Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
5 replies to this topic

#1 Qsong

Qsong

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 18 October 2015 - 07:15 PM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 오전 12:58:55, on 2015-10-19
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Users\Kyu Hyun Song\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
C:\Users\Kyu Hyun Song\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
C:\Users\Kyu Hyun Song\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
C:\Users\Kyu Hyun Song\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe
C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
D:\바탕화면\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: 확장검색서비스 - {A14EAA16-CA35-4666-845A-DC084DCDF356} - C:\Program Files (x86)\GRETECH\GomHelper\GomHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [ALToolBar] "C:\Program Files (x86)\ESTsoft\ALToolBar\AtbHelper.exe" -boot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HncUpdate90] C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [ProcessClean] "C:\Program Files (x86)\ProcessClean\ProcessClean.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Kyu Hyun Song\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Kyu Hyun Song\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [HP Officejet 7500 E910 (NET)] "C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe" -deviceID "MY163210FR05P4:NW" -scfn "HP Officejet 7500 E910 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [KakaoTalk] "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Kyu Hyun Song\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [XIGUA] C:\Program Files (x86)\xigua\2.12.0.5\xigua.exe --windowstate=hide source=autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Kyu Hyun Song\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kyu Hyun Song\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Kyu Hyun Song\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kyu Hyun Song\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: OneNote로 보내기(&N) - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: OneNote로 보내기 - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote로 보내기(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync 통화하려면 클릭 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync 통화하려면 클릭 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote 연결된 노트(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote 연결된 노트(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} (INIwallet61 Control) - http://plugin.inicis.com/wallet61/INIwallet61_win8.cab
O16 - DPF: {57F69F6D-8610-4C61-990A-3DDFF8FA3A51} (PayplusTicket Client Control) - https://pay.kcp.co.kr/plugin/file/payplus_tk.cab
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - C:\Users\Kyu Hyun Song\Downloads\TouchEnKey_Installer_32bit_3.1.0.32.exe
O16 - DPF: {B70EA6F1-4C66-4F85-AB4D-CB3B1EB1A341} (CertClient Class) - http://img.shinhan.com/shttp/sphone/11017/INISAFECertClientv1.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11018.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ALYac RealTime Service (ALYac_RTSrv) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ALYac Update Service (ALYac_UpdSrv) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: AnySens - Unetsystem - C:\Program Files\Unetsystem\AnyClick\AnySens.exe
O23 - Service: AnyClick Service (AnySVC) - Unetsystem (www.unetsystem.co.kr) - C:\Program Files\Unetsystem\AnyClick\AnySVC.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour 서비스 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - Unknown owner - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe (file missing)
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - Unknown owner - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe (file missing)
O23 - Service: GomHelper Update Services - Gretech Corp. - C:\Program Files (x86)\GRETECH\GomHelper\GomHelperSvc.exe
O23 - Service: Google 업데이트 서비스 (gupdate) (gupdate) - Google Inc - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google 업데이트 서비스 (gupdatem) (gupdatem) - Google Inc - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem30.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (ibtsiva.exe) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service (Intel® ME Service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod 서비스 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McNeel Update Service 5.0 (McNeelUpdate) - Robert McNeel & Associates - C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
O23 - Service: mental ray Satellite for Autodesk 3ds Max 2016 64-bit (mi-raysat_3dsmax2016_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MyFirewall 4.0 Service (MyFw40Service) - AhnLab, Inc. - C:\Program Files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe
O23 - Service: N5Client Agent - DoctorSoft - C:\Program Files (x86)\NetClient5\n5agent64.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service:  HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: WDelMgr20 - Unknown owner - C:\WINDOWS\system32\drivers\WDelMgr20.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Professional Service (WTabletServicePro) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe

--
End of file - 19342 bytes



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 19 October 2015 - 08:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

p.s.
HijackThis is no longer supported and is not ready for current operating systems.
I suggest your remove it Using the Add/Remove programs applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 Qsong

Qsong
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 21 October 2015 - 02:34 AM

Hello. thank you for the reply!

 

here are the things that you said were needed.

the following are adwcleanerc1, First, Addition in order

 

 

# AdwCleaner v5.014 - Logfile created 21/10/2015 at 08:25:12
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : KyuHyun - SONGPC
# Running from : C:\Users\KyuHyun\AppData\Local\Microsoft\Windows\INetCache\IE\UK6VNCDJ\adwcleaner_5.014 (1).exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : B5TService
[-] Service Deleted : dijojyvi
[-] Service Deleted : jicubuze
[-] Service Deleted : mivezyxi

***** [ Folders ] *****

[-] Folder Deleted : C:\IQIYI Video
[-] Folder Deleted : C:\Program Files\mintcast
[-] Folder Deleted : C:\Program Files (x86)\Fast-Search
[-] Folder Deleted : C:\Program Files (x86)\35444335-1445388582-3835-484E-D0BF9C90B3EA
[-] Folder Deleted : C:\ProgramData\IQIYI Video
[-] Folder Deleted : C:\ProgramData\InstallSightSDK
[-] Folder Deleted : C:\ProgramData\B5TTmp
[-] Folder Deleted : C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
[-] Folder Deleted : C:\ProgramData\Service7609
[-] Folder Deleted : C:\Users\KyuHyun\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\KyuHyun\AppData\Local\SysassistByHotWheel
[-] Folder Deleted : C:\Users\KyuHyun\AppData\Local\B5T
[-] Folder Deleted : C:\Users\KyuHyun\AppData\Local\35444335-1445392226-3835-484E-D0BF9C90B3EA
[-] Folder Deleted : C:\Users\KyuHyun\AppData\LocalLow\B5T
[-] Folder Deleted : C:\Users\KyuHyun\AppData\Roaming\IQIYI Video
[-] Folder Deleted : C:\Users\KyuHyun\AppData\Roaming\SSN
[-] Folder Deleted : C:\Users\KyuHyun\AppData\Roaming\ppslog
[-] Folder Deleted : C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

[-] File Deleted : C:\Users\KyuHyun\AppData\Roaming\Bubble Dock.boostrap.log

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\MozillaPlugins\@iqiyi.com/npWebPlayer
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npWebPlayer
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@iqiyi.com/npclient
[-] Key Deleted : HKLM\SOFTWARE\Classes\qygameclient
[-] Key Deleted : HKLM\SOFTWARE\Classes\HCDNProxy
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\GEEPLAYER.DIR
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPLICATIONS\GEEPLAYER.EXE
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acwfp
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PPStream.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\ppsmb
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\GeePlayer.exe
[-] Key Deleted : HKCU\Software\MozillaPlugins\B5MSoft.com/Bang5TaoPlugin
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF-NOT}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{61CED8F3-2CB2-4C3C-9484-7530E1127A58}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{58D47FFF-63EF-572E-843F-E5DD6AA0005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
[!] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58D47FFF-63EF-572E-843F-E5DD6AA0005D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{260669B1-FC2C-41C0-BAA2-6EF3BB188660}
[!] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{260669B1-FC2C-41C0-BAA2-6EF3BB188660}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{58D47FFF-63EF-572E-843F-E5DD6AA0005D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4DFC-959F-233651CC4D7F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5CD76C57-6893-478A-B776-47E7C82504BE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{260669B1-FC2C-41C0-BAA2-6EF3BB188660}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{260669B1-FC2C-41C0-BAA2-6EF3BB188660}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
[-] Key Deleted : HKU\.DEFAULT\Software\B5MSoft
[-] Key Deleted : HKCU\Software\ssn
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\QyGameClient
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\PPStream
[-] Key Deleted : HKCU\Software\B5MSoft
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\LolliScan
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\Fast-Search
[-] Key Deleted : HKLM\SOFTWARE\B5TService
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Save Serp Now
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQIYI Video
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PPStream
[!] Key Not Deleted : [x64] HKCU\Software\ssn
[!] Key Not Deleted : [x64] HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[!] Key Not Deleted : [x64] HKCU\Software\QyGameClient
[!] Key Not Deleted : [x64] HKCU\Software\DAILYPCCLEAN
[!] Key Not Deleted : [x64] HKCU\Software\PPStream
[!] Key Not Deleted : [x64] HKCU\Software\B5MSoft
[!] Key Not Deleted : HKU\S-1-5-21-1407302932-3430985874-877877052-1001\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8312 bytes] ##########

