner[C1].txt
2016-04-26 18:48 - 2016-04-26 18:51 - 00000000 ____D C:\AdwCleaner
2016-04-26 18:47 - 2016-04-26 18:47 - 03580480 _____ C:\Users\user\Desktop\adwcleaner_5.113.exe
2016-04-26 18:45 - 2016-04-26 18:45 - 00008983 _____ C:\Users\user\Desktop\MBAM.txt
2016-04-26 18:33 - 2016-04-26 18:43 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-26 18:33 - 2016-04-26 18:33 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-04-26 18:33 - 2016-04-26 18:33 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-04-26 18:33 - 2016-04-26 18:33 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-04-26 18:33 - 2016-04-26 18:33 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-26 18:33 - 2016-04-26 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-26 18:33 - 2016-04-26 18:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-26 18:33 - 2016-04-26 18:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-26 18:32 - 2016-04-26 18:32 - 22851472 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-26 18:22 - 2016-04-26 18:22 - 00005904 _____ C:\Users\user\Desktop\rk_E11B.txt
2016-04-26 18:03 - 2016-04-26 18:03 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-04-26 18:01 - 2016-04-26 18:02 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-26 17:57 - 2016-04-26 17:57 - 19766856 _____ C:\Users\user\Desktop\RogueKiller.exe
2016-04-25 18:45 - 2016-04-25 18:56 - 00000000 ____D C:\windows\pss
2016-04-24 19:41 - 2016-04-28 09:40 - 00000000 ____D C:\FRST
2016-04-24 19:40 - 2016-04-28 09:36 - 02376704 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-04-23 18:48 - 2016-04-23 18:48 - 00398152 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-04-23 18:48 - 2016-04-23 18:48 - 00052184 _____ (AVAST Software) C:\windows\avastSS.scr
2016-04-23 08:45 - 2016-04-23 08:45 - 00164360 ____R (RaonSecure Co., Ltd.) C:\windows\SysWOW64\CKAgent.exe
2016-04-23 08:45 - 2016-04-23 08:45 - 00164360 ____R (RaonSecure Co., Ltd.) C:\windows\system32\CKAgent.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 25817600 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 13811712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 02892800 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 02596864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-04-13 16:52 - 2016-04-13 16:52 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 02056192 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-04-13 16:52 - 2016-04-13 16:52 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 01169408 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00698368 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00394952 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00038120 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-04-13 16:52 - 2016-04-13 16:52 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-04-13 16:52 - 2016-04-13 16:52 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-04-13 16:52 - 2016-03-31 09:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-04-13 16:52 - 2016-03-31 09:27 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-04-13 16:52 - 2016-03-31 09:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-04-13 16:52 - 2016-03-31 08:52 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-04-13 16:52 - 2016-03-30 02:53 - 03216896 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-04-13 16:52 - 2016-03-18 08:04 - 05551336 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-04-13 16:52 - 2016-03-18 08:04 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-04-13 16:52 - 2016-03-18 08:04 - 00154344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-04-13 16:52 - 2016-03-18 08:04 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-04-13 16:52 - 2016-03-18 08:01 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-04-13 16:52 - 2016-03-18 08:01 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-04-13 16:52 - 2016-03-18 07:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-04-13 16:52 - 2016-03-18 07:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-04-13 16:52 - 2016-03-18 07:57 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-04-13 16:52 - 2016-03-18 07:57 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-04-13 16:52 - 2016-03-18 07:57 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-04-13 16:52 - 2016-03-18 07:57 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-04-13 16:52 - 2016-03-18 07:57 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-04-13 16:52 - 2016-03-18 07:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-04-13 16:52 - 2016-03-18 07:56 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-04-13 16:52 - 2016-03-18 07:54 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-04-13 16:52 - 2016-03-18 07:54 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-04-13 16:52 - 2016-03-18 07:53 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-04-13 16:52 - 2016-03-18 07:53 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-04-13 16:52 - 2016-03-18 07:53 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-04-13 16:52 - 2016-03-18 07:53 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-04-13 16:52 - 2016-03-18 07:50 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-04-13 16:52 - 2016-03-18 07:36 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-04-13 16:52 - 2016-03-18 07:36 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-04-13 16:52 - 2016-03-18 07:33 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-04-13 16:52 - 2016-03-18 07:31 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-04-13 16:52 - 2016-03-18 07:31 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-04-13 16:52 - 2016-03-18 07:31 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-04-13 16:52 - 2016-03-18 07:31 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-04-13 16:52 - 2016-03-18 07:30 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-04-13 16:52 - 2016-03-18 07:30 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-04-13 16:52 - 2016-03-18 07:30 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-04-13 16:52 - 2016-03-18 07:29 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-04-13 16:52 - 2016-03-18 07:29 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-04-13 16:52 - 2016-03-18 07:29 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-04-13 16:52 - 2016-03-18 07:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-04-13 16:52 - 2016-03-18 07:27 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-04-13 16:52 - 2016-03-18 07:27 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-04-13 16:52 - 2016-03-18 07:26 - 00553984 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-04-13 16:52 - 2016-03-18 07:25 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-04-13 16:52 - 2016-03-18 07:24 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-04-13 16:52 - 2016-03-18 07:24 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-04-13 16:52 - 2016-03-18 07:24 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-04-13 16:52 - 2016-03-18 06:53 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-04-13 16:52 - 2016-03-18 06:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-04-13 16:52 - 2016-03-18 06:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-04-13 16:52 - 2016-03-18 06:51 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-04-13 16:52 - 2016-03-18 06:44 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-04-13 16:52 - 2016-03-18 06:43 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-04-13 16:52 - 2016-03-18 06:38 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-04-13 16:52 - 2016-03-18 06:37 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-04-13 16:52 - 2016-03-18 06:37 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-04-13 16:52 - 2016-03-18 06:35 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-04-13 16:52 - 2016-03-18 06:35 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-04-13 16:52 - 2016-03-18 06:30 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-04-13 16:52 - 2016-03-18 06:29 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-04-13 16:52 - 2016-03-17 03:50 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-04-13 16:52 - 2016-03-17 03:28 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-04-13 16:52 - 2016-03-17 03:28 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-04-13 16:52 - 2016-03-07 03:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-04-13 16:52 - 2016-03-07 03:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-04-13 16:52 - 2016-03-07 03:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-04-13 16:52 - 2016-03-07 03:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-04-13 16:52 - 2016-02-03 03:57 - 00511488 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-04-13 16:52 - 2016-01-21 09:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-04-07 10:53 - 2016-04-07 10:53 - 00000000 ____D C:\Users\user\AppData\Local\GWX
 
