Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[Chrome] "server DNS address could not be found" error


  • Please log in to reply
5 replies to this topic

#1 dongwonssamja

dongwonssamja

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 08 September 2017 - 09:15 PM

Hi everyone,

I am using Windows 10, and I noticed today that I couldn't access many of the web pages in Chrome. I can still do a google search and but as soon as I click a page, the error message pops up.

It reads:
This site can't be reached.
[Website name]'s server DNS address could not be found.
DNS_PROBE_FINISHED_NXDOMAIN

Also, when I was downloading the Farbar Recovery Scan Tool, I received a nofication that my Windows Defender SmartScreen is unreachable. (Notification image attached below)

I don't think wifi connection is the problem since I can access these pages on mobile. I tried several methods from other websites to solve the DNS problem but none has worked so far.

I would greatly appreciate your help. Thanks so much in advance.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by HanSol PARK (administrator) on SAMSUNG (08-09-2017 20:46:27)
Running from C:\Users\HanSol PARK\Desktop
Loaded Profiles: UpdatusUser & HanSol PARK (Available Profiles: UpdatusUser & HanSol PARK)
Platform: Windows 10 Home Version 1703 (X64) Language: Korean (Korea)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
() C:\Program Files\Gramblr\gramblr.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
(VP Inc.) C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(VP Inc.) C:\Program Files (x86)\VP\VPWalletService\VPWalletDaemon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Spotify Ltd) C:\Users\HanSol PARK\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NAVER Corp.) C:\Program Files (x86)\Naver\NaverCapture\NaverCapture.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ALMountTray] => C:\Program Files (x86)\ESTsoft\ALZip\ALMountTray.exe [2131672 2015-01-22] (ESTsoft Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2377441386-1568436963-1158331760-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [8430912 2017-08-18] (Kakao Corp. )
HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google)
HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\Run: [Spotify Web Helper] => C:\Users\HanSol PARK\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-08] (Spotify Ltd)
GroupPolicy: Restriction - Chrome <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{2f33410d-2e1e-4dea-9ec1-54a0d23cdc43}: [NameServer] 208.67.222.222,208.67.220.220

Internet Explorer:
==================
HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> DefaultScope {F4B4A825-93F9-490D-991C-952AAED03C3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0cbe7843&q={searchTerms}
SearchScopes: HKLM -> {F4B4A825-93F9-490D-991C-952AAED03C3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0cbe7843&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002 -> DefaultScope {F4B4A825-93F9-490D-991C-952AAED03C3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0cbe7843&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL =
SearchScopes: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002 -> {F4B4A825-93F9-490D-991C-952AAED03C3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0cbe7843&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2017-04-06] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2017-04-06] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {142DC14B-63E4-453e-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxp://plugin.inicis.com/wallet61/INIwallet61_win8.cab
DPF: HKLM-x32 {99991304-9999-1000-8000-080009AC61A9} hxxps://khuis.khu.ac.kr/pb/PBRun9/PBRun9.cab