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
Ran by KyuHyun (administrator) on SONGPC (21-10-2015 08:28:38)
Running from C:\Users\KyuHyun\AppData\Local\Microsoft\Windows\INetCache\IE\UK6VNCDJ
Loaded Profiles: KyuHyun (Available Profiles: KyuHyun)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ESTsoft Corp) C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye
(ESTsoft Corp) C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ESTsoft Corp) C:\Program Files\ESTsoft\ALYac\AYAgent.aye
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\KyuHyun\AppData\Local\Microsoft\Windows\INetCache\IE\UK6VNCDJ\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8506112 2015-10-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945656 2015-10-20] (Synaptics Incorporated)
HKLM\...\Run: [ALYac] => C:\Program Files\ESTsoft\ALYac\AYLaunch.exe [291136 2015-07-29] (ESTsoft Corp)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ProcessClean] => C:\Program Files (x86)\ProcessClean\ProcessClean.exe [3919632 2013-01-08] (ProcessClean)
HKU\S-1-5-21-1407302932-3430985874-877877052-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935768 2015-09-23] (SUPERAntiSpyware)
HKU\S-1-5-21-1407302932-3430985874-877877052-1001\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-05-01] (Autodesk, Inc.)
HKU\S-1-5-18\...\Run: [Safe Browsere] => C:\\Program Files (x86)\\Safe Browsing\\Safe_Browsing.exe [60416 2015-10-13] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9e8c5c5-1338-47df-af78-4ff2640249a0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.pooqoo.co.kr/
HKU\S-1-5-21-1407302932-3430985874-877877052-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.pooqoo.co.kr/
SearchScopes: HKU\S-1-5-21-1407302932-3430985874-877877052-1001 -> {00518291-D74F-43D9-A2DA-4CFB8D954A3C} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @gomtv.com/gomtvx-plugin -> C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll [2013-05-28] (Gretech Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2015-10-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2015-10-21] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1407302932-3430985874-877877052-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\KyuHyun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S3 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1136520 2015-09-07] (Autodesk Inc.)
R2 ALYac_RTSrv; C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye [540480 2015-08-11] (ESTsoft Corp)
R2 ALYac_UpdSrv; C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye [1020736 2015-09-23] (ESTsoft Corp)
S3 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
S3 InstallShield Licensing Service; C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [78536 2015-10-20] (Macrovision                                                    )
S3 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [68192 2002-02-02] (Robert McNeel & Associates) [File not signed]
S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]
S4 Process Clean Service; C:\Users\KyuHyun\Documents\ProcessClean\ProcService.exe [548632 2015-10-21] (ProcessClean)
S3 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-10-20] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-10-20] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [61968 2015-10-20] (Synaptics Incorporated)
S3 VRLService; C:\ProgramData\ASGVIS\Dongle Utilities\startvrlservice.exe [209408 2013-12-07] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 Windows Event Log Viewer; C:\WINDOWS\Win Services\winevent.exe [16896 2015-10-15] (winevent) [File not signed]
S3 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R1 EstRtwIFDrv; C:\Windows\system32\drivers\EstRtw.sys [267544 2015-09-14] (ESTsoft Corp)
S3 EstRtwIFDrvTemp; c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys [267544 2015-09-14] (ESTsoft Corp)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3506464 2015-09-16] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-10-20] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [97792 2011-09-22] (WIBU-SYSTEMS AG)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-10-20] (HP)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-21 08:27 - 2015-10-21 08:27 - 00008451 _____ C:\Users\KyuHyun\Desktop\AdwCleaner[C1].txt
2015-10-21 08:26 - 2015-10-21 08:26 - 00016148 _____ C:\WINDOWS\system32\SONGPC_KyuHyun_HistoryPrediction.bin
2015-10-21 08:24 - 2015-10-21 08:28 - 00000000 ____D C:\FRST
2015-10-21 08:23 - 2015-10-21 08:25 - 00000000 ____D C:\AdwCleaner
2015-10-21 03:11 - 2015-10-21 03:11 - 00005202 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SongPC-KyuHyun SongPC
2015-10-21 02:21 - 2015-10-21 08:26 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-21 02:21 - 2015-10-21 08:20 - 00000528 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f811ac6b-0d3b-4615-9e33-d759bbabd897.job
2015-10-21 02:21 - 2015-10-21 08:20 - 00000528 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task c1971a87-142f-4cc1-baa1-b1f383ad5788.job
2015-10-21 02:21 - 2015-10-21 02:26 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-21 02:21 - 2015-10-21 02:21 - 00003972 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-21 02:21 - 2015-10-21 02:21 - 00003754 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task c1971a87-142f-4cc1-baa1-b1f383ad5788
2015-10-21 02:21 - 2015-10-21 02:21 - 00003740 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-21 02:21 - 2015-10-21 02:21 - 00003672 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task f811ac6b-0d3b-4615-9e33-d759bbabd897
2015-10-21 02:21 - 2015-10-21 02:21 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\SUPERAntiSpyware.com
2015-10-21 02:21 - 2015-10-21 02:21 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\Google
2015-10-21 02:20 - 2015-10-21 02:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-21 02:20 - 2015-10-21 02:20 - 00001856 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-10-21 02:20 - 2015-10-21 02:20 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-10-21 02:20 - 2015-10-21 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-10-21 02:10 - 2015-10-21 08:20 - 00000000 ___HD C:\Users\KyuHyun\Documents\ProcessClean
2015-10-21 02:10 - 2015-10-21 02:10 - 00001131 _____ C:\Users\KyuHyun\Desktop\ProcessClean.lnk
2015-10-21 02:10 - 2015-10-21 02:10 - 00000167 _____ C:\Users\KyuHyun\Desktop\¿Á¼Ç.url
2015-10-21 02:10 - 2015-10-21 02:10 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProcessClean
2015-10-21 02:10 - 2015-10-21 02:10 - 00000000 ____D C:\Program Files (x86)\ProcessClean
2015-10-21 02:09 - 2015-10-21 02:09 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2015-10-21 02:09 - 2015-10-21 02:09 - 00000000 ____D C:\Program Files\Adware-Removal-Tool
2015-10-21 02:06 - 2015-10-21 02:06 - 00000000 ____D C:\Program Files (x86)\Safe Browsing
2015-10-21 02:01 - 2015-10-21 02:01 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\QyGameClient
2015-10-21 01:54 - 2015-10-21 01:55 - 00000000 ____D C:\ProgramData\LocalStorage
2015-10-21 01:54 - 2015-10-21 01:54 - 00000048 _____ C:\InstallConfig.ini
2015-10-21 01:51 - 2015-10-21 01:51 - 00000000 ____D C:\Users\KyuHyun\AppData\LocalLow\VirtualStore
2015-10-21 01:51 - 2015-10-21 01:51 - 00000000 ____D C:\Users\KyuHyun\AppData\LocalLow\Unity
2015-10-21 01:51 - 2015-10-21 01:51 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\Unity
2015-10-21 01:51 - 2015-10-21 01:51 - 00000000 ____D C:\Users\KyuHyun\.android
2015-10-21 01:50 - 2015-10-21 02:06 - 00000000 ____D C:\WINDOWS\System Data
2015-10-21 01:50 - 2015-10-21 02:06 - 00000000 ____D C:\WINDOWS\Browser Data
2015-10-21 01:50 - 2015-10-21 01:57 - 00000000 ____D C:\WINDOWS\Win Services
2015-10-21 01:50 - 2015-10-21 01:50 - 00000000 ____D C:\Users\Public\QiYi
2015-10-21 01:50 - 2015-10-21 01:50 - 00000000 ____D C:\ProgramData\System Data
2015-10-21 01:50 - 2015-10-21 01:50 - 00000000 ____D C:\ProgramData\Browser Data
2015-10-21 01:50 - 2015-10-21 01:50 - 00000000 ____D C:\Program Files (x86)\AKick
2015-10-21 01:50 - 2015-10-20 21:41 - 00001028 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-10-21 01:40 - 2015-10-21 01:40 - 00000363 _____ C:\Users\KyuHyun\Desktop\Control Panel - Shortcut.lnk
2015-10-21 01:38 - 2015-10-21 01:38 - 00002165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.lnk
2015-10-21 01:38 - 2015-10-21 01:38 - 00002153 _____ C:\Users\Public\Desktop\Lightroom 5.lnk
2015-10-21 01:37 - 2014-02-18 15:23 - 409566912 _____ (Adobe) C:\Users\KyuHyun\Desktop\setup.exe
2015-10-21 01:34 - 2015-10-21 08:19 - 00000000 ____D C:\Program Files (x86)\baidu
2015-10-21 01:33 - 2015-10-21 01:33 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\Geckofx
2015-10-21 01:30 - 2015-10-21 01:33 - 00000000 ____D C:\Users\KyuHyun\Desktop\Adobe_Acrobat_9_0_keygen_by_DBC.zip
2015-10-21 01:25 - 2015-10-21 01:25 - 00000000 ___HD C:\OneDriveTemp
2015-10-21 01:22 - 2015-10-21 01:22 - 00001877 _____ C:\Users\KyuHyun\Desktop\Setup - Shortcut.lnk
2015-10-21 01:22 - 2015-10-21 01:22 - 00000754 _____ C:\WINDOWS\KB893803v2.log
2015-10-21 01:17 - 2015-10-21 01:17 - 00002179 _____ C:\Users\Public\Desktop\GomTV.lnk
2015-10-21 01:17 - 2015-10-21 01:17 - 00001277 _____ C:\Users\Public\Desktop\GOM Player.lnk
2015-10-21 01:17 - 2015-10-21 01:17 - 00001203 _____ C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-10-21 01:17 - 2015-10-21 01:17 - 00000000 ____D C:\Users\KyuHyun\Documents\GomPlayer
2015-10-21 01:17 - 2015-10-21 01:17 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\GRETECH
2015-10-21 01:17 - 2015-10-21 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\°õTV (www.gomtv.com)