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-28 09:38 - 2010-11-22 02:21 - 00473458 _____ C:\windows\system32\perfh012.dat
2016-04-28 09:38 - 2010-11-22 02:21 - 00174156 _____ C:\windows\system32\perfc012.dat
2016-04-28 09:38 - 2009-07-14 14:13 - 01424304 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-28 09:38 - 2009-07-14 12:20 - 00000000 ____D C:\windows\inf
2016-04-28 09:32 - 2015-10-22 17:01 - 00000680 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-28 09:32 - 2015-10-22 15:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-28 09:32 - 2009-07-14 14:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-27 20:46 - 2009-07-14 13:45 - 00016864 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-27 20:46 - 2009-07-14 13:45 - 00016864 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-27 19:18 - 2015-10-22 17:01 - 00000684 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-27 19:03 - 2015-10-22 15:43 - 00000622 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-04-27 19:02 - 2009-07-14 11:34 - 00000215 _____ C:\windows\system.ini
2016-04-27 18:50 - 2009-07-14 14:32 - 00000000 ____D C:\windows\Downloaded Program Files
2016-04-27 18:49 - 2015-10-22 17:19 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-04-27 10:43 - 2015-10-25 23:07 - 03932792 _____ (AhnLab, Inc.) C:\windows\system32\btscan.exe
2016-04-26 19:25 - 2015-10-22 17:02 - 00002169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2016-04-26 19:25 - 2015-10-22 17:02 - 00002157 _____ C:\Users\Public\Desktop\Chrome.lnk
2016-04-26 18:42 - 2010-11-22 02:31 - 00000000 ____D C:\windows\ShellNew
2016-04-26 17:59 - 2010-11-21 12:27 - 00453288 _____ (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-04-23 18:49 - 2016-03-23 18:31 - 00003040 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1458725500
2016-04-23 18:48 - 2016-03-23 18:31 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 01070904 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00465792 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00287528 _____ (AVAST Software) C:\windows\system32\Drivers\aswvmm.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00166432 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00107792 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-04-23 18:48 - 2015-10-22 17:19 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-04-23 08:45 - 2015-10-25 23:06 - 00101152 _____ (Kings Information & Network) C:\windows\system32\kck64.sys
2016-04-22 13:41 - 2015-10-25 23:06 - 00001451 _____ C:\windows\system32\Drivers\etc\hosts_tmp
2016-04-21 14:48 - 2015-12-10 11:22 - 00207160 _____ (AhnLab, Inc.) C:\windows\system32\Drivers\mkd3kfnt.sys
2016-04-21 14:48 - 2015-12-10 11:22 - 00148344 _____ (AhnLab, Inc.) C:\windows\system32\Drivers\mkd2nadr.sys
2016-04-21 11:50 - 2016-01-20 14:24 - 00097856 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-21 11:50 - 2015-10-24 11:48 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2016-04-21 11:50 - 2015-10-24 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-21 11:50 - 2015-10-24 11:48 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-17 17:49 - 2009-07-14 14:08 - 00032602 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-04-14 16:55 - 2009-07-14 12:20 - 00000000 ____D C:\windows\rescache
2016-04-14 10:54 - 2013-07-29 09:58 - 00000000 ____D C:\Users\user\Desktop\PassThrought
2016-04-13 22:49 - 2015-10-22 22:50 - 00000000 ____D C:\windows\system32\appraiser
2016-04-13 22:49 - 2009-07-14 13:45 - 05284200 _____ C:\windows\system32\FNTCACHE.DAT
2016-04-13 19:47 - 2015-10-22 22:45 - 00000000 ____D C:\windows\system32\MRT
2016-04-13 19:43 - 2015-10-22 22:45 - 135176864 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-04-12 16:05 - 2015-10-22 17:38 - 00000000 ____D C:\Program Files\Honeyview
2016-04-12 10:51 - 2009-07-14 14:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2016-04-11 21:25 - 2016-01-18 22:52 - 00001253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\네이버 미디어 플레이어.lnk
2016-04-11 21:25 - 2016-01-18 22:52 - 00001247 _____ C:\Users\Public\Desktop\네이버 미디어 플레이어.lnk
2016-04-11 21:25 - 2015-10-23 11:08 - 00000000 ____D C:\Users\user\AppData\Roaming\AIMP3
2016-04-11 21:16 - 2009-07-14 13:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-11 12:51 - 2015-10-25 12:48 - 00000600 _____ C:\Users\user\PUTTY.RND
2016-04-08 15:03 - 2015-10-22 15:43 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 15:03 - 2015-10-22 15:43 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 15:03 - 2015-10-22 15:43 - 00003560 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-04-08 11:48 - 2016-03-23 09:09 - 00003800 _____ C:\windows\system32\Drivers\fvstore.dat
2016-04-08 11:17 - 2015-10-24 10:34 - 00001947 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2016-04-07 10:57 - 2015-11-14 19:16 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-04-07 10:57 - 2009-07-14 12:20 - 00000000 ____D C:\windows\system32\NDF
2016-04-06 21:19 - 2015-08-05 01:31 - 00116248 _____ (COMODO) C:\windows\system32\Drivers\inspect.sys
2016-04-06 21:19 - 2015-08-05 01:31 - 00056464 _____ (COMODO) C:\windows\system32\Drivers\cmdhlp.sys
2016-04-06 21:18 - 2015-08-05 01:31 - 00823848 _____ (COMODO) C:\windows\system32\Drivers\cmdguard.sys
2016-04-06 21:18 - 2015-08-05 01:31 - 00031648 _____ (COMODO) C:\windows\system32\Drivers\cmderd.sys
2016-04-06 21:17 - 2015-08-05 01:29 - 00051800 _____ (COMODO) C:\windows\system32\cmdcsr.dll
2016-04-06 21:16 - 2015-09-03 12:52 - 00596232 _____ (COMODO) C:\windows\system32\guard64.dll
2016-04-06 21:16 - 2015-09-03 12:52 - 00461648 _____ (COMODO) C:\windows\SysWOW64\guard32.dll
2016-04-06 21:14 - 2015-08-05 01:28 - 00365752 _____ (COMODO) C:\windows\system32\cmdvrt64.dll
2016-04-06 21:14 - 2015-08-05 01:28 - 00051896 _____ (COMODO) C:\windows\system32\cmdkbd64.dll
2016-04-06 21:12 - 2015-08-05 01:27 - 00296120 _____ (COMODO) C:\windows\SysWOW64\cmdvrt32.dll
2016-04-06 21:11 - 2015-08-05 01:26 - 00046776 _____ (COMODO) C:\windows\SysWOW64\cmdkbd32.dll
2016-04-06 09:53 - 2015-09-25 14:41 - 00038472 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\noskp64.sys
2016-04-06 09:53 - 2015-09-25 14:40 - 00034056 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\noskp.sys
2016-04-06 09:53 - 2015-09-14 20:03 - 00047296 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\nosku64.sys
2016-04-06 09:53 - 2015-09-14 20:03 - 00045832 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\nosku.sys
2016-04-06 09:53 - 2015-08-13 18:05 - 00049128 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\noska.sys

