Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running very slow


  • This topic is locked This topic is locked
10 replies to this topic

#1 samwiseOrgin

samwiseOrgin

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 23 November 2017 - 12:28 AM

While i was fixing my boss computer problem regarding Microsoft Office, He stated that he's been getting slow performance on his PC especially when trying to open an excel file. After the assessment, I have found his computer in which I think he brought from his home was rather filled with adware and unknown issue causing slowness

I was able to remove all the adware provided on this forum and I have provided FRST logs in the below. Thank you for your help in advance.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-11-2017
Ran by aa (administrator) on OFFICE-PC (23-11-2017 13:43:43)
Running from C:\Users\aa\Downloads
Loaded Profiles: aa (Available Profiles: aa)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: 한국어(대한민국)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Interezen. Co., Ltd.) C:\Program Files (x86)\IPinside_LWS\I3GMainSvc.exe
(ESTsoft Corp.) C:\Program Files (x86)\ESTsoft\ALUpdate\eausvc.exe
(EFM networks) C:\Program Files\ipTIME\ipTIME NAS\ipDISK_Drive\ipTIME_ipDISK_Drive.exe
(SOFTFORUM) C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe
(Interezen. Co., Ltd.) C:\Program Files (x86)\IPinside_LWS\I3GProc.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\V3Lite30\v3lite.exe
(NAVER Corporation) C:\Program Files\naver\NaverCleaner\ncleaner.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\stsess.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
(Dreamsecurity) C:\Program Files (x86)\DreamSecurity\MagicLine4NP\MagicLineNP.exe
(iniLINE Co., Ltd.) C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe
(NHN Corporation) C:\Program Files (x86)\naver\NaverAgent\NaverAgent.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe
(Wizvera) C:\Program Files (x86)\Wizvera\Delfino-G3\delfino.exe
(Wizvera) C:\Program Files (x86)\KeySharpNxBiz\keysharpnxbiz.exe
() C:\Program Files (x86)\INFovine\UBIKeyService.exe
(GVIX) C:\Program Files (x86)\ExBC\ExBCCtrl.exe
(HANCOM SECURE Inc.) C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PC.exe
(SignKorea) C:\Program Files (x86)\SignKorea\skcert\SKCertService.exe
(Gvix(주)) C:\Program Files (x86)\CCDNService\CCDNService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files\ipTIME\ipTIME NAS\ipDISK_Drive\mounter.exe
(GVIX) C:\Program Files (x86)\ExBC\ExBCSvc.exe
(Marvell) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Initech Co., Ltd.) C:\Program Files (x86)\Initech\common\ClientService\IniClientSvc.exe
(Initech Co., Ltd.) C:\Program Files (x86)\Initech\INISAFE Web EX Client\INISAFECrossWebEXSvc.exe
() C:\Program Files\KCP\kcppayplugin.exe
(Kings Information & Network Co., Ltd) C:\Kings\KOS\KOSSvc.exe
(NAVER Corp.) C:\Program Files (x86)\naver\NaverCommon\NaverAdminAPISvc.exe
(NAVER Corp.) C:\Program Files\naver\NaverCommon\NaverAdminAPISvc.exe
(NAVER Corp.) C:\Program Files (x86)\naver\Naver Comic Viewer\ComicService.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe
(Kings Information & Network Co., Ltd) C:\Kings\KOS\KOSinj.exe
(INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npkfxsvc.exe
(SGA Solutions) C:\Program Files (x86)\eps\Lib\Support\PWSLocalServer.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\asdsvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
(AhnLab, Inc.) C:\Program Files\AhnLab\V3Lite30\asdsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VP Inc.) C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
(VP Inc.) C:\Program Files (x86)\VP\VPWalletService\VPWalletDaemon.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\Nz32\stsess32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
(Microsoft Corporation) C:\Windows\System32\Dism.exe
(Farbar) C:\Users\aa\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [V3 Application] => C:\Program Files\AhnLab\V3Lite30\V3Lite.exe [2311368 2017-09-13] (AhnLab, Inc.)