2015-10-21 01:17 - 2015-10-21 01:17 - 00000000 ____D C:\Program Files (x86)\GRETECH
2015-10-21 01:16 - 2015-10-21 01:16 - 00001223 _____ C:\ProgramData\Microsoft\Windows\Start Menu\¾ËÁý.lnk
2015-10-21 01:16 - 2015-10-21 01:16 - 00001177 _____ C:\Users\Public\Desktop\¾ËÁý.lnk
2015-10-21 01:16 - 2015-10-21 01:16 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\ECRSC
2015-10-21 01:16 - 2015-07-23 02:51 - 12336712 _____ (ESTsoft Corp.) C:\Users\KyuHyun\Desktop\ALZip966.exe
2015-10-21 01:11 - 2015-10-21 02:21 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-21 01:11 - 2015-10-21 01:11 - 00003120 _____ C:\WINDOWS\SysWOW64\ALLFSAF8a.ocx
2015-10-21 01:11 - 2015-10-21 01:11 - 00002280 _____ C:\Users\Public\Desktop\Style Builder 2.lnk
2015-10-21 01:11 - 2015-10-21 01:11 - 00002194 _____ C:\Users\Public\Desktop\LayOut 3.lnk
2015-10-21 01:11 - 2015-10-21 01:11 - 00002105 _____ C:\Users\Public\Desktop\Google SketchUp 8.lnk
2015-10-21 01:11 - 2015-10-21 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
2015-10-21 01:11 - 2015-10-21 01:11 - 00000000 ____D C:\ProgramData\Google
2015-10-21 01:09 - 2015-10-21 01:09 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-21 01:07 - 2015-10-21 01:07 - 00001703 _____ C:\Users\KyuHyun\Desktop\POWERPNT - Shortcut.lnk
2015-10-21 01:07 - 2015-10-21 01:07 - 00001692 _____ C:\Users\KyuHyun\Desktop\WINWORD - Shortcut.lnk
2015-10-21 01:07 - 2015-10-21 01:07 - 00001692 _____ C:\Users\KyuHyun\Desktop\OUTLOOK - Shortcut.lnk
2015-10-21 01:07 - 2015-10-21 01:07 - 00001672 _____ C:\Users\KyuHyun\Desktop\EXCEL - Shortcut.lnk
2015-10-21 01:04 - 2015-10-21 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-10-21 01:04 - 2015-10-21 01:04 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-10-21 01:04 - 2015-10-21 01:04 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-10-21 01:03 - 2015-10-21 01:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-21 01:03 - 2015-10-21 01:04 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-10-21 01:03 - 2015-10-21 01:03 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-10-21 01:03 - 2015-10-21 01:03 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\Microsoft Help
2015-10-21 01:03 - 2015-10-21 01:03 - 00000000 ____D C:\Program Files\Microsoft Office
2015-10-21 01:03 - 2015-10-21 01:03 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-10-21 01:03 - 2015-10-21 01:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-21 01:03 - 2015-10-21 01:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-21 01:03 - 2015-10-21 01:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-10-21 01:02 - 2015-10-21 01:02 - 00000000 __RHD C:\MSOCache
2015-10-21 00:32 - 2015-10-21 00:32 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-10-21 00:04 - 2015-10-21 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Backburner 2016
2015-10-20 23:56 - 2015-10-20 23:56 - 00002046 _____ C:\Users\Public\Desktop\3ds Max 2016.lnk
2015-10-20 23:54 - 2015-10-21 00:07 - 00000000 ____D C:\Users\KyuHyun\Documents\3dsMax
2015-10-20 23:00 - 2015-10-20 23:00 - 00000629 _____ C:\Users\KyuHyun\Desktop\KeyShot 4 Resources.lnk
2015-10-20 22:59 - 2015-10-20 23:03 - 00000000 ____D C:\Users\KyuHyun\Documents\KeyShot 4
2015-10-20 22:59 - 2015-10-20 23:00 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeyShot4 64
2015-10-20 22:59 - 2015-10-20 23:00 - 00000000 ____D C:\Program Files\KeyShot4
2015-10-20 22:59 - 2015-10-20 22:59 - 00000954 _____ C:\Users\KyuHyun\Desktop\KeyShot 4 64.lnk
2015-10-20 22:34 - 2015-10-20 22:34 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\T-Splines for Rhino
2015-10-20 22:34 - 2015-10-20 22:34 - 00000000 ____D C:\ProgramData\TSplines
2015-10-20 22:34 - 2015-10-20 22:34 - 00000000 ____D C:\Program Files (x86)\T-Splines for Rhino
2015-10-20 22:26 - 2015-10-20 22:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-20 22:26 - 2015-10-20 22:26 - 00000000 ____D C:\Program Files (x86)\ASGvis
2015-10-20 22:26 - 2007-04-19 10:46 - 00647872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Mscomct2.ocx
2015-10-20 22:26 - 2007-04-02 01:16 - 02916438 _____ (Robert McNeel & Associates) C:\WINDOWS\SysWOW64\rcm.dll
2015-10-20 22:26 - 2007-04-02 01:16 - 02777088 _____ (Robert McNeel & Associates) C:\WINDOWS\SysWOW64\rhrdk.10.v40.dll
2015-10-20 22:26 - 2007-04-02 01:16 - 00196608 _____ () C:\WINDOWS\SysWOW64\BongoSDK.10.v40.dll
2015-10-20 22:26 - 2007-04-02 01:16 - 00192512 _____ () C:\WINDOWS\SysWOW64\BongoSDK.dll
2015-10-20 22:26 - 2007-04-02 01:16 - 00000096 _____ C:\WINDOWS\SysWOW64\vssver.scc
2015-10-20 22:00 - 2015-10-20 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WibuKey
2015-10-20 22:00 - 2015-10-20 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group
2015-10-20 21:59 - 2011-12-16 04:40 - 00471952 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\system32\WibuXpm4J64.dll
2015-10-20 21:59 - 2011-12-16 04:40 - 00375184 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\SysWOW64\WibuXpm4J32.dll
2015-10-20 21:59 - 2011-09-22 05:00 - 00097792 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\system32\Drivers\WibuKey64.sys
2015-10-20 21:59 - 2009-12-03 06:00 - 00430080 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\system32\wibuKJni64.dll
2015-10-20 21:59 - 2009-12-03 06:00 - 00418304 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\system32\WkExt64.dll
2015-10-20 21:59 - 2009-12-03 06:00 - 00344576 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\SysWOW64\wibuKJni.dll
2015-10-20 21:59 - 2009-12-03 06:00 - 00333824 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\SysWOW64\WkExt32.dll
2015-10-20 21:59 - 2009-12-03 06:00 - 00169984 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\system32\WkWin64.dll
2015-10-20 21:59 - 2009-12-03 06:00 - 00150528 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\SysWOW64\WkWin32.dll
2015-10-20 21:59 - 2009-08-07 08:59 - 00016896 _____ (WIBU-SYSTEMS AG) C:\WINDOWS\system32\Drivers\Wibukey2_64.sys
2015-10-20 21:53 - 2015-10-20 21:55 - 00001262 _____ C:\Users\Public\Desktop\Rhinoceros 4.0.lnk
2015-10-20 21:53 - 2015-10-20 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 4.0
2015-10-20 21:53 - 2015-10-20 21:53 - 00000000 ____D C:\Program Files (x86)\Rhinoceros 4.0
2015-10-20 21:45 - 2015-10-20 21:45 - 00001822 _____ C:\Users\KyuHyun\Desktop\Adobe Premiere Pro - Shortcut.lnk
2015-10-20 21:45 - 2015-10-20 21:45 - 00001754 _____ C:\Users\KyuHyun\Desktop\InDesign - Shortcut.lnk
2015-10-20 21:45 - 2015-10-20 21:38 - 00001454 _____ C:\Users\KyuHyun\Desktop\Adobe Illustrator CS6 (64 Bit).lnk
2015-10-20 21:45 - 2015-10-20 21:38 - 00001136 _____ C:\Users\KyuHyun\Desktop\Adobe After Effects CS6.lnk
2015-10-20 21:44 - 2015-10-20 21:44 - 00001803 _____ C:\Users\KyuHyun\Desktop\Photoshop - Shortcut.lnk
2015-10-20 21:38 - 2015-10-20 21:38 - 00000000 ____D C:\ProgramData\ALM
2015-10-20 21:37 - 2015-10-20 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2015-10-20 21:37 - 2015-10-20 21:39 - 00000000 ____D C:\Program Files\Adobe
2015-10-20 21:02 - 2015-10-20 21:02 - 00001543 _____ C:\Users\KyuHyun\Desktop\iexplore - Shortcut.lnk
2015-10-20 20:49 - 2015-10-20 21:05 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\Deployment
2015-10-20 20:49 - 2015-10-20 20:49 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\Apps\2.0
2015-10-20 20:36 - 2015-10-20 20:36 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\WTablet
2015-10-20 16:41 - 2015-10-20 16:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2015-10-20 16:41 - 2015-10-20 16:41 - 00000000 ____D C:\Program Files\TabletPlugins
2015-10-20 16:41 - 2015-10-20 16:41 - 00000000 ____D C:\Program Files\Tablet
2015-10-20 16:41 - 2015-10-20 16:41 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2015-10-20 16:41 - 2015-08-21 19:33 - 02090176 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomMT.dll
2015-10-20 16:41 - 2015-08-21 19:33 - 02064576 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Tablet.dll
2015-10-20 16:41 - 2015-08-21 19:33 - 02057920 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll
2015-10-20 16:41 - 2015-08-21 19:33 - 01928896 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wintab32.dll
2015-10-20 16:41 - 2015-08-21 19:33 - 01674944 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\WacomMT.dll
2015-10-20 16:41 - 2015-08-21 19:33 - 01672384 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll
2015-10-20 16:41 - 2015-08-21 19:33 - 01664704 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll
2015-10-20 16:41 - 2015-08-21 19:33 - 01545408 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wintab32.dll
2015-10-20 16:31 - 2015-10-20 16:36 - 00000000 ____D C:\Users\KyuHyun\AppData\LocalLow\Adobe
2015-10-20 16:31 - 2015-10-20 16:31 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-10-20 16:30 - 2015-10-20 21:21 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-10-20 16:27 - 2015-10-20 16:27 - 00001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2015-10-20 16:27 - 2015-10-20 16:27 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-10-20 16:27 - 2015-10-20 16:27 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-10-20 16:26 - 2015-10-21 01:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-20 16:26 - 2015-10-20 21:39 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-20 16:24 - 2015-10-20 21:38 - 00000000 ____D C:\ProgramData\Adobe
2015-10-20 16:23 - 2015-10-20 16:39 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\Adobe
2015-10-20 16:04 - 2015-10-20 16:09 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\Grasshopper