==================== Files in the root of some directories =======

2015-11-05 15:28 - 2016-02-03 16:42 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-02-08 18:13 - 2016-02-08 18:13 - 0001298 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-10-22 15:40 - 2015-10-22 15:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe
[2015-10-22 20:59] - [2015-12-09 19:53] - 0389632 ____A (Microsoft Corporation) 87A00ED70FEC36D0DD968E5058C29AA1

C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll
[2015-12-09 17:23] - [2010-08-06 13:52] - 1008640 ____A (Microsoft Corporation) F78E7BD7ADC829D9DD92C558180E09DB

C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 16:15

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by user (2016-04-28 09:40:54)
Running from C:\Users\user\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-10-22 06:35:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2207781790-2766300111-2274446720-500 - Administrator - Disabled)
Guest (S-1-5-21-2207781790-2766300111-2274446720-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2207781790-2766300111-2274446720-1002 - Limited - Enabled)
user (S-1-5-21-2207781790-2766300111-2274446720-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DP Chip v16.01 (HKLM-x32\...\3DP Chip) (Version: v16.01 - 3DP)
Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6597 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader 9 - Korean (HKLM-x32\...\{AC76BA86-7AD7-1042-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Agarest - Generations of War 2 (HKLM-x32\...\1438083997_is1) (Version: 2.0.0.1 - GOG.com)
AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version: - AhnLab, Inc)
AhnLab Safe Transaction (HKLM\...\{19DD1D8D-927F-45DF-ADF4-75D38267848D}) (Version: 1.3.4.393 - AhnLab, Inc.)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1503, 26.09.2015 - AIMP DevTeam)
AnySign4PC 1.1.0.4 (HKLM-x32\...\AnySign4PC) (Version: 1.1.0.4 - SoftForum Co., Ltd.)
ArtMoney SE v7.44.1 (HKLM-x32\...\ArtMoney SE_is1) (Version: 7.44 - System SoftLab)
Autodesk Backburner 2013.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2013.0.0 - Autodesk, Inc.)
Autodesk DirectConnect 2013 64-bit (HKLM\...\Autodesk DirectConnect 2013 64-bit) (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 64-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit) (Version: - Autodesk)
Autodesk MatchMover 2013 64-bit (HKLM\...\{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}) (Version: 14.00.0000 - Autodesk)
Autodesk Maya 2013 64-bit (HKLM\...\Autodesk Maya 2013 64-bit) (Version: 15.0.0.0 - Autodesk)
Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2261 - AVAST Software)
Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.87 - Google Inc.)
Combined Community Codec Pack 2015-10-18 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2015.10.19.0 - CCCP Project)
COMODO Firewall (HKLM\...\{38F898C8-272F-455F-9BD6-71FEBA3E4AF5}) (Version: 8.2.0.4703 - COMODO Security Solutions Inc.)
Composite 2013 64-bit (HKLM\...\{2F808931-D235-4FC7-90CD-F8A890C97B2F}) (Version: 8.0.0 - Autodesk)
eISP 1.0 (HKLM-x32\...\eISP) (Version: 1.0 - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
headus UVLayout v2 Professional (HKLM-x32\...\{A1086DA0-903E-4DEA-A83F-6317923CC63D}) (Version: 2.08.00 - headus)
INISAFE MoaSign S v1.0 (HKLM-x32\...\INISAFE MoaSign S) (Version: 1.0.43 - INITECH, Inc.)
INISAFE SandBox 1.0 (HKLM-x32\...\INISAFE SandBox) (Version: 1.0 - Initech, Inc.)
INISAFE Web EX Client (HKLM-x32\...\UnINISafeWebEX) (Version: 1.0.0.1 - Initech, Inc.)
Innorix File Transfer Solution(G) (HKLM-x32\...\Innorix File Transfer Solution(G)) (Version: 7.2.0.579 - INNORIX)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.8 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
IPinside Non-p Agent (HKLM-x32\...\IPinside Non-p Agent) (Version: 2.0.0.2 - interezen)
ipTIME Wizard (HKLM-x32\...\ipTIMEHelper) (Version: - )
ipTIME 업그레이드 알리미 (HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\ipTIME_Upgrade_Notification) (Version: - )
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
KOS - Kings Online Security (HKLM-x32\...\KOS) (Version: 1.0.0.3 - Kings Information & Network Co., Ltd.)
LOOT version 0.8.1 (HKLM-x32\...\{BF634210-A0D4-443F-A657-0DCE38040374}_is1) (Version: 0.8.1 - LOOT Team)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MAWS_MMASJ - 증명서 발급 시스템 (HKLM-x32\...\MAWS_MMASJ - 증명서 발급 시스템) (Version: v2.5 - MarkAny Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2(한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime(x64) 언어 팩 - 한국어 (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - KOR) (Version: 10.0.50903 - Microsoft Corporation)
MPEG2코덱(libmpeg2/mad) (HKLM-x32\...\MPEG2코덱(libmpeg2/mad)) (Version: - )
nProtect KeyCrypt V6.0 (HKLM-x32\...\npkfx) (Version: 6.0 - INCA Internet Co., Ltd.)
nProtect Online Security V1.0(PFS) (HKLM-x32\...\nProtect Online Security V1.0(PFS)) (Version: 2015.10.08.1 - INCA Internet Co., Ltd.)
NTSMagicLineMBX (HKLM-x32\...\NTSMagicLineMBX) (Version: 1.0.10.12 - Dreamsecurity Inc.)
Nuke 6.2v1 (HKLM\...\Nuke 6.2v1_is1) (Version: - The Foundry)
NVIDIA 3D Vision 드라이버 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.50 - NVIDIA Corporation)
NVIDIA 3D Vision 컨트롤러 드라이버 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA HD 오디오 드라이버 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX 시스템 소프트웨어 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA 그래픽 드라이버 358.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.50 - NVIDIA Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Python 2.7 comtypes-0.6.2 (HKLM-x32\...\comtypes-py2.7) (Version: - )
Python 2.7 pywin32-218 (HKLM-x32\...\pywin32-py2.7) (Version: - )
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
qBittorrent 2.4.11 (HKLM-x32\...\{73262004-8473-4672-8558-0AA4277E0287}_is1) (Version: 2.4.11 - qBittorrent)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.)
Rexpert30 Viewer 1,0,0,404 (HKLM-x32\...\Rexpert30 Viewer) (Version: 1,0,0,404 - ClipSoft)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15113.12 - Samsung Electronics Co., Ltd.) Hidden
The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version: - Bethesda Softworks)
TouchEn key with E2E for 32bit (HKLM-x32\...\TouchEn_key) (Version: - RaonSecure Co., Ltd.)
TouchEn nxKey with E2E for 32bit (HKLM-x32\...\TouchEn nxKey) (Version: 1.0.0.28 - RaonSecure Co., Ltd.)
UltraISO Premium V9.32 (HKLM-x32\...\UltraISO_is1) (Version: - )
VapshionCut (HKLM-x32\...\VapshionCut) (Version: 1.0 - UNKNOWN)
VapshionCut (x32 Version: 1.0 - UNKNOWN) Hidden
Veraport(보안모듈 관리 프로그램) G3 - 3,0,3,6 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 3,0,3,6 - Wizvera)
WinRAR 압축기 (HKLM\...\WinRAR archiver) (Version: - )
WIZVERA Process Manager 1,0,1,5 (HKLM-x32\...\{8941A397-4065-4F41-92CE-0EB610846EED}_is1) (Version: 1,0,1,5 - WIZVERA)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.6 - Wrye & Wrye Bash Development Team)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM-x32\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
XecureWeb UnifiedPlugin (HKLM-x32\...\XecureWeb UnifiedPlugin) (Version: 1.0.6.12 - SoftForum Co., Ltd.)
꿀뷰 (HKLM\...\Honeyview) (Version: 5.17 - 반디소프트)
네이버 미디어 플레이어 (HKLM-x32\...\NaverMediaPlayer) (Version: 1.6.1.0 - NAVER Corp. )
네이버 업데이터 (HKLM-x32\...\NaverUpdater) (Version: 1.0.2.30 - NAVER Corp.)
반디집 (HKLM\...\Bandizip) (Version: 5.13 - 반디소프트)
우리은행 보안 로그 수집기 (HKLM-x32\...\우리은행 보안 로그 수집기 ) (Version: 1.0.1 - 우리은행)
한컴오피스 한글 2010 (HKLM-x32\...\Haansoft HWord 80 Korean) (Version: 8.0.1 - Hancom)
한컴오피스 한글 2010 (x32 Version: 8.0.1 - hancom) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)
CustomCLSID: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {049A94BC-E191-4CED-B2D8-D59DAA06EF71} - System32\Tasks\SafeZone scheduled Autoupdate 1458725500 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {240C3D08-7A50-41CB-ACF4-82F0E76826F7} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-08] (COMODO)
Task: {2F626FFB-2902-493F-8C11-3389040E76B3} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-08] (COMODO)
Task: {4ABBFE72-C8DF-44D0-99B9-43A96D02742A} - System32\Tasks\{4EBD9C8C-51F9-459D-B1AE-A76C4C7FD97B} => pcalua.exe -a "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1IFHWKH\jre-8u65-windows-i586.exe" -d C:\Users\user\Desktop
Task: {576A3CF9-DD44-4D1B-B815-AC8FFEACC3E7} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()
Task: {61B36435-EF31-4067-BD5E-6FD3A33B3268} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-22] (Google Inc)
Task: {8F54D7C8-B9E8-4735-AECE-6D9EDAE3BFB0} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-08] (COMODO)
Task: {9B923B4A-1344-41A4-8095-3D28E90E2C30} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {9C10B691-12E2-4F87-A569-88332CEB11D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-22] (Google Inc)
Task: {CBDCE6E2-BBD3-4EE3-AF76-CE1173AFC404} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-23] (AVAST Software)
Task: {E57732F1-3DEC-43AE-87CD-42565596ABC0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-28 11:19 - 2015-10-03 11:49 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-10-22 15:40 - 2013-05-07 16:45 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-11-15 12:49 - 2015-11-15 12:49 - 00371232 _____ () C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
2016-04-23 18:48 - 2016-04-23 18:48 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-23 18:48 - 2016-04-23 18:48 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-27 17:53 - 2016-04-27 17:53 - 02891264 _____ () C:\Program Files\AVAST Software\Avast\defs\16042700\algo.dll
2016-04-28 09:32 - 2016-04-28 09:32 - 02891264 _____ () C:\Program Files\AVAST Software\Avast\defs\16042704\algo.dll
2016-04-23 18:48 - 2016-04-23 18:48 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-11-26 13:30 - 2015-11-26 13:30 - 00121152 _____ () C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\xwm_smartcard.dll
2015-08-25 18:38 - 2015-08-25 18:38 - 00014336 _____ () C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\KEBSFSC_WR.dll
2015-08-25 18:39 - 2015-08-25 18:39 - 00143360 _____ () C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\NSLDAP32V50.dll
2015-12-28 11:19 - 2015-10-03 14:06 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-22 15:40 - 2016-04-28 09:32 - 00036496 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-10-22 15:40 - 2013-05-07 16:45 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2011-01-17 19:56 - 2011-01-17 19:56 - 11158480 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