HKLM\...\Run: [NCleaner] => C:\Program Files\naver\NaverCleaner\ncleaner.exe [3252888 2016-12-12] (NAVER Corporation)
HKLM\...\Run: [AhnLab Safe Transaction Application] => C:\Program Files\AhnLab\Safe Transaction\stsess.exe [4849368 2017-11-13] (AhnLab, Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [Korean IME Migration] => C:\Program Files\Common Files\Microsoft Shared\IME12\IMEKR\IMKRMIG.EXE [43808 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [wizvera-veraport] => C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe [1415400 2015-11-23] (WIZVERA)
HKLM-x32\...\Run: [wizvera-delfino-pc] => C:\Program Files (x86)\Wizvera\Delfino-G3\delfino.exe [15326736 2016-02-02] (Wizvera)
HKLM-x32\...\Run: [keysharpbiz] => C:\Program Files (x86)\KeySharpNxBiz\keysharpnxbiz.exe [12677872 2015-09-21] (Wizvera)
HKLM-x32\...\Run: [UBIKey] => C:\Program Files (x86)\INFovine\UBIKeyService.exe [4109168 2016-06-28] ()
HKLM-x32\...\Run: [ipinside-lws] => C:\Program Files (x86)\IPinside_LWS\I3GProc.exe [269088 2017-01-20] (Interezen. Co., Ltd.)
HKLM-x32\...\Run: [확장된 브라우저 컨트롤러] => C:\Program Files (x86)\ExBC\ExBCCtrl.exe [1689176 2017-04-04] (GVIX)
HKLM-x32\...\Run: [AnySign4PC] => C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PC.exe [2397168 2016-09-01] (HANCOM SECURE Inc.)
HKLM-x32\...\Run: [SKCertService Client] => C:\Program Files (x86)\SignKorea\skcert\SKCertService.exe [1990152 2016-05-02] (SignKorea)
HKLM-x32\...\Run: [ALMountTray] => C:\Program Files (x86)\ESTsoft\ALZip\ALMountTray.exe [2131672 2017-09-13] (ESTsoft Corp.)
HKLM-x32\...\Run: [Korean IME Migration] => C:\Program Files (x86)\Common Files\microsoft shared\IME12\IMEKR\IMKRMIG.EXE [26400 2006-10-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [8546112 2017-11-20] (Kakao Corp. )
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\Run: [MagicLine4NP] => C:\Program Files (x86)\DreamSecurity\MagicLine4NP\MagicLineNP.exe [3257736 2016-03-02] (Dreamsecurity)
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\Run: [CrossEXService] => C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe [1414168 2016-07-14] (iniLINE Co., Ltd.)
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\Run: [NaverAgent] => C:\Program Files (x86)\naver\NaverAgent\NaverAgent.exe [1840464 2014-10-24] (NHN Corporation)
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\MountPoints2: {a163aaa9-6b89-11e7-89e9-806e6f6e6963} - E:\SISetup.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2017-08-03]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 210.94.0.73
Tcpip\..\Interfaces\{40B68BA5-4AF2-470D-A7A4-12E73F6568CF}: [DhcpNameServer] 210.94.0.73
 
Internet Explorer:
==================
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://zum.com/?af=gt
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ko-kr/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {FFECAB6B-3FD5-48E2-9A4C-0E6193CF988B} URL = hxxp://esearch.ilikeclick.com/ilikeclick/?ec=20077999&MD=B&TT=%BC%D5%BD%AC%BF%EE+%B0%CB%BB%F6+-+%C0%CC%C1%F6%BC%AD%C4%A1&HK=&AT=&PL=10&TP=4&BT=4&query={searchTerms}