2015-10-20 15:59 - 2015-10-20 15:59 - 00000000 ____D C:\Program Files\WIBU-SYSTEMS
2015-10-20 15:59 - 2015-10-20 15:59 - 00000000 ____D C:\Program Files (x86)\WIBU-SYSTEMS
2015-10-20 15:59 - 2015-10-20 15:59 - 00000000 ____D C:\Program Files (x86)\WIBUKEY
2015-10-20 15:58 - 2015-10-20 22:00 - 00000000 ____D C:\ProgramData\ASGVIS
2015-10-20 15:57 - 2015-10-20 15:57 - 00000000 ____D C:\Program Files (x86)\McNeelUpdate
2015-10-20 15:41 - 2015-10-20 15:41 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\3dmouse
2015-10-20 15:40 - 2015-10-20 15:40 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\NVIDIA
2015-10-20 15:39 - 2015-10-20 22:27 - 00000000 ____D C:\ProgramData\McNeel
2015-10-20 15:39 - 2015-10-20 15:57 - 00001162 _____ C:\Users\Public\Desktop\Rhinoceros 5 (64-bit).lnk
2015-10-20 15:39 - 2015-10-20 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 5
2015-10-20 15:39 - 2015-10-20 15:40 - 00000500 _____ C:\WINDOWS\SysWOW64\Drivers\igxkxz_862.set
2015-10-20 15:39 - 2015-10-20 15:40 - 00000500 _____ C:\WINDOWS\SysWOW64\Drivers\diusvhm386.dat
2015-10-20 15:39 - 2015-10-20 15:40 - 00000500 _____ C:\WINDOWS\d_oirotq338.ini
2015-10-20 15:39 - 2015-10-20 15:39 - 00000500 _____ C:\WINDOWS\SysWOW64\Drivers\ggxkxz_610.set
2015-10-20 15:39 - 2015-10-20 15:39 - 00000500 _____ C:\WINDOWS\SysWOW64\Drivers\fiusvhm561.dat
2015-10-20 15:39 - 2015-10-20 15:39 - 00000500 _____ C:\WINDOWS\i_oirotq856.ini
2015-10-20 15:39 - 2015-10-20 15:39 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\McNeel
2015-10-20 15:39 - 2015-10-20 15:39 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\McNeel
2015-10-20 15:39 - 2015-10-20 15:39 - 00000000 ____D C:\Program Files\Rhinoceros 5 (64-bit)
2015-10-20 15:23 - 2015-10-20 15:23 - 00000000 ____D C:\Python27
2015-10-20 15:23 - 2015-10-20 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2015-10-20 15:18 - 2015-10-20 15:18 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-10-20 15:18 - 2015-10-20 15:18 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\Sun
2015-10-20 15:18 - 2015-10-20 15:18 - 00000000 ____D C:\Users\KyuHyun\AppData\LocalLow\Sun
2015-10-20 15:18 - 2015-10-20 15:18 - 00000000 ____D C:\Users\KyuHyun\.oracle_jre_usage
2015-10-20 15:18 - 2015-10-20 15:18 - 00000000 ____D C:\ProgramData\Oracle
2015-10-20 15:18 - 2015-10-20 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-20 15:18 - 2015-10-20 15:18 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-20 15:17 - 2015-10-21 08:26 - 00007136 _____ C:\WINDOWS\system32\Drivers\EstRtwIFDrv
2015-10-20 15:17 - 2015-10-21 08:26 - 00000294 _____ C:\WINDOWS\system32\ayboot.ini
2015-10-20 15:16 - 2015-10-21 01:23 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\ESTsoft
2015-10-20 15:16 - 2015-10-21 01:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¾ËÅøÁî
2015-10-20 15:16 - 2015-10-21 01:16 - 00000000 ____D C:\ProgramData\ESTsoft
2015-10-20 15:16 - 2015-10-21 01:16 - 00000000 ____D C:\Program Files (x86)\ESTsoft
2015-10-20 15:16 - 2015-10-20 15:16 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\¾Ë¾à.lnk
2015-10-20 15:16 - 2015-10-20 15:16 - 00000989 _____ C:\Users\Public\Desktop\¾Ë¾à.lnk
2015-10-20 15:16 - 2015-10-20 15:16 - 00000113 _____ C:\WINDOWS\system32\unkey.ayk
2015-10-20 15:16 - 2015-10-20 15:16 - 00000000 ____D C:\Program Files\ESTsoft
2015-10-20 15:16 - 2015-09-14 09:38 - 00267544 _____ (ESTsoft Corp) C:\WINDOWS\system32\Drivers\EstRtw.sys
2015-10-20 15:16 - 2014-09-23 11:49 - 00021824 _____ C:\WINDOWS\system32\bootalyac.exe
2015-10-20 15:11 - 2015-10-20 15:11 - 00000000 ____D C:\Users\KyuHyun\AppData\LocalLow\Oracle
2015-10-20 15:10 - 2015-10-20 15:13 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\WindowsFileOpener
2015-10-20 15:04 - 2015-10-20 15:04 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\Macromedia
2015-10-20 14:38 - 2015-10-20 14:38 - 00000000 ____D C:\ProgramData\TEMP
2015-10-20 10:50 - 2015-10-20 14:37 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\MicrosoftEdge
2015-10-20 10:50 - 2015-10-20 10:52 - 00000338 _____ C:\Users\KyuHyun\Documents\plot.log
2015-10-20 10:50 - 2015-10-20 10:50 - 00000000 ____D C:\Users\KyuHyun\AppData\LocalLow\Temp
2015-10-20 10:32 - 2015-10-20 10:32 - 00000420 _____ C:\Users\KyuHyun\Desktop\This PC - Shortcut.lnk
2015-10-20 09:47 - 2015-10-20 09:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-20 09:47 - 2015-10-02 12:09 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-20 09:47 - 2015-07-05 11:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-10-20 09:45 - 2015-10-20 09:45 - 00000000 ____D C:\ProgramData\FLEXnet
2015-10-20 09:43 - 2015-10-20 09:43 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-10-20 09:43 - 2015-10-20 09:43 - 00000000 ____D C:\Program Files\MSBuild
2015-10-20 09:43 - 2015-10-20 09:43 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-10-20 09:43 - 2015-10-20 09:43 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-20 09:43 - 2015-05-29 21:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-10-20 09:43 - 2015-05-29 21:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-10-20 09:43 - 2015-05-29 21:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-10-20 09:42 - 2015-06-17 18:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-10-20 09:42 - 2015-06-17 18:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-20 09:42 - 2015-06-17 18:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-10-20 01:14 - 2015-10-20 00:23 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-20 01:12 - 2015-10-20 01:12 - 00000000 ____D C:\Windows.old
2015-10-20 01:11 - 2015-10-20 01:11 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-20 01:11 - 2015-10-20 01:11 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-20 01:11 - 2015-10-20 01:11 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-20 01:11 - 2015-10-20 01:11 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-20 01:11 - 2015-10-20 01:11 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-20 01:11 - 2015-10-20 01:11 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-20 01:11 - 2015-10-20 01:11 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-20 01:11 - 2015-10-20 01:11 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-20 01:11 - 2015-10-20 01:11 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-20 01:11 - 2015-10-20 01:11 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-20 01:11 - 2015-10-20 01:11 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-20 01:11 - 2015-10-20 01:11 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-20 01:11 - 2015-10-20 01:11 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-20 01:11 - 2015-10-20 01:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-20 01:11 - 2015-10-20 01:11 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-20 01:11 - 2015-10-20 01:11 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-20 01:11 - 2015-10-20 01:11 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-20 01:07 - 2015-10-20 01:07 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-20 01:05 - 2015-10-20 01:05 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\NetworkTiles
2015-10-20 01:04 - 2015-10-20 01:04 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-10-20 01:03 - 2015-10-20 10:11 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\Autodesk
2015-10-20 01:03 - 2015-10-20 01:03 - 00002178 _____ C:\Users\Public\Desktop\AutoCAD 2015 - English.lnk
2015-10-20 01:03 - 2015-10-20 01:03 - 00002083 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
2015-10-20 01:03 - 2015-10-20 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoCAD 2015 - English
2015-10-20 01:02 - 2015-10-20 01:02 - 00000153 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-10-20 01:02 - 2015-10-20 01:02 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2015-10-20 01:01 - 2015-10-21 00:02 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2015-10-20 01:01 - 2015-10-20 23:54 - 00000000 ____D C:\Program Files\Autodesk
2015-10-20 01:00 - 2015-10-21 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-10-20 01:00 - 2015-10-21 00:04 - 00000000 ____D C:\Program Files (x86)\Autodesk
2015-10-20 01:00 - 2015-10-20 23:13 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-20 01:00 - 2015-10-20 01:00 - 00000680 _____ C:\WINDOWS\DirectX.log
2015-10-20 01:00 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-10-20 01:00 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2015-10-20 01:00 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2015-10-20 01:00 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2015-10-20 01:00 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2015-10-20 01:00 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-10-20 01:00 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2015-10-20 01:00 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2015-10-20 01:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2015-10-20 01:00 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-10-20 01:00 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2015-10-20 01:00 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2015-10-20 01:00 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2015-10-20 01:00 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2015-10-20 01:00 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-10-20 01:00 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-10-20 01:00 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2015-10-20 01:00 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2015-10-20 01:00 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2015-10-20 01:00 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2015-10-20 01:00 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2015-10-20 01:00 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2015-10-20 01:00 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2015-10-20 01:00 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2015-10-20 00:57 - 2015-10-21 00:17 - 00000000 ____D C:\ProgramData\Autodesk