2015-12-10 16:17 - 2015-12-10 16:17 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-26 13:30 - 2015-11-26 13:30 - 00121152 _____ () C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\xwm_smartcard.dll
2015-08-25 18:38 - 2015-08-25 18:38 - 00014336 _____ () C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\KEBSFSC_WR.dll
2015-08-25 18:39 - 2015-08-25 18:39 - 00143360 _____ () C:\Program Files (x86)\Softforum\XecureWeb\AnySign\dll\NSLDAP32V50.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\windows\avastSS.scr:$CmdTcID [43]
AlternateDataStreams: C:\windows\explorer.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\ImageSAFERSvc.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\INISandBoxMonitor.10034.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\INISandBoxMonitor.10035.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\uninstallkdf8.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\acmigration.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\AcpiServiceVnA64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\adtschema.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\aeinv.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\aepic.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\AERTAC64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\AERTAR64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\apisetschema.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\appraiser.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\atmlib.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\audioLibVc.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\authui.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\btscan.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\catsrvut.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\CKAgent.dat:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\CKAgent.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\CKAgentNXE.dat:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\CKAgentNXE.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\COLORCNV.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\CompatTelRunner.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\comsvcs.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\CPFilters.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\CX64APO.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\dciman32.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DDPA64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DDPA64F3.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DDPD64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DDPD64AF3.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DDPO64A.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DDPO64AF3.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DDPP64A.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DDPP64AF3.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\devenum.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\devinv.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DolbyDAX2APOProp.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DolbyDAX2APOv201.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DolbyDAX2APOv211.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\DTSBoostDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSGFXAPO64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSGFXAPONS64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DTSLFXAPO64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DTSLimiterDLL64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\DTSNeoPCDLL64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\DTSSymmetryDLL64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\DTSU2PGFX64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSU2PLFX64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSU2PREC64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\dxmasf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\dxtmsft.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\dxtrans.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\els.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\EncDec.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\evr.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ExplorerFrame.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\fixmapi.exe:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\FMAPO64.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\fontsub.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\FsExService64.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\fveapi.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\fveapibase.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\gdi32.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\generaltel.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\HiFiDAX2API.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\icaapi.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ICEsoundAPO64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ie4uinit.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ieapfltr.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\iedkcs32.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\ieetwcollector.exe:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\ieetwcollectorres.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ieetwproxystub.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ieframe.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\iernonce.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\iertutil.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\iesetup.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ieui.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\ieUnatt.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ImageSAFERMessage.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ImageSAFERRecovery.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\ImageSAFERStart_X64.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\ImageSAFERStart_X86.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\inetcpl.cpl:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\inseng.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\IntelSSTAPO.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\IntelSstCApoPropPage.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\invagent.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\jscript.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\jscript9.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\jscript9diag.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\jsproxy.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\KAAPORT64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\ksproxy.ax:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\ksuser.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\lpk.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO20.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO30.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO4064.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO5064.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO6064.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPO7064.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\MaxxAudioAPOShell64.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\MaxxAudioEQ64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MaxxAudioRealtek64.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\MaxxSpeechAPO64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MaxxVoiceAPO2064.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\MaxxVoiceAPO3064.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MaxxVoiceAPO4064.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\MaxxVolumeSDAPO.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\mcmde.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\mf.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\mferror.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\mfplat.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\mfpmp.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\mfps.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\mfvdsp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MFWMAAEC.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MISS_APO.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MP3DMOD.DLL:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\MP43DECD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MP4SDECD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MPG4DECD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\MpSigStub.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\msaudite.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\msdxm.ocx:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\msfeeds.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\mshtml.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MshtmlDac.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\mshtmled.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\mshtmlmedia.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\msmpeg2adec.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\MSMPEG2ENC.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\msmpeg2vdec.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\msobjs.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\msrating.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\MsRdpWebAccess.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\mstsc.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\mstscax.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\NAHIMICAPOlfx.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\NahimicAPONSControl.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\NAHIMICV2apo.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\nvapi64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvaudcap64v.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvcuda.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvcuvid.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\nvd3dumx.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\nvdispco6435850.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\nvdispco6435891.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\nvdispco6435906.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvdispco6436143.