SearchScopes: HKU\.DEFAULT -> {FFECAB6B-3FD5-48E2-9A4C-0E6193CF988B} URL = hxxp://esearch.ilikeclick.com/ilikeclick/?ec=20077999&MD=B&TT=%BC%D5%BD%AC%BF%EE+%B0%CB%BB%F6+-+%C0%CC%C1%F6%BC%AD%C4%A1&HK=&AT=&PL=10&TP=4&BT=4&query={searchTerms}
BHO: 네이버 세이프가드 -> {000011A1-74C9-4c7e-9B4E-59B5765CF409} -> c:\program files\naver\navertoolbar\naversafeguard\nsafeguard_2016_5_23_1.dll [2017-04-21] (NAVER Corp.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-20] (Microsoft Corporation)
BHO: 네이버 툴바 도우미 -> {67C41E9E-2EBF-4F2B-AF74-314F0D793172} -> C:\Program Files\naver\NaverToolbar\NaverTB_4_0_30_300.dll [2017-04-25] (NAVER Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-11-08] (Microsoft Corporation)
BHO-x32: 네이버 세이프가드 -> {000011A1-74C9-4c7e-9B4E-59B5765CF409} -> c:\program files (x86)\naver\navertoolbar\naversafeguard\nsafeguard_2016_5_23_1.dll [2017-04-21] (NAVER Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: 네이버 툴바 도우미 -> {67C41E9E-2EBF-4F2B-AF74-314F0D793172} -> C:\Program Files (x86)\naver\NaverToolbar\NaverTB_4_0_30_302.dll [2017-07-11] (NAVER Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-11-20] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - 네이버 툴바 - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_4_0_30_300.dll [2017-04-25] (NAVER Corp.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - 네이버 툴바 - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files (x86)\naver\NaverToolbar\NaverTB_4_0_30_302.dll [2017-07-11] (NAVER Corp.)
DPF: HKLM-x32 {1CBDCD5A-18EE-4CCA-9AEA-93D5D27E310B} hxxp://update.nprotect.net/keycrypt/fsb/nhcapital/cab/npkfxx_1505271.cab
DPF: HKLM-x32 {1CEB15C5-CEE7-4424-94E2-60B2FFC68849} hxxps://www.tradesign.net/download/TradeInstaller_sha2.cab
DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxps://plugin.inicis.com/wallet61/INIwallet61_vista.cab
DPF: HKLM-x32 {2B93D4DA-2E44-4D93-B290-F9BA3E95EDFA} hxxp://patch1.pdpop.com/appx/PDPopAXCtrl.cab
DPF: HKLM-x32 {37D91428-0E1B-4154-9771-D977CE193864} hxxp://download.softforum.co.kr/Published/KSCertRlayW/v1.0.1.6/KSCertRelayW.cab
DPF: HKLM-x32 {39461460-2552-4D51-A062-3AB6A7B902E9} hxxp://img.shinhan.com/shttp/install/72013/down/INIS70.cab
DPF: HKLM-x32 {39FC0CF9-86F3-4502-B773-D16706EDEC83} hxxp://img.shinhan.com/nexrib2/common/keyStroke/SoftCamp/403210/SCSK4_VISTA.cab
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\aa\Downloads\TouchEnKey_Installer (2).exe
DPF: HKLM-x32 {99C709C7-4F58-46C1-855B-90213C760395} hxxps://pay.kcp.co.kr//plugin_new/file/kcp_ansimclick.cab
DPF: HKLM-x32 {9A09EAA0-EC66-4A07-B6C8-B54C27BC94A6} hxxp://cdn.nicepay.co.kr/dn/ags/plugin/test/AGSWalletforVista1005.cab
DPF: HKLM-x32 {A2561EA5-D4C6-4C3D-97C7-67F2C12416AD} hxxps://download.raonsecure.com/KSCertRelay/v2.1.0.2/ibk/KSCertRelay.cab
DPF: HKLM-x32 {A5261EF0-76F0-4D9C-891C-56813163D9DA} hxxps://822.co.kr/download/_cab/KoinoLoader.cab
DPF: HKLM-x32 {A56A1518-A259-4109-98B3-06A30F09AB1B} hxxps://srtk.hometax.go.kr/JXmailActiveX_2.cab
DPF: HKLM-x32 {B33FEBDC-FF38-4D0F-9C76-58C4733947AD} hxxp://download.signgate.com/download/certmgt/3.0.0.29/AxSignGATE.cab
DPF: HKLM-x32 {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} hxxp://mail2.daum.net/hanmail-ax/DaumActiveX/2_0_1_8/DaumActiveX.cab?ver=2,0,1,8