2015-10-20 00:57 - 2015-10-20 10:37 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\Autodesk
2015-10-20 00:57 - 2015-10-20 10:13 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\Comms
2015-10-20 00:57 - 2015-10-20 00:57 - 00002347 _____ C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-20 00:56 - 2015-10-20 00:56 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\Synaptics
2015-10-20 00:56 - 2015-10-20 00:56 - 00000000 ____D C:\ProgramData\Synaptics
2015-10-20 00:56 - 2015-07-09 20:36 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\korwbrkr.dll
2015-10-20 00:56 - 2015-07-09 20:25 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\korwbrkr.dll
2015-10-20 00:56 - 2015-06-17 18:05 - 12023100 _____ C:\WINDOWS\system32\korwbrkr.lex
2015-10-20 00:55 - 2015-10-20 21:40 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\Adobe
2015-10-20 00:55 - 2015-10-20 15:12 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\Packages
2015-10-20 00:55 - 2015-10-20 00:55 - 00001054 _____ C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-10-20 00:55 - 2015-10-20 00:55 - 00000020 ___SH C:\Users\KyuHyun\ntuser.ini
2015-10-20 00:55 - 2015-10-20 00:55 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\VirtualStore
2015-10-20 00:55 - 2015-10-20 00:55 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\TileDataLayer
2015-10-20 00:55 - 2015-10-20 00:55 - 00000000 ____D C:\Users\KyuHyun\AppData\Local\Publishers
2015-10-20 00:31 - 2015-10-20 00:31 - 01806216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-10-20 00:31 - 2015-10-20 00:31 - 00766136 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-10-20 00:31 - 2015-10-20 00:31 - 00419528 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-10-20 00:31 - 2015-10-20 00:31 - 00269000 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-10-20 00:31 - 2015-10-20 00:31 - 00255688 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo31.dll
2015-10-20 00:31 - 2015-10-20 00:31 - 00044216 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-10-20 00:31 - 2015-10-20 00:31 - 00044216 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-10-20 00:31 - 2015-10-20 00:31 - 00042184 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2015-10-20 00:31 - 2015-10-20 00:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-10-20 00:31 - 2015-10-20 00:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-10-20 00:28 - 2015-10-21 08:26 - 00000000 ____D C:\ProgramData\Validity
2015-10-20 00:28 - 2015-10-20 00:28 - 72121872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2015-10-20 00:28 - 2015-10-20 00:28 - 35222128 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-10-20 00:28 - 2015-10-20 00:28 - 04522752 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-10-20 00:28 - 2015-10-20 00:28 - 03679536 _____ (Synaptics Incorporated) C:\WINDOWS\system32\vcsAPIFORWBF.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 03271912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 02965632 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 02926848 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 02711296 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-10-20 00:28 - 2015-10-20 00:28 - 01757952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 01599792 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 01435144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 01331336 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 01122648 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00961024 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00749776 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00645464 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00574248 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00467168 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00381416 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00259288 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00195192 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00061968 _____ (Synaptics Incorporated) C:\WINDOWS\system32\valWBFPolicyService.exe
2015-10-20 00:28 - 2015-10-20 00:28 - 00030544 _____ (HP) C:\WINDOWS\system32\Drivers\WirelessButtonDriver64.sys
2015-10-20 00:28 - 2015-10-20 00:28 - 00023704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2015-10-20 00:28 - 2015-10-20 00:28 - 00006974 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2015-10-20 00:28 - 2015-10-20 00:28 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_wbf_vfs_0050_01_09_00.Wdf
2015-10-20 00:28 - 2015-10-20 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-10-20 00:28 - 2015-10-20 00:28 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-10-20 00:28 - 2015-10-20 00:28 - 00000000 ____D C:\Program Files\Realtek
2015-10-20 00:25 - 2015-10-20 00:25 - 00092336 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPMDPCoInst.dll
2015-10-20 00:25 - 2015-10-20 00:25 - 00054448 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpservice.exe
2015-10-20 00:25 - 2015-10-20 00:25 - 00053424 _____ (Hewlett-Packard) C:\WINDOWS\system32\Drivers\Accelerometer.sys
2015-10-20 00:25 - 2015-10-20 00:25 - 00044720 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\accelerometerdll.DLL
2015-10-20 00:25 - 2015-10-20 00:25 - 00040624 _____ (Hewlett-Packard) C:\WINDOWS\system32\Drivers\hpdskflt.sys
2015-10-20 00:21 - 2015-10-21 08:27 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-20 00:17 - 2015-10-21 08:27 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-20 00:17 - 2015-10-20 00:17 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2015-10-20 00:17 - 2015-10-20 00:17 - 00007623 _____ C:\WINDOWS\diagerr.xml
2015-10-20 00:17 - 2015-10-20 00:17 - 00000000 __SHD C:\Recovery
2015-10-20 00:16 - 2015-10-21 01:51 - 00000000 ____D C:\Users\KyuHyun
2015-10-20 00:16 - 2015-10-20 00:55 - 00000000 ___RD C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-20 00:16 - 2015-07-30 23:42 - 00000000 __RSD C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-20 00:16 - 2015-07-30 23:42 - 00000000 ___RD C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-20 00:16 - 2015-07-30 23:42 - 00000000 ___RD C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-20 00:16 - 2015-07-30 23:42 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-20 00:15 - 2015-10-21 08:26 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-10-20 00:15 - 2015-10-20 00:15 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-10-20 00:15 - 2015-10-20 00:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-10-20 00:15 - 2015-10-20 00:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-10-20 00:15 - 2015-10-20 00:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-20 00:15 - 2015-10-20 00:15 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-20 00:15 - 2015-10-20 00:15 - 00000000 ____D C:\Program Files\Synaptics
2015-10-20 00:15 - 2015-10-20 00:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-20 00:15 - 2015-10-20 00:15 - 00000000 ____D C:\Program Files\Intel
2015-10-20 00:15 - 2015-07-23 02:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-10-20 00:15 - 2015-07-23 02:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-10-20 00:15 - 2015-07-23 02:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-10-20 00:15 - 2015-07-23 02:10 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-10-20 00:15 - 2015-07-23 02:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-10-20 00:15 - 2015-07-23 02:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-10-20 00:15 - 2015-07-23 02:10 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-10-20 00:15 - 2015-07-23 02:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-10-20 00:15 - 2015-07-22 05:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-10-20 00:15 - 2015-07-18 00:58 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-10-20 00:15 - 2015-07-18 00:58 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-10-20 00:14 - 2015-10-20 00:14 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-10-19 23:51 - 2015-10-19 23:51 - 00000000 ____D C:\Users\KyuHyun\Documents\Autodesk Application Manager
2015-10-19 23:29 - 2015-10-19 23:29 - 00000000 ____D C:\Users\KyuHyun\Documents\Inventor Server SDK ACAD 2015
2015-10-19 23:25 - 2015-10-19 23:25 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2015-10-19 22:59 - 2015-10-20 01:03 - 00000000 ___HD C:\$Windows.~BT
2015-10-19 22:33 - 2015-10-20 23:11 - 00000000 ____D C:\Autodesk
2015-10-19 17:12 - 2015-10-21 02:05 - 00000000 ____D C:\Users\KyuHyun\OneDrive
2015-10-19 17:08 - 2015-10-19 17:08 - 00000000 ____D C:\Users\KyuHyun\Documents\Youcam
2015-10-19 17:06 - 2015-10-19 17:06 - 00000000 _SHDL C:\Users\KyuHyun\시작 메뉴
2015-10-19 17:06 - 2014-11-02 13:44 - 00000000 ___HD C:\Users\KyuHyun\Documents\hp.system.package.metadata
2015-10-19 08:04 - 2015-03-02 23:48 - 00003802 _____ C:\OA3.Trace.xml
2015-10-19 08:04 - 2015-03-02 23:48 - 00000412 _____ C:\OA3ChkEdt.log
2015-10-19 08:03 - 2015-10-19 08:04 - 00000000 _____ C:\Recovery.txt
2015-10-06 01:51 - 2015-10-06 01:52 - 00000000 ____D C:\Users\KyuHyun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\帮5淘