FireFox:
========
FF DefaultProfile: 7279jy6s.default
FF ProfilePath: C:\Users\HanSol PARK\AppData\Roaming\Mozilla\Firefox\Profiles\7279jy6s.default [2017-06-20]
FF NewTab: Mozilla\Firefox\Profiles\7279jy6s.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7279jy6s.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7279jy6s.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\7279jy6s.default -> hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
about:home
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2017-04-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2017-04-06] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-2377441386-1568436963-1158331760-1002: @naver.com/npNLiveCast -> C:\Users\HanSol PARK\AppData\Roaming\Mozilla\Plugins\NPNLiveCast.dll [2016-01-28] (NAVER Corp.)
FF Plugin HKU\S-1-5-21-2377441386-1568436963-1158331760-1002: @naver.com/npNLiveCast64 -> C:\Users\HanSol PARK\AppData\Roaming\Mozilla\Plugins\NPNLiveCast64.dll [2016-01-28] (NAVER Corp.)
FF Plugin HKU\S-1-5-21-2377441386-1568436963-1158331760-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2377441386-1568436963-1158331760-1002: www.navercorp.com/NDownloaderObjX64 -> C:\Users\HanSol PARK\AppData\Roaming\NAVER\FileDownloader\npNDownloaderObj64_1_0_0_35.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\HanSol PARK\AppData\Roaming\mozilla\plugins\NPNLiveCast.dll [2016-01-28] (NAVER Corp.)
FF Plugin ProgramFiles/Appdata: C:\Users\HanSol PARK\AppData\Roaming\mozilla\plugins\npNLiveCast64.dll [2016-01-28] (NAVER Corp.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default [2017-09-08]
CHR Extension: (Google Docs) - C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-23]
CHR Extension: (Google Drive) - C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-23]
CHR Extension: (YouTube) - C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-23]
CHR Extension: (Honey) - C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-09-08]
CHR Extension: (PDF Editor for Docs:Edit, Fill, Sign, Print) - C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjboohgkgchdnfnjiaggdbkdmpieoagi [2017-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-23]
CHR Extension: (AdBlock) - C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-05-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-22]
CHR HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AllShare Framework DMS; C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe [403264 2016-03-21] (Samsung)
S3 ALMountService; C:\Program Files (x86)\ESTsoft\ALZip\ALMountService.exe [228568 2015-10-29] (ESTsoft Corp.)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-10] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corp.)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [11804752 2017-08-20] () [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-26] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-04-08] ()
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2015-08-23] ()
R2 SamsungLinkService; C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe [24977128 2016-03-21] (Samsung Electronics CO., LTD.)
R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1775256 2016-01-05] (Samsung Electronics Co., Ltd.) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3289448 2016-05-11] (Samsung Electronics Co., Ltd.)
R2 VPWalletService; C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe [130680 2017-05-30] (VP Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALMount; c:\program files (x86)\estsoft\alzip\almountdrv64.sys [21208 2014-10-07] (ESTsoft Corp.)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN Microelectronic Corp.)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
S3 np_ck64s; C:\windows\syswow64\np_ck64s.sys [75680 2014-08-13] (INCA Internet Co.,Ltd.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvsmwu.inf_amd64_be58e4780959fe55\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2344448 2017-03-18] (Qualcomm Atheros, Inc.)
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [422656 2016-03-14] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-10-13] (DEVGURU Co., LTD.)
R1 TKFWFV; C:\WINDOWS\system32\TKFWFV64.sys [34400 2013-11-26] (INCA Internet Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-08 20:46 - 2017-09-08 20:46 - 000020902 _____ C:\Users\HanSol PARK\Desktop\FRST.txt
2017-09-08 20:45 - 2017-09-08 20:46 - 000000000 ____D C:\FRST
2017-09-08 20:44 - 2017-09-08 20:44 - 002395648 _____ (Farbar) C:\Users\HanSol PARK\Desktop\FRST64.exe
2017-09-08 18:48 - 2017-09-08 18:48 - 000000000 ____D C:\hydra_tmp_1504914491640
2017-09-06 20:05 - 2017-09-06 20:05 - 000000000 ____D C:\Users\HanSol PARK\Desktop\We Bare Bears
2017-08-30 06:44 - 2017-08-30 06:44 - 000000000 ____D C:\Users\HanSol PARK\Documents\FeedbackHub
2017-08-30 06:40 - 2017-08-30 06:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-2377441386-1568436963-1158331760-1002
2017-08-28 09:16 - 2017-08-28 09:18 - 000000000 ____D C:\Users\HanSol PARK\Desktop\Dead Space
2017-08-24 03:53 - 2013-05-14 08:18 - 000809496 ____R (Creative Labs Inc.) C:\WINDOWS\SysWOW64\tmp1AFD.tmp
2017-08-22 20:28 - 2017-08-22 20:28 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2017-08-22 20:28 - 2017-08-22 20:28 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
2017-08-22 16:50 - 2017-08-22 16:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic
2017-08-22 15:50 - 2017-08-22 15:51 - 000719932 _____ C:\WINDOWS\Minidump\082217-6812-01.dmp
2017-08-22 15:50 - 2017-08-22 15:50 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-09 04:43 - 2017-07-31 21:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 04:43 - 2017-07-31 21:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 04:43 - 2017-07-31 21:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 04:43 - 2017-07-31 21:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 04:43 - 2017-07-31 21:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 04:43 - 2017-07-31 21:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 04:43 - 2017-07-31 21:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 04:43 - 2017-07-31 21:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 04:43 - 2017-07-31 21:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 04:43 - 2017-07-31 21:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 04:43 - 2017-07-31 21:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 04:43 - 2017-07-31 21:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 04:43 - 2017-07-31 21:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 04:43 - 2017-07-31 21:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 04:43 - 2017-07-31 21:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 04:43 - 2017-07-31 21:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 04:43 - 2017-07-31 21:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 04:43 - 2017-07-31 21:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 04:43 - 2017-07-31 21:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 04:43 - 2017-07-31 21:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 04:43 - 2017-07-31 21:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 04:43 - 2017-07-31 21:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 04:43 - 2017-07-31 21:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 04:43 - 2017-07-31 21:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 04:43 - 2017-07-31 21:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 04:43 - 2017-07-31 21:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 04:43 - 2017-07-31 21:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 04:43 - 2017-07-31 21:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 04:43 - 2017-07-31 21:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 04:43 - 2017-07-31 21:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 04:43 - 2017-07-31 21:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 04:43 - 2017-07-31 21:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 04:43 - 2017-07-31 21:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 04:43 - 2017-07-31 21:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 04:43 - 2017-07-31 21:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 04:43 - 2017-07-31 21:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 04:43 - 2017-07-31 21:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 04:43 - 2017-07-31 21:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 04:43 - 2017-07-31 21:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 04:43 - 2017-07-31 21:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 04:43 - 2017-07-31 21:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 04:43 - 2017-07-31 21:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 04:43 - 2017-07-31 21:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 04:43 - 2017-07-31 21:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 04:43 - 2017-07-31 21:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 04:43 - 2017-07-31 20:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 04:43 - 2017-07-31 20:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 04:43 - 2017-07-31 20:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 04:43 - 2017-07-31 20:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 04:43 - 2017-07-31 20:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 04:43 - 2017-07-31 20:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 04:43 - 2017-07-31 20:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 04:43 - 2017-07-31 20:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 04:43 - 2017-07-31 20:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 04:43 - 2017-07-31 20:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 04:43 - 2017-07-31 20:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 04:43 - 2017-07-31 20:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 04:43 - 2017-07-31 20:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 04:43 - 2017-07-31 20:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 04:43 - 2017-07-31 20:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 04:43 - 2017-07-31 20:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 04:43 - 2017-07-31 20:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 04:43 - 2017-07-31 17:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 04:43 - 2017-07-28 00:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-09 04:43 - 2017-07-28 00:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 04:43 - 2017-07-28 00:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 04:43 - 2017-07-28 00:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-09 04:43 - 2017-07-28 00:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-09 04:43 - 2017-07-28 00:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 04:43 - 2017-07-28 00:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-09 04:43 - 2017-07-28 00:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 04:43 - 2017-07-28 00:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 04:43 - 2017-07-28 00:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-09 04:43 - 2017-07-28 00:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-09 04:43 - 2017-07-28 00:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-09 04:43 - 2017-07-28 00:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-09 04:43 - 2017-07-28 00:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-09 04:43 - 2017-07-28 00:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 04:43 - 2017-07-28 00:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 04:43 - 2017-07-28 00:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 04:43 - 2017-07-28 00:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-09 04:43 - 2017-07-28 00:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-09 04:43 - 2017-07-28 00:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-09 04:43 - 2017-07-28 00:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-09 04:43 - 2017-07-28 00:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 04:43 - 2017-07-28 00:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-09 04:43 - 2017-07-28 00:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-09 04:43 - 2017-07-28 00:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 04:43 - 2017-07-28 00:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-09 04:43 - 2017-07-27 23:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 04:43 - 2017-07-27 23:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-09 04:43 - 2017-07-27 23:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-09 04:43 - 2017-07-27 23:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 04:43 - 2017-07-27 23:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-09 04:43 - 2017-07-27 23:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-09 04:43 - 2017-07-27 23:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-09 04:43 - 2017-07-27 23:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-09 04:43 - 2017-07-27 23:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 04:43 - 2017-07-27 23:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 04:43 - 2017-07-27 23:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 04:43 - 2017-07-27 23:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 04:43 - 2017-07-27 23:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-09 04:43 - 2017-07-27 23:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-09 04:43 - 2017-07-27 23:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-09 04:43 - 2017-07-27 23:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-09 04:43 - 2017-07-27 23:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-09 04:43 - 2017-07-27 23:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-09 04:43 - 2017-07-27 23:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-09 04:43 - 2017-07-27 23:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-09 04:43 - 2017-07-27 23:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 04:43 - 2017-07-27 23:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-09 04:43 - 2017-07-27 23:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-09 04:43 - 2017-07-27 23:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-09 04:43 - 2017-07-27 23:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-09 04:43 - 2017-07-27 23:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-09 04:43 - 2017-07-27 23:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-09 04:43 - 2017-07-27 23:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-09 04:43 - 2017-07-27 23:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-09 04:43 - 2017-07-27 23:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-09 04:43 - 2017-07-27 23:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-09 04:43 - 2017-07-27 23:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 04:43 - 2017-07-27 23:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-09 04:43 - 2017-07-27 23:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-09 04:43 - 2017-07-27 23:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-09 04:43 - 2017-07-27 23:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-09 04:43 - 2017-07-27 23:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-09 04:43 - 2017-07-27 23:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-09 04:43 - 2017-07-27 23:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-09 04:43 - 2017-07-27 23:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 04:43 - 2017-07-27 23:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-09 04:43 - 2017-07-27 23:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-09 04:43 - 2017-07-27 23:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-08-09 04:43 - 2017-07-27 23:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-09 04:43 - 2017-07-27 23:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-09 04:43 - 2017-07-27 23:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 04:43 - 2017-07-27 23:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-09 04:43 - 2017-07-27 23:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-09 04:43 - 2017-07-27 23:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 04:43 - 2017-07-27 23:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-09 04:43 - 2017-07-27 23:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-09 04:43 - 2017-07-27 23:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-09 04:43 - 2017-07-27 23:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-09 04:43 - 2017-07-27 23:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 04:43 - 2017-07-27 23:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-09 04:43 - 2017-07-27 23:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-09 04:43 - 2017-07-27 23:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 04:43 - 2017-07-27 23:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-09 04:43 - 2017-07-27 23:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-09 04:43 - 2017-07-27 23:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 04:43 - 2017-07-27 23:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-09 04:43 - 2017-07-27 23:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-09 04:43 - 2017-07-27 23:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-09 04:43 - 2017-07-27 23:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-09 04:43 - 2017-07-27 23:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-09 04:43 - 2017-07-27 23:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 04:43 - 2017-07-27 23:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 04:43 - 2017-07-27 23:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-09 04:43 - 2017-07-27 23:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-09 04:43 - 2017-07-27 23:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-09 04:43 - 2017-07-27 23:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 04:43 - 2017-07-27 23:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 04:43 - 2017-07-27 23:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 04:43 - 2017-07-27 23:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 04:43 - 2017-07-27 23:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-09 04:43 - 2017-07-27 23:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-09 04:43 - 2017-07-27 23:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-09 04:43 - 2017-07-27 23:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-09 04:43 - 2017-07-27 23:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 04:43 - 2017-07-27 23:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 04:43 - 2017-07-27 23:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-09 04:43 - 2017-07-27 23:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-09 04:43 - 2017-07-27 23:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 04:43 - 2017-07-27 23:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 04:43 - 2017-07-27 23:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 04:43 - 2017-07-27 23:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-09 04:43 - 2017-07-27 23:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-09 04:43 - 2017-07-27 23:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-09 04:43 - 2017-07-27 23:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 04:43 - 2017-07-27 23:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-09 04:43 - 2017-07-27 23:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-09 04:43 - 2017-07-27 23:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 04:43 - 2017-07-27 23:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-09 04:43 - 2017-07-27 23:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-09 04:43 - 2017-07-27 23:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-09 04:43 - 2017-07-27 23:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-09 04:43 - 2017-07-27 23:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-09 04:43 - 2017-07-27 23:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-09 04:43 - 2017-07-27 23:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 04:43 - 2017-07-27 23:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 04:43 - 2017-07-27 23:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 04:43 - 2017-07-27 23:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 04:43 - 2017-07-27 23:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 04:43 - 2017-07-27 23:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 04:43 - 2017-07-27 23:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-09 04:42 - 2017-07-31 21:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 04:42 - 2017-07-31 21:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 04:42 - 2017-07-31 21:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 04:42 - 2017-07-31 21:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 04:42 - 2017-07-31 21:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 04:42 - 2017-07-31 21:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 04:42 - 2017-07-31 20:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 04:42 - 2017-07-31 20:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 04:42 - 2017-07-31 20:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 04:42 - 2017-07-31 20:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 04:42 - 2017-07-31 20:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 04:42 - 2017-07-31 20:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 04:42 - 2017-07-31 20:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 04:42 - 2017-07-31 20:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2017-08-09 04:42 - 2017-07-31 20:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 04:42 - 2017-07-31 20:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 04:42 - 2017-07-31 20:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 04:42 - 2017-07-31 20:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 04:42 - 2017-07-31 20:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 04:42 - 2017-07-31 20:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 04:42 - 2017-07-31 20:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 04:42 - 2017-07-31 20:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 04:42 - 2017-07-31 20:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 