DPF: HKLM-x32 {C1143E84-B2B1-473B-9F20-E62DD754FCAF} 
DPF: HKLM-x32 {C1339348-E262-4F01-9DCD-B162A29C1276} hxxps://pgdownload.uplus.co.kr/dacom/IssacWebProCMS_4_5_0_10_oovi.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {DD8C54E8-9028-4A54-96B9-30761B1F80DF} hxxp://loan.nhcapital.co.kr/initech/plugin/down/INIS60.cab
DPF: HKLM-x32 {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} hxxp://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
DPF: HKLM-x32 {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} hxxp://update.nprotect.net/netizenv55/bank/fsb/81/fsbdev/win10/npenkIEInstall5.cab
DPF: HKLM-x32 {FE342FC7-4374-4EBE-86DB-D73AE861F779} hxxps://cloud.naver.com/activex/NaverAXGuide.cab?151119
Handler-x32: crosswebex - {dcd6ae90-ee9a-11e6-a777-005056c00008} - C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.1021\CrossEXProtocol.dll [2017-02-09] (iniLINE Co., Ltd.)
Handler: kos-loader - {06D7B628-D2C0-484D-A912-6F0AD1CBF875} - C:\Users\aa\AppData\LocalLow\kdefense\kosldr64.dll [2016-02-23] (Kings Information & Network Co., Ltd.)
Handler-x32: kos-loader - {06D7B628-D2C0-484D-A912-6F0AD1CBF875} - C:\Users\aa\AppData\LocalLow\kdefense\kosldr.dll [2016-02-23] (Kings Information & Network Co., Ltd.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-08] (Microsoft Corporation)
Handler-x32: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11018.dll [2016-02-29] (© INITECH)
Handler: secukitnx - {84f3fcde-9c99-11e5-90c1-005056c00008} - C:\Program Files\KICA\SecukitNX\CrossEX\secukitnx\1.0.1.846\CrossEXProtocol.dll [2015-12-07] (iniLINE Co., Ltd.)
Handler-x32: secukitnx - {84f3fcde-9c99-11e5-90c1-005056c00008} - C:\Program Files (x86)\KICA\SecukitNX\CrossEX\secukitnx\1.0.1.846\CrossEXProtocol.dll [2015-12-07] (iniLINE Co., Ltd.)
Handler-x32: setNTB - {9FD1305E-4C8F-4974-A4C1-A92B98D5DBD6} - C:\Program Files (x86)\naver\NaverToolbar\NTBProtocol.dll [2017-07-11] (NAVER Corp.)
Handler: smartmanagerex - {3d062750-4a63-11e6-a84d-005056c00008} -  No File
Handler-x32: touchenex - {4a20e600-8604-11e6-a5d1-005056c00008} - C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.981\CrossEXProtocol.dll [2016-09-29] (iniLINE Co., Ltd.)
 
FireFox:
========
FF HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\Firefox\Extensions: [npSandBox@initech.com] - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi
FF Extension: (INISAFE SandBox) - C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.xpi [2014-11-10] [Lagacy] [not signed]
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll [2017-05-31] (AhnLab, Inc.)
FF Plugin-x32: @ahnlab.com/asp/npmkd25sp -> C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll [2016-06-22] (AhnLab, Inc.)
FF Plugin-x32: @clipsoft.com/rexpert30 -> C:\Program Files (x86)\clipsoft\rexpert30\bin\viewer\nprexpert3.0.plugin.dll [2016-07-15] ( )
FF Plugin-x32: @gomtv.com/gomtvx-plugin -> C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll [2013-05-28] (Gretech Corporation)
FF Plugin-x32: @interezen.co.kr/npi3gmanager -> C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll [2017-07-21] (Interezen © Interezen.)