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-21 08:28 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-21 08:26 - 2015-07-30 22:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-21 08:25 - 2015-07-10 10:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-10-21 08:20 - 2015-09-09 22:32 - 00010486 _____ C:\WINDOWS\PFRO.log
2015-10-21 08:19 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-21 02:05 - 2015-07-30 22:49 - 05044656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-21 01:09 - 2015-07-30 22:50 - 00022391 _____ C:\WINDOWS\setupact.log
2015-10-21 01:04 - 2015-09-10 06:21 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-21 01:04 - 2015-07-30 23:42 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-21 01:03 - 2015-07-30 23:42 - 00000167 _____ C:\WINDOWS\win.ini
2015-10-21 01:03 - 2015-07-30 23:42 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-20 23:54 - 2015-07-30 23:42 - 00017570 _____ C:\WINDOWS\system32\Drivers\etc\services
2015-10-20 21:05 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-20 20:45 - 2015-07-30 23:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-20 15:16 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\Resources
2015-10-20 14:52 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-10-20 09:43 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-20 01:14 - 2015-07-30 23:42 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-20 01:12 - 2015-07-30 23:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-20 01:12 - 2015-07-30 23:42 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-20 01:12 - 2015-07-30 23:42 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-20 01:12 - 2015-07-30 23:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-20 01:12 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-20 01:12 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-20 01:12 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-20 01:12 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-20 01:09 - 2015-09-10 06:21 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-20 01:09 - 2015-09-10 06:09 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-10-20 01:09 - 2015-09-10 06:09 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-10-20 01:09 - 2015-09-10 06:09 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-10-20 01:09 - 2015-09-10 06:09 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-10-20 01:09 - 2015-07-30 23:42 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-10-20 01:09 - 2015-07-30 23:42 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-10-20 01:09 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-10-20 01:09 - 2015-07-30 23:42 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-10-20 01:09 - 2015-07-30 23:42 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-10-20 01:00 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\restore
2015-10-20 00:56 - 2015-09-10 06:13 - 00000000 ____D C:\WINDOWS\OCR
2015-10-20 00:31 - 2011-10-14 05:37 - 00615608 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-10-20 00:28 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-20 00:18 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\rescache
2015-10-20 00:17 - 2015-07-30 23:42 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-20 00:17 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-20 00:16 - 2015-07-30 23:43 - 00003077 _____ C:\WINDOWS\DtcInstall.log
2015-10-20 00:16 - 2015-07-10 10:47 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-20 00:15 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\Help
2015-10-20 00:15 - 2015-07-30 22:50 - 00000065 _____ C:\WINDOWS\setuperr.log
2015-10-20 00:14 - 2015-07-10 10:47 - 00000000 __RHD C:\Users\Default
2015-10-19 17:07 - 2014-04-05 00:45 - 00000000 ___HD C:\SYSTEM.SAV
2015-10-16 04:10 - 2015-07-30 23:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 04:10 - 2015-07-30 23:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-10-20 01:02 - 2015-10-20 01:02 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\KyuHyun\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-20 00:14