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\nvdispgenco6435850.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvdispgenco6435891.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\nvdispgenco6435906.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvdispgenco6436143.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\nvEncodeAPI64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\NvFBC64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvhdagenco6420103.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvhdap64.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\NvIFR64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\NvIFROpenGL.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvinitx.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvoglshim64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvoglv64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvopencl.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\nvumdshimx.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\nvvsvc.exe:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\nvwgf2umx.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\occache.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\OpenCL.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\qasf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\qdvd.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\qedit.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\quartz.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\R4EEA64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\R4EED64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\R4EEG64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\R4EEL64A.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\R4EEP64A.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\RCoInstII64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\rdpendp_winip.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\rdvidcrl.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RESAMPLEDMO.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RltkAPO64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\RP3DAA64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RP3DHT64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\rrinstaller.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RTCOM64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\RtDataProc64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RTEED64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RTEEG64A.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RTEEL64A.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RTEEP64A.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RtkApi64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\RtkCfg64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RtkCoLDR64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RtlCPAPI64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\RtPgEx64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\RTSnMg64.cpl:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\samlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\samsrv.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\SEAPO64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\seclogon.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SECOMN64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\SEHDRA64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\SFAPO64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SFCOM64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SFNHK64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SFSS_APO.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\shell32.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\sl3apo64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\slcnt64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\slprp64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\sltech64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\spwmp.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\SRAPO64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SRCOM.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SRCOM64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\SRRPTR64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SRSHP64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SRSTSH64.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\system32\SRSTSX64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\SRSWOW64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\SysFxUI.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\tadefxapo.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tadefxapo264.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tbs.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\tepeqapo64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tosade.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\tosasfapo64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\toseaeapo64.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tossaeapo64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\tossaemaxapo64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\tsgqec.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\TSWbPrxy.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\tzres.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\urlmon.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\vbscript.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\VIDRESZR.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\WavesGUILib64.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WdfCoInstaller01009.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\webcheck.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\wininet.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\winlogon.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\wksprt.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\wksprtPS.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\system32\WMADMOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMADMOE.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMALFXGFXDSP.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\wmp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\wmploc.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\wmpmde.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMSPDMOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMSPDMOE.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\WMVDECOD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\WMVENCOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMVSDECD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WMVSENCD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\WMVXENCD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WpdMtp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\WpdMtpUS.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\wshrm.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\YamahaAE.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\YamahaAE2.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\adtschema.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\apisetschema.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\atmfd.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\atmlib.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\auditpol.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\authui.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\catsrvut.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\CKAgent.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\CKAgentNXE.dat:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\CKAgentNXE.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\CKSetup32.exe:$CmdTcID [46]
AlternateDataStreams: C:\windows\SysWOW64\COLORCNV.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\comsvcs.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\CPFilters.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\dciman32.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\devenum.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\dxmasf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\dxtmsft.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\dxtrans.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\els.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\EncDec.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\evr.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\explorer.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\fixmapi.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\fontsub.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\FsExService64.Exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\gdi32.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\ieapfltr.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\iedkcs32.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ieframe.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\iernonce.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\iertutil.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\iesetup.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\ieui.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\ieUnatt.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ImageSAFERMessage.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\ImageSAFERRecovery.exe:$CmdTcID [46]