04:42 - 2017-07-31 20:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 04:42 - 2017-07-31 20:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 04:42 - 2017-07-31 20:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 04:42 - 2017-07-31 20:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 04:42 - 2017-07-31 20:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 04:42 - 2017-07-31 20:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 04:42 - 2017-07-31 20:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 04:42 - 2017-07-31 20:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 04:42 - 2017-07-31 20:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 04:42 - 2017-07-31 20:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 04:42 - 2017-07-31 20:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 04:42 - 2017-07-28 00:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-09 04:42 - 2017-07-28 00:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-09 04:42 - 2017-07-28 00:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-09 04:42 - 2017-07-28 00:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-09 04:42 - 2017-07-28 00:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-09 04:42 - 2017-07-28 00:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-09 04:42 - 2017-07-28 00:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-09 04:42 - 2017-07-28 00:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 04:42 - 2017-07-28 00:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-09 04:42 - 2017-07-28 00:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-09 04:42 - 2017-07-27 23:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-09 04:42 - 2017-07-27 23:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-09 04:42 - 2017-07-27 23:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-09 04:42 - 2017-07-27 23:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-09 04:42 - 2017-07-27 23:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-09 04:42 - 2017-07-27 23:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-09 04:42 - 2017-07-27 23:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-09 04:42 - 2017-07-27 23:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-08-09 04:42 - 2017-07-27 23:25 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2017-08-09 04:42 - 2017-07-27 23:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-09 04:42 - 2017-07-27 23:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 04:42 - 2017-07-27 23:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-09 04:42 - 2017-07-27 23:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-09 04:42 - 2017-07-27 23:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-09 04:42 - 2017-07-27 23:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-09 04:42 - 2017-07-27 23:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-09 04:42 - 2017-07-27 23:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 04:42 - 2017-07-27 23:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-09 04:42 - 2017-07-27 23:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-09 04:42 - 2017-07-27 23:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-09 04:42 - 2017-07-27 23:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-09 04:42 - 2017-07-27 23:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 04:42 - 2017-07-27 23:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 04:42 - 2017-07-27 23:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-09 04:42 - 2017-07-27 23:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-09 04:42 - 2017-07-27 23:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 04:42 - 2017-07-27 23:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-09 04:42 - 2017-07-27 23:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 04:42 - 2017-07-27 23:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 04:42 - 2017-07-27 23:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 04:42 - 2017-07-27 23:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 04:42 - 2017-07-27 23:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 04:42 - 2017-07-27 23:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-09 04:42 - 2017-07-27 23:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 04:42 - 2017-07-27 23:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-09 04:42 - 2017-07-27 23:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-09 04:42 - 2017-07-27 23:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 04:42 - 2017-07-27 23:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-09 04:42 - 2017-07-27 23:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 04:42 - 2017-07-27 23:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-09 04:42 - 2017-07-27 23:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 04:42 - 2017-07-27 23:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 04:42 - 2017-07-27 23:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 04:42 - 2017-07-27 23:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 04:42 - 2017-07-27 23:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 04:42 - 2017-07-27 23:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 04:42 - 2017-07-27 23:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-09 04:42 - 2017-07-27 23:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-09 04:42 - 2017-07-27 23:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-09 04:42 - 2017-07-27 23:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 04:42 - 2017-07-27 23:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 04:42 - 2017-07-27 23:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 04:42 - 2017-07-27 23:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 04:42 - 2017-07-27 23:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-08 20:45 - 2015-11-01 12:39 - 000000000 ____D C:\Users\HanSol PARK\AppData\Roaming\nCapture
2017-09-08 20:24 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-08 20:11 - 2017-06-23 17:35 - 002027138 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-08 20:11 - 2017-03-19 22:50 - 000714336 _____ C:\WINDOWS\system32\perfh012.dat
2017-09-08 20:11 - 2017-03-19 22:50 - 000231980 _____ C:\WINDOWS\system32\perfc012.dat
2017-09-08 20:08 - 2017-05-03 13:14 - 000000000 ___RD C:\Users\HanSol PARK\Google 드라이브
2017-09-08 20:07 - 2017-06-23 17:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-08 20:07 - 2017-06-23 17:24 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-08 20:07 - 2017-06-23 17:23 - 008143168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-08 20:07 - 2017-03-18 06:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-09-08 20:07 - 2016-06-18 15:15 - 000000000 ____D C:\ProgramData\Gramblr
2017-09-08 20:07 - 2015-07-13 06:38 - 000000000 __SHD C:\Users\HanSol PARK\IntelGraphicsProfiles
2017-09-08 20:06 - 2017-03-18 16:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-08 19:59 - 2016-10-25 21:12 - 000000000 ____D C:\ProgramData\TEMP
2017-09-08 19:53 - 2016-10-21 21:53 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-08 19:51 - 2017-06-23 17:25 - 000000000 ____D C:\Users\HanSol PARK
2017-09-08 19:51 - 2016-11-05 16:58 - 000000000 ____D C:\Users\HanSol PARK\AppData\Roaming\uTorrent
2017-09-08 19:48 - 2017-06-23 17:32 - 000004130 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EE8727DE-0C1D-4B1B-966C-58010C798706}
2017-09-08 19:24 - 2015-11-11 17:09 - 000000000 ____D C:\Users\HanSol PARK\AppData\Local\Spotify
2017-09-08 19:24 - 2015-11-11 17:08 - 000000000 ____D C:\Users\HanSol PARK\AppData\Roaming\Spotify
2017-09-07 22:51 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-05 22:37 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-30 06:50 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-30 06:31 - 2016-11-05 17:55 - 000000000 ____D C:\Users\HanSol PARK\AppData\Local\ElevatedDiagnostics
2017-08-29 03:53 - 2016-10-21 21:20 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2017-08-27 13:59 - 2017-04-06 02:23 - 000000000 ____D C:\Program Files (x86)\PDFsam Basic
2017-08-22 20:30 - 2017-05-03 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-08-22 19:36 - 2016-08-08 10:38 - 000000000 ____D C:\Users\HanSol PARK\Desktop\Application
2017-08-22 16:39 - 2017-06-23 17:32 - 000004442 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-22 16:39 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-22 16:39 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-22 16:39 - 2017-02-20 12:45 - 000000000 ____D C:\Users\HanSol PARK\AppData\Local\Adobe
2017-08-22 15:53 - 2017-06-23 17:25 - 000000000 ____D C:\Users\UpdatusUser
2017-08-20 23:07 - 2016-06-18 15:15 - 000000000 ____D C:\Program Files\Gramblr
2017-08-18 03:44 - 2015-07-14 00:36 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-16 02:20 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-14 04:05 - 2016-04-27 01:55 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-14 04:03 - 2017-03-18 16:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-14 04:03 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-14 04:03 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-14 04:03 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-14 04:03 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-14 04:03 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-14 04:03 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-14 04:03 - 2017-03-18 16:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 04:47 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-09 04:45 - 2015-07-16 23:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 04:45 - 2015-07-13 06:38 - 000000000 ____D C:\Users\HanSol PARK\AppData\Local\Packages
2017-08-09 04:44 - 2015-07-16 23:46 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-10-25 07:48 - 2015-10-25 07:48 - 000000189 _____ () C:\Program Files\100424082606.sdx
2015-08-09 11:19 - 2015-08-09 11:19 - 007846624 _____ () C:\Program Files\OpenCodecSetup.exe
2015-10-25 07:47 - 2015-10-25 07:47 - 000774656 _____ () C:\Program Files\SDM_EN.msi
2015-11-26 12:43 - 2015-11-26 12:45 - 028261776 _____ (Kakao Corp.) C:\Program Files (x86)\KakaoTalk_Setup.exe
2016-06-01 21:01 - 2016-06-01 21:01 - 000000132 _____ () C:\Users\HanSol PARK\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-10-28 05:52 - 2017-03-04 17:19 - 000000132 _____ () C:\Users\HanSol PARK\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-02-04 20:38 - 2016-02-07 01:38 - 000000102 _____ () C:\Users\HanSol PARK\AppData\Roaming\WB.CFG
2016-05-02 16:06 - 2016-05-02 16:06 - 000001456 _____ () C:\Users\HanSol PARK\AppData\Local\Adobe Save for Web 12.0 Prefs
2017-02-20 01:51 - 2017-02-20 01:51 - 000001456 _____ () C:\Users\HanSol PARK\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-06-23 17:24 - 2017-06-23 17:24 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-27 23:43 - 2013-01-12 09:51 - 000003004 _____ () C:\ProgramData\MakeMarkerFile.xml
2015-11-01 12:33 - 2016-04-04 02:27 - 000000418 _____ () C:\ProgramData\NCleanerInstAgentLog.log
2015-11-01 12:33 - 2016-04-04 02:27 - 000000418 _____ () C:\ProgramData\NVCInstAgentLog.log