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by KyuHyun (2015-10-21 08:29:04)
Running from C:\Users\KyuHyun\AppData\Local\Microsoft\Windows\INetCache\IE\UK6VNCDJ
Windows 10 Home (X64) (2015-10-19 23:23:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1407302932-3430985874-877877052-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1407302932-3430985874-877877052-503 - Limited - Disabled)
Guest (S-1-5-21-1407302932-3430985874-877877052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1407302932-3430985874-877877052-1003 - Limited - Enabled)
KyuHyun (S-1-5-21-1407302932-3430985874-877877052-1001 - Administrator - Enabled) => C:\Users\KyuHyun

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 알약 (Enabled - Up to date) {C3A632BD-BAFF-A4B2-F1E3-F1E89581CC8B}
AS: 알약 (Enabled - Up to date) {78C7D359-9CC5-AB3C-CB53-CA9AEE068636}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

¾Ë¾à (HKLM\...\ALYac_is1) (Version: v2.5 - ESTsoft Corp.)
¾ËÅøÁî ¾÷µ¥ÀÌÆ® (HKLM-x32\...\ALUpdate_is1) (Version: v14.08 - ESTsoft Corp.)
¾ËÁý 9.66 (HKLM-x32\...\ALZip_is1) (Version: v9.66 - ESTsoft Corp.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 (HKLM-x32\...\{D176CB09-1505-4D2B-838A-4483D7DF23FB}) (Version: 5.0.1 - Adobe)
AutoCAD 2015 - English (Version: 20.0.141.0 - Autodesk) Hidden
AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.1.2.1000 - Autodesk)
Autodesk 3ds Max 2016 (HKLM\...\Autodesk 3ds Max 2016) (Version: 18.0.873.0 - Autodesk)
Autodesk 3ds Max 2016 (Version: 18.0.873.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 Populate Data (HKLM\...\{57E92DED-DC7C-41E5-B9E1-76D83BD2EABE}) (Version: 18.0.0.0 - Autodesk)
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.19 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.5 - Autodesk)
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.141.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk Backburner 2016 (HKLM-x32\...\{8C5F38D2-9EFE-49A4-B3F5-BF3210FED168}) (Version: 16.0.0.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Civil View for 3ds Max 2016 64-bit (HKLM\...\{1C4FFAF0-6DBB-4F7A-A386-46747D060826}) (Version: 18.0.0.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk Inventor Server Engine for 3ds Max 2016 (HKLM\...\{9167CA34-4E58-49E3-8892-3C439739D2D3}) (Version: 18.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.19 - Autodesk)
Autodesk Revit Interoperability for 3ds Max  (HKLM\...\Autodesk Revit Interoperability for 3ds Max ) (Version: 16.0.394.0 - Autodesk)
Autodesk Revit Interoperability for 3ds Max  (Version: 16.0.394.0 - Autodesk) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.55.5179 - Gretech Corporation)
GOMTV Plug-in (HKLM-x32\...\GomTV Launcher Plugin) (Version: 1.0.0.3 - GRETECH CORP.)
Google SketchUp Pro 8 (HKLM-x32\...\{E0A160F1-127B-43AC-AF96-EBB6319B01C7}) (Version: 3.0.4811 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KeyShot4 4.0 64 bit (HKLM-x32\...\KeyShot4_64) (Version: 4.0 64 bit - Luxion ApS)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 8.0 Support DLLs (HKLM-x32\...\{342F5437-C87D-4BB5-89B9-B23E16C6A395}) (Version: 1.0.0 - McNeel & Associates)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ProcessClean 2.35a (HKLM-x32\...\ProcessClean) (Version: 2.35a - ProcessClean)
Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Rhino RDK (HKLM-x32\...\Rhino RDK) (Version:  - )
Rhinoceros 4.0 (HKLM-x32\...\{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}) (Version: 4.0.20118 - McNeel & Associates)
Rhinoceros 5 (64-bit) (HKLM\...\{D7B0FC7F-827E-4664-9DC8-32AD32C875A7}) (Version: 5.5.30717.16015 - Robert McNeel & Associates)
Rhinoceros 5 Help Media (HKLM-x32\...\{B056D7CB-733B-4D0B-AA27-61D5618A0B78}) (Version: 5.7.31022.19295 - Robert McNeel & Associates)
Rhinoceros 5 Language Pack Installer (ko-KR) (HKLM-x32\...\{2C253B73-1A4E-4891-AAA6-F477438F6229}) (Version: 5.7.31022.19295 - Robert McNeel & Associates)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
T-Splines for Rhino (HKLM-x32\...\T-Splines for Rhino) (Version: 1.0 - T-Splines Inc)
Unity Web Player (HKU\S-1-5-21-1407302932-3430985874-877877052-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
V-Ray for Rhinoceros 4.0 (HKLM-x32\...\{54DBAF71-635A-45CB-A7DD-7EAB60F5C460}) (Version: 1.00.0000 - ASGvis, LLC)
V-Ray for Rhinoceros 5 x64 adv (HKLM-x32\...\V-Ray for Rhinoceros 5 x64 adv 2.00.23938) (Version: 2.00.23938 - Chaos Software, Ltd)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.00d of 2011-Sep-22 (Build 138) (Setup) - WIBU-SYSTEMS AG)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1407302932-3430985874-877877052-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1407302932-3430985874-877877052-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1407302932-3430985874-877877052-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1407302932-3430985874-877877052-1001_Classes\CLSID\{58d47fff-63ef-572e-843f-e5dd6aa0005d}\InprocServer32 -> C:\Users\KyuHyun\AppData\Local\B5T\Plugin\npB5TPlugin64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407302932-3430985874-877877052-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1407302932-3430985874-877877052-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1407302932-3430985874-877877052-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File