AlternateDataStreams: C:\windows\SysWOW64\inetcpl.cpl:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\INICRYPTOSDK.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\inseng.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\instnm.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\jscript.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\jscript9.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\jscript9diag.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\jsproxy.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\kck86.sys:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\kck86s.sys:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\kcu86.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\ksproxy.ax:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\ksuser.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\lpk.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mapi32.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mapistub.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\MASetupCleaner.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\mf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\mferror.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mfplat.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mfpmp.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\mfps.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mfvdsp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\MP43DECD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\msaudite.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\msdxm.ocx:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\msfeeds.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\mshtml.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\MshtmlDac.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\mshtmled.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\msobjs.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\msrating.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\mstsc.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\mstscax.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\muzapp.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfx.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxa.sys:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxcv.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxe64.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfxes.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxexp.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxext.ocx:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxjv.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfxmi.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxmp.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxne.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfxpa.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxrsen.dll:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxrskr.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxsdk.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\npkfxsvc.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\npkfxtr.exe:$CmdTcID [40]
AlternateDataStreams: C:\windows\SysWOW64\npkfxup.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxupd.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\npkfxust.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\npkfxx.ocx:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvapi.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvaudcap32v.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvcompiler.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvcuda.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvcuvid.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvd3dum.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvEncodeAPI.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\NvFBC.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\NvIFR.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvinit.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvISWOW64.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\nvoglshim32.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\nvoglv32.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\nvopencl.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\nvPhotoshopUtil.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\nvStreaming.exe:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\nvumdshim.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\nvwgf2um.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\occache.dll:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\OpenCL.dll:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\qasf.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\qdvd.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\qedit.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\quartz.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\rdpendp_winip.dll:$CmdTcID [46]
AlternateDataStreams: C:\windows\SysWOW64\rdvidcrl.dll:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\RltkAPO.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\rrinstaller.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\samlib.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\SCSKLoader.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\SECOMN32.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\setup16.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\SFCOM.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\shell32.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\spwmp.dll:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\SRCOM.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\tbs.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\TDepend.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\TDepend64.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\tknetcfg.exe:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\tknetcfg64.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\tsgqec.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\TUCtlMng.exe:$CmdTcID [130]
AlternateDataStreams: C:\windows\SysWOW64\TUCTLSystem.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\tzres.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\uninst_MAWS_MMASJ.exe:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\urlmon.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\user.exe:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\vbscript.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\webcheck.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\wininet.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\winver.exe:$CmdTcID [45]
AlternateDataStreams: C:\windows\SysWOW64\wksprtPS.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\WMADMOE.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\wmp.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\wmploc.DLL:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\wmpmde.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [41]
AlternateDataStreams: C:\windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [42]
AlternateDataStreams: C:\windows\SysWOW64\wow32.dll:$CmdTcID [43]
AlternateDataStreams: C:\windows\SysWOW64\wshrm.dll:$CmdTcID [44]
AlternateDataStreams: C:\windows\SysWOW64\XPayExtension.exe:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\Drivers\drmk.sys:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\Drivers\drmkaud.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\iusb3hcs.sys:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\Drivers\iusb3hub.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\iusb3xhc.sys:$CmdTcID [41]
AlternateDataStreams: C:\windows\system32\Drivers\mbam.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\mwac.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\nvhda64v.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\nvlddmkm.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\nvvad64v.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\portcls.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\RTKVHD64.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\ssudbus.sys:$CmdTcID [42]
AlternateDataStreams: C:\windows\system32\Drivers\ssudmdm.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\terminpt.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\tssecsrv.sys:$CmdTcID [44]
AlternateDataStreams: C:\windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID [43]
AlternateDataStreams: C:\windows\system32\Drivers\TsUsbGD.sys:$CmdTcID [45]
AlternateDataStreams: C:\windows\system32\Drivers\winusb.sys:$CmdTcID [44]
AlternateDataStreams: C:\Program Files\Common Files\System:BSf4lYkfRPryHxt26PTRG4lAJelg [2082]
AlternateDataStreams: C:\ProgramData\Microsoft:0I6ihMVHWEJMwBokIcCb [2130]
AlternateDataStreams: C:\ProgramData\Microsoft:13eAKNOiTRuxOdaLHa4PNTgq [2402]
AlternateDataStreams: C:\ProgramData\Microsoft:7Ui8pQoAlWDkJY1tGX [2052]
AlternateDataStreams: C:\Users\user\Desktop\adwcleaner_5.113.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Desktop\adwcleaner_5.113.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Desktop\ComboFix.exe:$CmdTcID [45]
AlternateDataStreams: C:\Users\user\Desktop\ComboFix.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Desktop\JRT.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Desktop\JRT.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Desktop\RogueKiller.exe:$CmdTcID [46]
AlternateDataStreams: C:\Users\user\Desktop\RogueKiller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\358.50-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID [43]
AlternateDataStreams: C:\Users\user\Downloads\359.06-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\user\Downloads\359.06-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql (1).exe:$CmdTcID [43]
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql (1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Downloads\361.43-desktop-win8-win7-winvista-64bit-international-whql.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1511.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1511.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1601.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\user\Downloads\3DP_Chip_v1601.exe.vqhlv62.partial:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\AMDA00_(764_14472348)_by3DP.exe:$CmdTcID [43]
AlternateDataStreams: C:\Users\user\Downloads\AMDA00_(764_14472348)_by3DP.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\ipTIME_Wizard_ver_2_60.exe:$CmdTcID [130]
AlternateDataStreams: C:\Users\user\Downloads\ipTIME_Wizard_ver_2_60.exe.7slorg6.partial:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe:$CmdTcID [46]
AlternateDataStreams: C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\Realtek_HD_(v78_6017647)_by3DP.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Downloads\Realtek_HD_(v78_6017647)_by3DP.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip:$CmdTcID [43]
AlternateDataStreams: C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.53.0.exe:$CmdTcID [44]
AlternateDataStreams: C:\Users\user\Downloads\정문석(820623)-2015년도자료.pdf:$CmdTcID [45]
AlternateDataStreams: C:\Users\user\Downloads\정문석(820623)-2015년도자료.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\user\AppData\Local\Temp:8GAbOwzMl9ir2g2Rd9gDW3esQS [1976]
AlternateDataStreams: C:\Users\user\AppData\Local\Temporary Internet Files:aeGHh1xfWE2Y9FVvwQPB [2130]
AlternateDataStreams: C:\Users\user\Documents\이력서.DOC:$CmdZnID [26]
 