Some files in TEMP:
====================
2017-08-26 07:57 - 2017-08-28 09:20 - 000204800 _____ (Sony DADC Austria AG) C:\Users\HanSol PARK\AppData\Local\Temp\drm_dyndata_7380007.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-05 20:54

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by HanSol PARK (08-09-2017 20:47:14)
Running from C:\Users\HanSol PARK\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-23 22:35:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2377441386-1568436963-1158331760-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2377441386-1568436963-1158331760-503 - Limited - Disabled)
Guest (S-1-5-21-2377441386-1568436963-1158331760-501 - Limited - Disabled)
HanSol PARK (S-1-5-21-2377441386-1568436963-1158331760-1002 - Administrator - Enabled) => C:\Users\HanSol PARK
UpdatusUser (S-1-5-21-2377441386-1568436963-1158331760-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Alice Madness Returns (HKLM-x32\...\{93A3AB24-36E8-41BA-80C6-CCEC237836DC}) (Version: 1.0.0.0 - Electronic Arts)
Bioshock version 1.1.0.0 (HKLM-x32\...\Bioshock_is1) (Version: 1.1.0.0 - Mr DJ)
Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
ColorEngine (HKLM-x32\...\{BE075478-C2A9-4F37-AB91-205C966D9848}) (Version: 3.0 - Samsung Electronics CO., LTD.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Space 2 version 1.0.0.0 (HKLM-x32\...\Dead Space 2_is1) (Version: 1.0.0.0 - Mr DJ)
Dead Space version 1.0.0.222 (HKLM-x32\...\Dead Space_is1) (Version: 1.0.0.222 - Mr DJ)
eISP 2.0 (HKLM-x32\...\eISP 2.0) (Version: 2.01 - 브이피(주))
ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Fallout 3 (HKLM\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout Mod Manager 0.9.17 (HKLM-x32\...\Fallout Mod Manager_is1) (Version: - Timeslip)
Google Drive (HKLM-x32\...\{A90339B3-2C3F-492E-B3A7-0BDFC691E526}) (Version: 2.34.6425.2548 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.9.71 - Gramblr Team)
Half-Life (HKLM-x32\...\Half-Life_is1) (Version: Half-Life - Non Steam - KingSOFT DVD)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
hppLaserJetService (HKLM-x32\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
JPEGmini (HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\058aad68af5bb729) (Version: 1.9.3.3 - ICVT Ltd)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.1 - LoiLo inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime(x64) 언어 팩 - 한국어 (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - KOR) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (HKLM-x32\...\{159EA4A9-1F8A-4B12-95B7-47581F5B0F89}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA Graphics Driver 333.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.33 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PDFsam Basic (HKLM-x32\...\{0F7F1493-D16D-4C7B-A271-17A12168CCC4}) (Version: 3.30.2.0 - Andrea Vacondio)
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10232 - Qualcomm Atheros)
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 5.0.0.471 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Recovery (HKLM\...\{CB82C1C0-C6DA-4734-83DC-DA02F59554CC}) (Version: 7.0.5 - Samsung Electronics Co., Ltd.)
S Agent (HKLM\...\{0052BF58-5307-4F7D-A379-8F4EC9212FA8}) (Version: 1.1.58 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link (HKLM\...\{5A1F24BA-845E-4C89-BFF0-826FD9A6D4EB}) (Version: 2.0.1 - Samsung Electronics Co., Ltd.)
Samsung Settings (HKLM-x32\...\{906320D6-3C1E-4C56-9B11-F17089D232F4}) (Version: 2.5.0 - Samsung Electronics Co., Ltd.)
Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.1.4.827 - Samsung Electronics Co., Ltd.)
Samsung Survey (HKLM-x32\...\{F1F6B58E-CF23-475C-AA96-EC658E9E50F3}) (Version: 2.0.1 - Samsung Electronics Co., Ltd.)
Samsung Update (HKLM-x32\...\{0BC4AC38-E7C5-4394-A6BD-32CDCE2C8B9D}) (Version: 2.2.36 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Spotify (HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\Spotify) (Version: 1.0.62.508.g2c497f24 - Spotify AB)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Korean Microsoft IME Standard Dictionary (HKLM\...\{75A54180-CA5E-47B8-AFBB-29337B976B21}) (Version: 16.0.662.1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
User Manual (HKLM-x32\...\{DA11CC4A-5E90-4EA9-8E7B-29D5328E35F0}) (Version: 1.4.00 - Samsung Electronics CO., LTD.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live 필수 패키지 (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
네이버 캡처 (HKLM-x32\...\NaverCapture) (Version: 2.6.2.0 - NAVER Corp.)
사진 갤러리 (HKLM-x32\...\{72CA45B4-0A70-45F5-B447-F6FC0795918D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
알집 10.25 (HKLM-x32\...\ALZip_is1) (Version: v10.25 - ESTsoft Corp.)
온라인 상담(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
카카오톡 (HKLM-x32\...\KakaoTalk) (Version: 2.6.0.1591 - Kakao Corp.)
크레마루나 (HKLM-x32\...\{4FEEA19E-F997-481B-9932-BC6804BF38A1}) (Version: 4.0.0.1033 - (주)한국이퍼브)
팟플레이어 (HKLM-x32\...\PotPlayer) (Version: - Kakao Corp.)
한컴오피스 뷰어 (HKLM-x32\...\{43064D9B-E0B3-43ED-A1C6-E6689CA10AB4}) (Version: 9.6.1.0 - Hancom)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\HanSol PARK\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [0SamsungLinkOverlayIconCreated] -> {D130049C-7512-4075-9145-7B8B18149060} => C:\Program Files\Samsung\SamsungLink\SLIconOverlay.dll [2016-03-21] (Samsung Electronics CO., LTD.)
ShellIconOverlayIdentifiers: [0SamsungLinkOverlayIconRenamed] -> {D130049D-7512-4075-9145-7B8B18149060} => C:\Program Files\Samsung\SamsungLink\SLIconOverlay.dll [2016-03-21] (Samsung Electronics CO., LTD.)
ContextMenuHandlers1: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2016-01-30] (ESTsoft Corp.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers2: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2016-01-30] (ESTsoft Corp.)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2016-01-30] (ESTsoft Corp.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers5: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2016-01-30] (ESTsoft Corp.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-26] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-08-01] (NVIDIA Corporation)
ContextMenuHandlers6: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2016-01-30] (ESTsoft Corp.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2A0FDEB8-1F3D-4DEF-889E-D04C08D3CDF7} - System32\Tasks\{7A01E2F5-4525-4564-AAF7-EABE07E47932} => C:\WINDOWS\system32\pcalua.exe -a A:\Bioshock\Builds\Release\Bioshock.exe -d A:\Bioshock\Builds\Release
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3E878AEE-8FEC-4ADD-9B88-5257FD2BACC1} - System32\Tasks\S-1-5-21-2377441386-1568436963-1158331760-1002\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {41C723B8-8C7C-447E-B35E-2A418F54F3A0} - System32\Tasks\Samsung\Settings\SettingsEventHandlerMonitor => C:\Program Files (x86)\Samsung\Settings\CmdServer\RSSettingEventHandler.exe [2016-01-05] (Samsung Electronics Co., Ltd.)
Task: {4281E399-3449-4F61-AAAE-9848167EA85A} - System32\Tasks\Samsung\Settings\SettingsPatternLoginMonitor => C:\Program Files (x86)\Samsung\Settings\SMessage.exe [2016-01-05] (Samsung Electronics Co., Ltd.)
Task: {53CECDE2-3589-4B7D-8FDD-77F177FE44B5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {557C2669-7FBD-40CB-A293-948AAD05D3EF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-22] (Adobe Systems Incorporated)
Task: {72831F02-FE25-49F3-90E4-E337CFE948C0} - System32\Tasks\{25087684-0660-4D70-8DD1-D6E5112FF145} => C:\WINDOWS\system32\pcalua.exe -a E:\Games\Bioshock\Builds\Release\Bioshock.exe -d E:\Games\Bioshock\Builds\Release
Task: {7A8BA22C-73F3-4DCE-88CF-A893FB1BBB01} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-22] (Adobe Systems Incorporated)
Task: {8A0DD9EE-136A-4380-8D11-3B6E504262FB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-10] (Microsoft Corporation)
Task: {952F7559-6767-4B6A-8FAA-A7955CD7BF5D} - System32\Tasks\Samsung\Settings\SettingsHibernateMonitor => C:\Program Files (x86)\Samsung\Settings\SettingsHibernateMonitor.exe [2016-01-05] (Samsung Electronics Co., Ltd.)
Task: {A15A9D1D-F238-4D0C-9437-A0A367AD0867} - System32\Tasks\Samsung\Settings\SettingsPatternLoginAccountMonitor => C:\Program Files (x86)\Samsung\Settings\SMessage.exe [2016-01-05] (Samsung Electronics Co., Ltd.)
Task: {A9A185A7-1384-4ECD-BCB4-27B4EFB02299} - System32\Tasks\AdobeAAMUpdater-1.0-SAMSUNG-HanSol PARK => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {B8B52C73-3C9E-49CE-BA2D-4D5AFBFBB25A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-10] (Microsoft Corporation)
Task: {BCCD7E55-D1D3-448E-9DED-6A8C673C14BF} - System32\Tasks\SecTimeSync\TimeSyncInit => C:\Windows\SecTimeSync.exe [2013-08-22] (Samsung Electronics CO., LTD.)
Task: {C8E40423-47E2-419B-B27C-DEA48D1110FA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {CBE1A85C-4DA9-4735-8EAA-4F7FB0311459} - System32\Tasks\Samsung\Settings\LaunchSettings => C:\Program Files (x86)\Samsung\Settings\Settings.exe [2016-01-05] (Samsung Electronics Co., Ltd.)
Task: {D5ACB174-3E74-46D2-B02F-8F97CA76BE1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-21] (Google Inc.)
Task: {D6F54F3F-8D5F-43B6-A136-266BB84EF310} - System32\Tasks\Samsung\SRS\SRS Logon => C:\Program Files\Samsung\Recovery\SRSMessages.exe [2015-02-10] (Samsung Electronics)
Task: {DA0DC63B-AA19-48C5-9A9D-A63D639B9110} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\HanSol PARK\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google 문서도구.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake

==================== Loaded Modules (Whitelisted) ==============

2017-06-23 17:24 - 2016-08-01 07:54 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-01-06 01:00 - 2012-08-31 16:03 - 000288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2016-01-06 01:00 - 2012-08-31 16:02 - 000074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-07-14 02:26 - 2014-05-19 19:19 - 000105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-06-18 15:15 - 2017-08-20 23:07 - 011804752 _____ () C:\Program Files\Gramblr\gramblr.exe
2015-08-23 03:00 - 2015-08-23 03:00 - 000076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-03-21 10:13 - 2016-03-21 10:13 - 000142056 _____ () C:\Program Files\Samsung\SamsungLink\Logger.dll
2015-09-15 12:21 - 2015-08-11 22:15 - 008900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-04 18:17 - 2013-09-04 18:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 09:23 - 2010-10-20 09:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 15:59 - 2017-03-19 22:51 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-29 03:53 - 2017-08-23 03:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-29 03:53 - 2017-08-23 03:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 001138176 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DMSManager.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000227840 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_serialization-vc90-mt-1_47.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000107008 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DCMCDP.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000032768 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\Autobackup.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000055808 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\RosettaAllShare.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000038912 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_date_time-vc90-mt-1_47.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000012800 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_system-vc90-mt-1_47.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000046592 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_thread-vc90-mt-1_47.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000707072 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ContentDirectoryPresenter.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000102400 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\FolderCDP.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000041472 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DirectoryScanner.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000520234 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\sqlite3.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000078336 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\MetadataFramework.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000028672 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AutoChaptering.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000028160 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AudioExtractor.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000450560 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\MoodExtractor.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 005717504 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DCMImgExtractor.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000017920 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\VideoExtractor.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000012288 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ImageExtractor.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000013824 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\TextExtractor.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000064000 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ID3Driver.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000012288 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\VideoThumb.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000022528 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\RichInfoDriver.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000125952 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ThumbnailMaker.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000024064 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\SECMetaDriver.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000137216 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\VideoMetadataDriver.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000686080 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\avformat-52.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000366592 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\tag.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000289792 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libThumbnail.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 004671488 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\avcodec-52.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000152064 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\swscale-0.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000290816 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libKeyFrame.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 001033216 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ImageMagickWrapper.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000024064 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\photoDriver.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000147456 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libexpat.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000070656 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\avutil-50.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000399826 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libexif-12.dll.dll
2016-03-21 10:13 - 2016-03-21 10:13 - 000044032 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\us.dll
2014-10-07 19:47 - 2014-10-07 19:47 - 000023360 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WSABI.dll
2014-10-07 19:48 - 2014-10-07 19:48 - 000211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2017-09-08 20:07 - 2017-09-08 20:07 - 000098816 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32api.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000110080 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\pywintypes27.dll
2017-09-08 20:07 - 2017-09-08 20:07 - 000364544 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\pythoncom27.dll
2017-09-08 20:07 - 2017-09-08 20:07 - 000320512 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32com.shell.shell.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000914432 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\_hashlib.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 001176576 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\wx._core_.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000806400 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\wx._gdi_.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000816128 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\wx._windows_.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 001067008 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\wx._controls_.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000733184 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\wx._misc_.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000682496 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\pysqlite2._sqlite.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000088064 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\_ctypes.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000686080 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\unicodedata.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000119808 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32file.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000108544 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32security.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000007168 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\hashobjs_ext.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000017920 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\thumbnails_ext.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000088064 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\usb_ext.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000012800 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\common.time34.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000018432 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32event.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000167936 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32gui.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000046080 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\_socket.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 001303552 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\_ssl.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000128512 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\_elementtree.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000127488 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\pyexpat.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000038912 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32inet.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000036864 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\_psutil_windows.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000524248 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\windows._lib_cacheinvalidation.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000011264 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32crypt.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000123392 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\wx._wizard.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000077312 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\wx._html2.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000027648 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\_multiprocessing.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000020480 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\_yappi.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000035840 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32process.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000078848 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\wx._animate.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000024064 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32pipe.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000010240 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\select.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000025600 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32pdh.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000017408 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32profile.pyd
2017-09-08 20:07 - 2017-09-08 20:07 - 000022528 ____R () C:\Users\HanSol PARK\AppData\Local\Temp\_MEI117322\win32ts.pyd
2016-03-15 00:26 - 2016-03-15 00:26 - 000050688 _____ () C:\Program Files (x86)\Naver\NaverCapture\gifUtil.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [85]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\khu.ac.kr -> hxxp://www.khu.ac.kr
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\knbank.co.kr -> hxxp://kibs.knbank.co.kr
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\korea.go.kr -> hxxp://www.korea.go.kr
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\lottecard.co.kr -> hxxp://www.lottecard.co.kr
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\minwon.go.kr -> hxxp://www.minwon.go.kr
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\nonghyup.com -> hxxp://nonghyup.com
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\nts.go.kr -> hxxp://www.nts.go.kr
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\pureunbank.co.kr -> hxxp://ibs.pureunbank.co.kr
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\pusanbank.co.kr -> hxxp://ibank.pusanbank.co.kr
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\samsungcard.com -> hxxp://www.samsungcard.com
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\scfirstbank.com -> hxxp://ib.scfirstbank.com
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\shinhan.com -> hxxp://banking.shinhan.com
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\shinhancard.com -> hxxp://www.shinhancard.com
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\solomonbank.com -> hxxp://ib.solomonbank.com
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\suhyup-bank.com -> hxxp://www.suhyup-bank.com
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\taxsave.go.kr -> hxxp://www.taxsave.go.kr
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\tomatobank.co.kr -> hxxp://banking.tomatobank.co.kr
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\wooribank.com -> hxxp://wooribank.com
IE trusted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\yescard.co.kr -> hxxp://www.yescard.co.kr
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2377441386-1568436963-1158331760-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\HanSol PARK\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupreg: ALMountTray => "C:\Program Files (x86)\ESTsoft\ALZip\ALMountTray.exe"
MSCONFIG\startupreg: HPUsageTrackingLEDM => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKU\S-1-5-21-2377441386-1568436963-1158331760-1002\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9F6F8B49-5D01-4907-A4A1-D08DA1397E7E}] => (Allow) C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe
FirewallRules: [{889CDF9B-CB58-4D5E-B274-6229EC1AF0E7}] => (Allow) C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe
FirewallRules: [UDP Query User{4DA34C13-C766-44F2-800F-073642AAFF52}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Allow) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [TCP Query User{CF04F261-9FD2-4941-A672-6F80F879CA62}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Allow) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [UDP Query User{A34FD517-7DEC-4974-A347-CFCB0C54C828}E:\games\dead space\dead space.exe] => (Allow) E:\games\dead space\dead space.exe
FirewallRules: [TCP Query User{16D9A154-FD8E-4C24-8B1C-E27DCF546464}E:\games\dead space\dead space.exe] => (Allow) E:\games\dead space\dead space.exe
FirewallRules: [UDP Query User{C098F15B-2E6A-47FB-9923-84C9244C3EA6}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Block) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [TCP Query User{D71D1ED2-A056-43C7-94FC-51DB74A4A42B}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Block) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [UDP Query User{9095640D-CB9D-42C3-8879-30F66AF231A4}C:\users\hansol park\desktop\dead space 2\deadspace2.exe] => (Allow) C:\users\hansol park\desktop\dead space 2\deadspace2.exe
FirewallRules: [TCP Query User{6064A180-3FE5-4489-98FD-D667175296B6}C:\users\hansol park\desktop\dead space 2\deadspace2.exe] => (Allow) C:\users\hansol park\desktop\dead space 2\deadspace2.exe
FirewallRules: [{8820511D-4BB3-4C42-A3C6-837C5522255A}] => (Allow) C:\Program Files (x86)\Mr DJ\Dead Space 2\deadspace2.exe
FirewallRules: [{A7776EA2-2F6E-4869-97DA-B707764028A1}] => (Allow) C:\Program Files (x86)\Mr DJ\Dead Space 2\deadspace2.exe
FirewallRules: [{608A95A2-E4A6-4ACB-8663-8F51DDD86762}] => (Block) C:\users\hansol park\desktop\dead space\dead space.exe
FirewallRules: [{5A7A8B0C-E25E-4425-A9C8-B2FD44B2F383}] => (Block) C:\users\hansol park\desktop\dead space\dead space.exe
FirewallRules: [UDP Query User{D8E90096-453C-41A4-9BE9-352C4E2B98BF}C:\users\hansol park\desktop\dead space\dead space.exe] => (Allow) C:\users\hansol park\desktop\dead space\dead space.exe
FirewallRules: [TCP Query User{49A9C7C4-4059-47EF-A506-23C8755D0A94}C:\users\hansol park\desktop\dead space\dead space.exe] => (Allow) C:\users\hansol park\desktop\dead space\dead space.exe
FirewallRules: [{A819CF3C-B146-402B-807C-711FEB0DB019}] => (Allow) C:\Program Files (x86)\Mr DJ\Dead Space\Dead Space.exe
FirewallRules: [{6C1E9423-D5DA-435A-A360-392FC3A737E9}] => (Allow) C:\Program Files (x86)\Mr DJ\Dead Space\Dead Space.exe
FirewallRules: [UDP Query User{6674EE75-21CF-4320-90FA-7D8E98330445}C:\users\hansol park\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hansol park\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{D2D3410E-127C-42D9-95C7-24324B442736}C:\users\hansol park\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hansol park\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{5CFCA992-9294-406D-AE5C-2417A17E50CD}C:\users\hansol park\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hansol park\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{766BA7E1-446E-406C-8F65-A0AA6BA3FF2F}C:\users\hansol park\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hansol park\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{28F1FE51-587D-49DF-9877-EEDDEEC0D189}C:\users\hansol park\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hansol park\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{673FA445-EE5B-4F24-A4F4-7BA1277D6904}C:\users\hansol park\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hansol park\appdata\roaming\spotify\spotify.exe
FirewallRules: [{67717815-7493-49A9-AC80-2FE498F5B7C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FDFD8110-F820-471D-9F25-728DC5BDCBCE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{01E93978-BDC6-42B7-A663-261FE86109D8}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{92837C99-9329-44B9-82D7-CF428FC46C1E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B836ABAE-0F22-4688-B3ED-4F212F006258}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{036EF4B1-A3F7-4A43-98C7-759CD034EC2C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{7C297994-AF35-4526-A8B9-F3D33A77EB18}A:\dead space\dead space.exe] => (Allow) A:\dead space\dead space.exe
FirewallRules: [UDP Query User{461F8D97-04AA-4EC6-AEE5-9C2AE94EBDF2}A:\dead space\dead space.exe] => (Allow) A:\dead space\dead space.exe
FirewallRules: [{5AA7C04F-0AF4-4FF0-8147-656879EEFA65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{7AF5B9FA-4969-404D-9F70-D24EC8148888}C:\users\hansol park\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hansol park\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{92869DFD-83E0-4D39-86AD-DD68B1389CDB}C:\users\hansol park\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hansol park\appdata\roaming\utorrent\utorrent.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/08/2017 08:07:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (09/08/2017 08:07:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (09/08/2017 07:56:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c117d5
Faulting module name: jucheck.exe, version: 2.8.60.27, time stamp: 0x55c117d5
Exception code: 0x40000015
Fault offset: 0x00052d24
Faulting process id: 0x2134
Faulting application start time: 0x01d32906848aec28
Faulting application path: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
Faulting module path: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
Report Id: 0446a595-dd8a-430a-9cb9-0c7b4a4885e6
Faulting package full name:
Faulting package-relative application ID:

Error: (09/08/2017 02:01:14 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program gramblr.exe because of this error.

Program: gramblr.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 9AEF5CB4
Disk type: 0

Error: (09/08/2017 02:01:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gramblr.exe, version: 0.0.0.0, time stamp: 0x599a0aaa
Faulting module name: gramblr.exe, version: 0.0.0.0, time stamp: 0x599a0aaa
Exception code: 0xc0000096
Fault offset: 0x0000000000676f84
Faulting process id: 0x2868
Faulting application start time: 0x01d328cce54d0e36
Faulting application path: C:\Program Files\Gramblr\gramblr.exe
Faulting module path: C:\Program Files\Gramblr\gramblr.exe
Report Id: e12de059-8221-4048-bc63-2859d5cca942
Faulting package full name:
Faulting package-relative application ID:

Error: (09/07/2017 11:16:59 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\google\chrome\application\chrome334.exe".
Dependent Assembly 53.0.2785.143,language="*",type="win32",version="53.0.2785.143" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2017 11:16:38 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (09/06/2017 07:42:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gramblr.exe, version: 0.0.0.0, time stamp: 0x599a0aaa
Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xa329d3a8
Exception code: 0xc0000005
Fault offset: 0x000000000001992e
Faulting process id: 0x3724
Faulting application start time: 0x01d3269c89d4e6f4
Faulting application path: C:\Program Files\Gramblr\gramblr.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 9f7f2812-13f6-4acc-9fc8-362a5104edda
Faulting package full name:
Faulting package-relative application ID:

Error: (09/05/2017 03:38:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files (x86)\google\chrome\application\chrome334.exe".
Dependent Assembly 53.0.2785.143,language="*",type="win32",version="53.0.2785.143" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/05/2017 03:38:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.