==================== Restore Points =========================

20-10-2015 01:00:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
21-10-2015 01:02:41 Installed Microsoft Office Professional Plus 2013
21-10-2015 01:02:50 PROPLUS

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-30 23:42 - 2015-10-20 21:41 - 00001028 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1CB74EA3-DBD9-4FEF-A221-92AD95D81B1F} - System32\Tasks\SUPERAntiSpyware Scheduled Task c1971a87-142f-4cc1-baa1-b1f383ad5788 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {29AE0181-943C-42B5-8156-9E08895295AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-21] (Google Inc.)
Task: {39680AF7-AFF6-4876-A706-7D805F770011} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {572C1981-1033-4CF2-9E6E-EA7EAEEBC76D} - System32\Tasks\SUPERAntiSpyware Scheduled Task f811ac6b-0d3b-4615-9e33-d759bbabd897 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {61673DEA-6250-4BD6-93F7-B7DA685BB101} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6CAF442D-0DAD-428C-9230-7A86519393B3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SongPC-KyuHyun SongPC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {7CEE4244-6358-4EC8-BA35-BF99BAD66117} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation)
Task: {82466404-27DD-455D-B48B-662EA8167BFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-21] (Google Inc.)
Task: {A5C6AE6D-B1D7-4DED-8DBA-FF103C3C05F3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {C33CDAA5-9FE7-430D-A18A-AD44262F3EDA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task c1971a87-142f-4cc1-baa1-b1f383ad5788.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f811ac6b-0d3b-4615-9e33-d759bbabd897.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-10 06:12 - 2015-09-10 06:12 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-10-20 00:15 - 2015-07-23 02:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-10 06:12 - 2015-09-10 06:12 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-18 01:35 - 2015-07-18 01:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-10-20 01:11 - 2015-10-20 01:11 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 04:13 - 2015-07-10 04:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-20 01:11 - 2015-10-20 01:11 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 04:13 - 2015-09-10 06:12 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\KyuHyun\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ALYac_UpdSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ALYac_UpdSrv => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1407302932-3430985874-877877052-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{1344DBB7-28E2-4B9E-ACAE-536F2085270C}C:\users\kyuhyun\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kyuhyun\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{C0A78EBC-6329-4957-845C-9C75E9E7F4D3}C:\users\kyuhyun\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kyuhyun\appdata\local\akamai\netsession_win.exe
FirewallRules: [{1EA2E9BD-EE0F-4222-9211-33391ADC7ACE}] => (Allow) LPort=50248
FirewallRules: [{EBBA4B42-87ED-4EAC-B009-C1D7825D3A67}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CFDB7412-CB76-4ED2-B375-F194E183141F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0F713197-7641-4D14-8109-0DC5B42652C6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6F192694-1DA1-4967-944A-D1477FFFAECF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D2DA4BA9-0E61-455A-85A8-FC09F14FF147}] => (Allow) c:\program files\estsoft\alyac\ayupdsrv.aye
FirewallRules: [{02D3F336-3936-477B-B979-E6B71BD5D082}] => (Allow) c:\program files\estsoft\alyac\ayupdsrv.aye
FirewallRules: [{6ADFD413-68D6-4635-9A6E-406F4C1B4435}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{23744673-97C6-4B0E-AF92-E6C76864B50E}C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe] => (Allow) C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe
FirewallRules: [UDP Query User{B3B63021-4188-48B5-B3E9-4213A531615B}C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe] => (Allow) C:\program files\rhinoceros 5 (64-bit)\system\rhino.exe
FirewallRules: [{57E1A29E-19BB-43E6-9FFD-0FC23FE27ECA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7845DC40-B0C0-4327-920E-5D1CE2E93FB2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{691BD331-8E32-490B-AF81-11F9CEE83DD7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{15AC452C-29ED-43AB-9F58-A486E11479E2}C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe
FirewallRules: [UDP Query User{2C79F9E2-2538-4A17-9715-CE21B4A8BA17}C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe] => (Allow) C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe
FirewallRules: [{F46D7025-A4D7-47E3-8D95-866556C1DDF4}] => (Allow) C:\Program Files\KeyShot4\bin\keyshot4.exe
FirewallRules: [{506775EF-0E16-4E0C-A56D-E11C56540BD8}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{291CDF48-B5C9-4804-A132-A39F7BD9D6DC}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{A7CB10B8-39A9-4E2F-B51A-3B0C8D9F7575}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{978DC6FE-B973-4103-B19F-107F8F157E09}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{E195EB17-F389-4FE7-B859-ED98C44410E9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D8A4BD3C-85BC-4FCA-9E9C-3CDFFF523820}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F4C5D8FD-AEEB-4A2D-A9AE-859D63C99DD5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7EEB4BE2-317F-4B9A-B298-B6233877AC27}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DF42A0AC-798A-4322-BA6C-20037D930584}] => (Allow) C:\Users\KyuHyun\AppData\Roaming\SSN\ssn.exe
FirewallRules: [{427765C7-53AC-44EA-A294-427D185696A7}] => (Allow) C:\Users\KyuHyun\AppData\Roaming\SSN\updssn.exe
FirewallRules: [{567819CF-1019-49E7-AAE4-8E2F15AA39B3}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 5\lightroom.exe
FirewallRules: [{B0EC290A-9BAF-431F-A615-4E658510BF3D}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 5\lightroom.exe
FirewallRules: [{7F841F12-1F09-4B9E-A09B-B0FBE102B2F2}] => (Allow) C:\Users\KyuHyun\AppData\Roaming\IQIYI Video\LStyle\GpUpdate.exe
FirewallRules: [{287706FB-AA0B-40D6-95E2-8D721064BB85}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{0F9855E5-F346-4425-A311-751E917F3F88}] => (Allow) C:\Users\KyuHyun\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{8620B931-BC24-4AA1-9A9A-D04C9F16D7A5}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{93FDB12A-BA45-49D8-A59F-EA40FA39CB3E}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{DB1D946F-E018-4022-A2DF-91796ED04E8C}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{E879DE9E-9B0B-449D-B035-FCEC4DBC29E4}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/21/2015 02:07:29 AM) (Source: YSearchUtilSvc) (EventID: 0) (User: )
Description: YSearchUtilSvc error: The operation completed successfully. (0x0)Could not open service (1060)

Error: (10/21/2015 02:05:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SongPC)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/21/2015 02:03:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10240.16431, time stamp: 0x55c9bd76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffa65c3ac18
Faulting process ID: 0x3384
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report ID: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (10/21/2015 02:03:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AYTask.aye version 15.7.24.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 73dc

Start Time: 01d10b9a4a0350d0

Termination Time: 12309

Application Path: C:\Program Files\ESTsoft\ALYac\AYTask.aye

Report Id: 72d5db65-778f-11e5-8d78-f40669463c0e

Faulting package full name:

Faulting package-relative application ID:

Error: (10/21/2015 02:02:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program QyUninst.exe version 3.1.3.18 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3258

Start Time: 01d10b9b90277d36

Termination Time: 16

Application Path: C:\Users\KyuHyun\AppData\Roaming\IQIYI Video\LStyle\QyUninst.exe

Report Id: 77113bc1-778f-11e5-8d78-f40669463c0e

Faulting package full name:

Faulting package-relative application ID:

Error: (10/21/2015 02:01:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ALYac.aye version 15.8.5.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 7364

Start Time: 01d10b9a488b3a97

Termination Time: 60000

Application Path: C:\Program Files\ESTsoft\ALYac\ALYac.aye

Report Id: 1d124922-778f-11e5-8d78-f40669463c0e

Faulting package full name:

Faulting package-relative application ID:

Error: (10/21/2015 01:56:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.10240.16412, time stamp: 0x55b99d3f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000180008e49
Faulting process ID: 0x6f2c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report ID: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/21/2015 01:56:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10240.16412, time stamp: 0x55b99447
Faulting module name: LolliScan32.dll_unloaded, version: 0.14.882.0, time stamp: 0x5607688d
Exception code: 0xc0000005
Fault offset: 0x000725d9
Faulting process ID: 0x6e74
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report ID: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (10/21/2015 01:33:09 AM) (Source: MsiInstaller) (EventID: 11311) (User: SongPC)
Description: 제품: Adobe Acrobat 9 Pro - Korean - 오류 1311. 원본 파일이 없습니다(cabinet): I:\내용\programs\Win\adobe\Acrobat 9(win)\Adobe Acrobat 9 Pro\Data1.cab. 그 파일이 실제로 있는지, 그리고 그 파일에 대한 액세스 권한이 있는지 확인하십시오.

Error: (10/21/2015 01:33:08 AM) (Source: MsiInstaller) (EventID: 11311) (User: SongPC)
Description: 제품: Adobe Acrobat 9 Pro - Korean - 오류 1311. 원본 파일이 없습니다(cabinet): I:\내용\programs\Win\adobe\Acrobat 9(win)\Adobe Acrobat 9 Pro\Data1.cab. 그 파일이 실제로 있는지, 그리고 그 파일에 대한 액세스 권한이 있는지 확인하십시오.

System errors:
=============
Error: (10/21/2015 08:25:41 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (10/21/2015 08:25:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/21/2015 08:25:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/21/2015 08:25:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/21/2015 08:25:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/21/2015 08:25:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/21/2015 08:25:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/21/2015 08:25:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (10/21/2015 08:25:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Synaptics FP WBF Policy Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/21/2015 08:25:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

CodeIntegrity:
===================================
  Date: 2015-10-20 01:09:09.534
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 11%
Total physical RAM: 16306.27 MB
Available physical RAM: 14437.65 MB
Total Virtual: 19250.27 MB
Available Virtual: 17391.39 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:236.6 GB) (Free:137.35 GB) NTFS
Drive d: (DATA) (Fixed) (Total:908.16 GB) (Free:907.9 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:23.35 GB) (Free:2.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Samsung_T1) (Fixed) (Total:232.87 GB) (Free:174.73 GB) exFAT
Drive i: (Seagate Backup Plus Drive) (Fixed) (Total:1863.02 GB) (Free:596.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D9CE92D2)

Partition: GPT.

========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 66BEECA1)

Partition: GPT.

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 99F4A177)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 232.9 GB) (Disk ID: B2F6B4FD)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 21 October 2015 - 09:39 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1407302932-3430985874-877877052-1001\...\Policies\Explorer: []
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 26 October 2015 - 08:12 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:58 PM

Posted 01 November 2015 - 09:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users