==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\dacom.net -> dacom.net
IE trusted site: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\lgdacom.net -> lgdacom.net
IE trusted site: HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\...\uplus.co.kr -> uplus.co.kr

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 11:34 - 2016-04-27 19:01 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2207781790-2766300111-2274446720-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 210.220.163.82 - 219.250.36.130
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3695B223-12A7-4B09-85EA-C8C4D8586212}] => (Allow) c:\program files\estsoft\alyac\ayupdsrv.aye
FirewallRules: [{E6F8A274-687C-47AB-8110-0F8B14958ED4}] => (Allow) c:\program files\estsoft\alyac\ayupdsrv.aye
FirewallRules: [TCP Query User{AC577563-10D0-40D7-81ED-3C14AA9E1636}C:\users\user\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{E81A7F6C-D3CE-4FD7-B5B7-E650D97B8A7A}C:\users\user\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{34E9F6F1-F843-461A-9A30-97815D96C232}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{39BA916F-9988-41C3-B52F-8193EDF5C26E}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{B4C0DEAA-78AD-4404-96C6-71093E9F14B8}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F420F28B-FDC4-46E4-B29F-6F56160994D5}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4877199F-8B28-4DE9-B140-02BBEDDB95B6}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{0644085A-D44D-4F0B-92C4-43140149F047}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{21888B48-7349-406A-9072-7B45094DA55B}] => (Allow) LPort=7935
FirewallRules: [{88DDE670-2CED-42A6-847A-35812EBBE485}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{8F81D7F2-13D9-4120-99E3-9E126FC1AE0B}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{E1806290-9E5D-480E-B2A8-556B6D7CF6A1}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{6B2D349B-3CC2-4849-8EE6-082BFF7DFA83}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{7605097B-5C0F-4B0E-8CB9-307807385699}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{9898047C-7D36-4A8B-A18D-E14E36B85F23}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{17D52D07-475D-4E3C-B7C8-CE11CCE032E1}] => (Allow) C:\Program Files\AhnLab\Safe Transaction\StSess.exe
FirewallRules: [{029F772C-296D-4E4E-AEC4-B33C8C7EE5CD}] => (Allow) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
FirewallRules: [{9DEF9BB8-6E9A-44FA-A3B7-7A485EEBAC0C}] => (Allow) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
FirewallRules: [{69496BC1-DE23-4B48-A6C1-11CAF247D62B}] => (Allow) C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe
FirewallRules: [{81E00E1C-E501-40D2-AFF9-81CBADBCAF9C}] => (Allow) C:\Program Files (x86)\WooriBank\RealIp\WooriBankSecLogGather.exe
FirewallRules: [{ABD4FE81-F3D7-4691-A1CE-D537F778A14A}] => (Allow) LPort=52798
FirewallRules: [{C20349A1-5D17-44E2-8158-07F3D18B1EF8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{7F7C9017-7880-4570-B28F-188526129FAD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{7AF0090E-A984-4D12-8FE9-6B3775968BBD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{433CD8FA-DE21-4B40-A4BF-4712DF1A8A44}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B75E2ED4-5FE5-4046-A4D8-E8093C6A9F15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{09EC3A4C-817F-4A54-B2F1-B4CD129E49E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{FEB28322-6EDA-450C-BBCB-5AEEF8670355}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{147BC2A8-8898-40A7-BA7D-C2C37052C8A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2EF25F6A-4DA0-4570-919A-8EF8EF22AE14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A1B40AB8-0EE0-4757-B020-B89C926F3331}] => (Allow) C:\Program Files (x86)\INNORIX\common\innogmp7.exe
FirewallRules: [{C317B7C8-1B81-4D0E-B2F4-8B4AEF1B60B4}] => (Allow) C:\Program Files (x86)\INNORIX\common\innogmp7.exe
FirewallRules: [{43CD288C-F439-4BB4-95CC-80CB103C7FD9}] => (Allow) C:\Program Files (x86)\INNORIX\common\innosvc7.exe
FirewallRules: [{37D8CBCA-6414-423B-AD44-7E8FE0D85331}] => (Allow) C:\Program Files (x86)\INNORIX\common\innosvc7.exe
FirewallRules: [{5BA10EFD-B994-45C6-93FB-3A5C98AD384C}] => (Allow) C:\Program Files (x86)\Naver\NaverMediaPlayer\NaverAdminAPI.exe
FirewallRules: [{85EA3F4B-9C54-4D79-A3DA-B558B35B827F}] => (Allow) C:\Program Files (x86)\Naver\NaverMediaPlayer\NaverAdminAPI.exe
FirewallRules: [{D78677EA-C10D-4B81-8F6B-77EB08C03AD0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{46E8C46D-B04C-4386-B185-DDDFCECB03CB}] => (Allow) C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe
FirewallRules: [{D8425505-9C15-49B6-96ED-C5DFA89C5EC0}] => (Allow) C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe

==================== Restore Points =========================

09-04-2016 11:22:10 Windows Update
13-04-2016 16:50:37 Windows Update
13-04-2016 19:40:45 Windows Update
20-04-2016 11:51:19 Windows Update
26-04-2016 17:59:14 Windows Update
26-04-2016 18:55:07 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR946x Wireless Network Adapter
Description: Qualcomm Atheros AR946x Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2016 09:32:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2016 08:41:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2016 07:25:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2016 07:01:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2016 06:22:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2016 05:53:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2016 07:12:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: npkfxsvc.exe, 버전: 2014.4.29.1, 타임스탬프: 0x535f3e5d
오류 있는 모듈 이름: npkfxsvc.exe, 버전: 2014.4.29.1, 타임스탬프: 0x535f3e5d
예외 코드: 0xc0000005
오류 오프셋: 0x00011b41
오류 있는 프로세스 ID: 0x12e8
오류 있는 응용 프로그램 시작 시간: 0xnpkfxsvc.exe0
오류 있는 응용 프로그램 경로: npkfxsvc.exe1
오류 있는 모듈 경로: npkfxsvc.exe2
보고서 ID: npkfxsvc.exe3

Error: (04/26/2016 07:11:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2016 06:52:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2016 06:43:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
System errors:
=============
Error: (04/28/2016 09:32:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: 응용 프로그램별로컬시작{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost(LRPC 사용)

Error: (04/28/2016 09:32:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: 응용 프로그램별로컬시작{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost(LRPC 사용)

Error: (04/27/2016 08:41:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: 응용 프로그램별로컬시작{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost(LRPC 사용)

Error: (04/27/2016 08:41:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: 응용 프로그램별로컬시작{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost(LRPC 사용)

Error: (04/27/2016 07:25:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: 응용 프로그램별로컬시작{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost(LRPC 사용)

Error: (04/27/2016 07:25:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: 응용 프로그램별로컬시작{22279AF5-03AE-4CAF-989D-2530918B2F1C}{0773CCD6-59A2-4D26-B235-19247767E645}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost(LRPC 사용)

Error: (04/27/2016 06:55:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart 서비스가 대화식 서비스로 표시되어 있습니다. 그러나 시스템이 대화식 서비스를 허용하지 않습니다. 이 서비스가 제대로 작동하지 않을 수도 있습니다.

Error: (04/27/2016 06:55:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart 서비스가 대화식 서비스로 표시되어 있습니다. 그러나 시스템이 대화식 서비스를 허용하지 않습니다. 이 서비스가 제대로 작동하지 않을 수도 있습니다.

Error: (04/27/2016 06:52:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다.
%%5

Error: (04/27/2016 06:49:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: 이 시스템과 호환되지 않아 \??\C:\ComboFix\catchme.sys이(가) 차단되어 로드할 수 없습니다. 소프트웨어 공급업체에 호환되는 드라이버 버전을 문의하십시오.


CodeIntegrity:
===================================
Date: 2016-04-27 18:49:45.585
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-04-27 18:49:45.554
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-09 19:40:08.886
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 19:29:17.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 19:28:30.947
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 19:25:40.000
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 19:17:20.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 19:11:48.725
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 18:42:51.624
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-09 18:21:10.543
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 14%
Total physical RAM: 16321.69 MB
Available physical RAM: 13879.55 MB
Total Virtual: 32641.56 MB
Available Virtual: 30078.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.94 GB) (Free:351.57 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:465.76 GB) (Free:4.89 GB) NTFS
Drive e: () (Fixed) (Total:465.76 GB) (Free:16 GB) NTFS
Drive f: () (Fixed) (Total:465.75 GB) (Free:12.98 GB) NTFS
Drive g: () (Fixed) (Total:298.09 GB) (Free:12.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C67C912F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 7E6A949C)
Partition 1: (Active) - (Size=476.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A644CBDA)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FCC0FCC0)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    42.8 KB · Views: 1
Back