System errors:
=============
Error: (09/08/2017 08:24:49 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/08/2017 08:12:15 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/08/2017 08:08:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/08/2017 08:07:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The 응용 프로그램별 permission settings do not grant 로컬 활성화 permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost(LRPC 사용) running in the application container 사용할 수 없음 SID (사용할 수 없음). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2017 08:07:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The 응용 프로그램별 permission settings do not grant 로컬 활성화 permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost(LRPC 사용) running in the application container 사용할 수 없음 SID (사용할 수 없음). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2017 08:07:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/08/2017 08:07:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/08/2017 08:07:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (09/08/2017 08:03:32 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/08/2017 07:51:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The 응용 프로그램별 permission settings do not grant 로컬 활성화 permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost(LRPC 사용) running in the application container 사용할 수 없음 SID (사용할 수 없음). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-09-08 20:34:14.565
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvsmwu.inf_amd64_be58e4780959fe55\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-08 20:34:14.127
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-30 08:37:25.667
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvsmwu.inf_amd64_be58e4780959fe55\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-30 08:37:25.182
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-27 14:11:11.160
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvsmwu.inf_amd64_be58e4780959fe55\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-27 14:11:10.727
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-23 02:05:01.270
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvsmwu.inf_amd64_be58e4780959fe55\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-23 02:05:00.738
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-15 01:26:27.903
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvsmwu.inf_amd64_be58e4780959fe55\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-08-15 01:26:27.402
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 8107.3 MB
Available physical RAM: 4782.73 MB
Total Virtual: 11563.3 MB
Available Virtual: 8310.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:93.43 GB) (Free:11.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 26EA9241)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 12 September 2017 - 12:30 PM.


BC AdBot (Login to Remove)

 


#2 dongwonssamja

dongwonssamja
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:21 PM

Posted 09 September 2017 - 05:08 PM

Hmm now it looks like my wifi connection is completely disabled on my laptop... I clicked "enable" a few times but it doesn't work. When I try to run Windows Network diagnostics, it states that there might be a problem with the driver for the Wi-fi adapter.

Any help would be greatly appreciated! Thanks again

#3 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 10 September 2017 - 11:19 PM

Hi dongwonssamja and
Welcome to the Bleeping Computer! :)

My name is Slurppa and I will be handling your log(s) to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

 
Please familiarize yourself with the following guidelines:
  • Complete all the steps in their given order.
  • Update me about the current state of your computer.
  • If you have any problems or questions please let me know. If your are unsure how to continue please let me know.
  • Do not run any other fixes/programs that I have not instructed.
  • Copy and paste all logs into your post directly unless otherwise instructed. Don't attach logs.
  • Lack of symptoms does not mean the computer is clean. Please stick with me until I give you green light.

Member of the Bleeping Computer A.I.I. early response team!


#4 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 12 September 2017 - 03:12 PM

Hi

I noticed that you have utorrent installed.
I recommend that you uninstall it as p2p programs are a security risk.
You can find more information here.

Can you tell me what this program is:
eISP 2.0

:step1:
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Minidump Files
  • List Restore Points
Click Go and post the result (MTB.txt). A copy of MTB.txt will be saved in the same directory the tool is run.

Member of the Bleeping Computer A.I.I. early response team!


#5 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 17 September 2017 - 01:02 AM

Hi dongwonssamja

 

Please follow these instructions along with previous ones.

You seem to have installed cracked games:

Dead Space 2 version 1.0.0.0
Dead Space version 1.0.0.222

I suggest you remove these as they may be malicious.


:step1:

We need to run a fix with FRST:

Please copy and paste the fix I have placed in below to a text file and save it to the same location as FRST with name fixlist.txt
 

CloseProcesses:
FirewallRules: [UDP Query User{A34FD517-7DEC-4974-A347-CFCB0C54C828}E:\games\dead space\dead space.exe] => (Allow) E:\games\dead space\dead space.exe
FirewallRules: [TCP Query User{16D9A154-FD8E-4C24-8B1C-E27DCF546464}E:\games\dead space\dead space.exe] => (Allow) E:\games\dead space\dead space.exe
FirewallRules: [UDP Query User{9095640D-CB9D-42C3-8879-30F66AF231A4}C:\users\hansol park\desktop\dead space 2\deadspace2.exe] => (Allow) C:\users\hansol park\desktop\dead space 2\deadspace2.exe
FirewallRules: [TCP Query User{6064A180-3FE5-4489-98FD-D667175296B6}C:\users\hansol park\desktop\dead space 2\deadspace2.exe] => (Allow) C:\users\hansol park\desktop\dead space 2\deadspace2.exe
FirewallRules: [{8820511D-4BB3-4C42-A3C6-837C5522255A}] => (Allow) C:\Program Files (x86)\Mr DJ\Dead Space 2\deadspace2.exe
FirewallRules: [{A7776EA2-2F6E-4869-97DA-B707764028A1}] => (Allow) C:\Program Files (x86)\Mr DJ\Dead Space 2\deadspace2.exe
FirewallRules: [{608A95A2-E4A6-4ACB-8663-8F51DDD86762}] => (Block) C:\users\hansol park\desktop\dead space\dead space.exe
FirewallRules: [{5A7A8B0C-E25E-4425-A9C8-B2FD44B2F383}] => (Block) C:\users\hansol park\desktop\dead space\dead space.exe
FirewallRules: [UDP Query User{D8E90096-453C-41A4-9BE9-352C4E2B98BF}C:\users\hansol park\desktop\dead space\dead space.exe] => (Allow) C:\users\hansol park\desktop\dead space\dead space.exe
FirewallRules: [TCP Query User{49A9C7C4-4059-47EF-A506-23C8755D0A94}C:\users\hansol park\desktop\dead space\dead space.exe] => (Allow) C:\users\hansol park\desktop\dead space\dead space.exe
FirewallRules: [{A819CF3C-B146-402B-807C-711FEB0DB019}] => (Allow) C:\Program Files (x86)\Mr DJ\Dead Space\Dead Space.exe
FirewallRules: [{6C1E9423-D5DA-435A-A360-392FC3A737E9}] => (Allow) C:\Program Files (x86)\Mr DJ\Dead Space\Dead Space.exe
FirewallRules: [TCP Query User{7C297994-AF35-4526-A8B9-F3D33A77EB18}A:\dead space\dead space.exe] => (Allow) A:\dead space\dead space.exe
FirewallRules: [UDP Query User{461F8D97-04AA-4EC6-AEE5-9C2AE94EBDF2}A:\dead space\dead space.exe] => (Allow) A:\dead space\dead space.exe
cmd: gpresult /v
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [85]
VirusTotal: C:\Users\HanSol PARK\AppData\Local\Temp\drm_dyndata_7380007.dll;C:\WINDOWS\SysWOW64\tmp1AFD.tmp
    

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply along with new FRST log

Member of the Bleeping Computer A.I.I. early response team!


#6 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 619 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 20 September 2017 - 12:39 PM

Hi dongwonssamja

Are you still with me?

Member of the Bleeping Computer A.I.I. early response team!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users