FF Plugin-x32: @lguplus.co.kr/application/lguplus-xpayplugin,version=1.0.5.1 -> C:\Program Files (x86)\XPayPlugin\npXPayPlugin_1.0.5.1.dll [2016-04-28] (LG Uplus Corp)
FF Plugin-x32: @markany.com/npMAOnFPS_COURT_OZWeb -> C:\Users\aa\AppData\Local\MarkAny\npMAOnFPS_COURT_OZWeb.dll [2016-09-20] (MarkAny)
FF Plugin-x32: @markany.com/npMAOnFPS_COURT_PrtChk -> C:\Users\aa\AppData\Local\MarkAny\npMAOnFPS_COURT_PrtChk.dll [2015-02-06] (MarkAny)
FF Plugin-x32: @markany.com/npMAOnFPS_COURT_PrtList -> C:\Users\aa\AppData\Local\MarkAny\npMAOnFPS_COURT_PrtList.dll [2015-08-31] (MarkAny)
FF Plugin-x32: @markany.com/npMAOnFPS_MultiBrowser2 -> C:\Users\aa\AppData\Local\MarkAny\npMAOnFPS_MultiBrowser2.dll [2014-09-04] (MarkAny)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-19] (Microsoft Corporation)
FF Plugin-x32: @nprotect.com/keycrypt -> C:\Windows\SysWOW64\npkfxmp.dll [2015-08-13] (INCA Internet Co., Ltd.)
FF Plugin-x32: @nprotect.com/npEfdsWPlugin -> C:\Users\aa\AppData\Local\nProtect\npEfdsWCtrl\npEfdsWPlugin.dll [2013-11-01] (INCA Internet Co., Ltd)
FF Plugin-x32: @nprotect.com/nProtect Netizen v5.5 -> C:\Program Files (x86)\INCAInternet\nProtect Netizen v5.5\npenkOBInstall5.dll [2016-05-04] (INCA Internet Co., Ltd)
FF Plugin-x32: @raonsecure.com/npKSCertRelay -> C:\Program Files (x86)\KeySharp\kscertrelay\npKSCertRelay.dll [2017-01-19] (RaonSecure Co., Ltd.)
FF Plugin-x32: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll [No File]
FF Plugin-x32: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files (x86)\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2014-06-02] (Softforum Co., LTD.)
FF Plugin-x32: @softforum.com/npXEVplugin -> C:\Program Files (x86)\SoftForum\XecureExpress\npXEVplugin.dll [2013-05-24] (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2016-09-01] (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2016-09-01] (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/xwmfPlugin -> C:\Program Files (x86)\Softforum\XecureWeb FCMS\NPPlugin\dll\npxwmfplugin.dll [2015-08-20] (Softforum Co., LTD.)
FF Plugin-x32: @SoftSecurity.com/npTEFWplugin -> C:\Windows\system32\NPTEFW.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @wideline.net/EZKeytecPlugin -> C:\Program Files (x86)\WideLine\Easykeytec v2.1\npEZKeytecPlugin.dll [2015-07-27] (Wideline, Inc. )
FF Plugin-x32: @wideline.net/EZKeytecPlugins -> C:\Program Files (x86)\WideLine\Easykeytec v2.1\npEZKeytecPlugins.dll [2015-07-27] (Wideline, Inc. )
FF Plugin-x32: @wizvera.com/npdolphin -> C:\Program Files (x86)\Wizvera\Delfino\npdelfinoplugin.dll [2016-02-12] (Wizvera)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2015-11-23] ()
FF Plugin-x32: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files (x86)\INFovine\npVineTransfer.dll [2015-07-16] (INFOVINE)
FF Plugin-x32: crosswebex@iniline.com/npCrossEXPlugin -> C:\Program Files (x86)\INITECH\INISAFE Web EX Client\bridge\CrossEX\crosswebex\1.0.1.1021\npinilinecrosswebex.dll [2017-02-09] (iniLINE Co., Ltd.)
FF Plugin-x32: secukitnx@kica.com/npCrossEXPlugin -> C:\Program Files (x86)\KICA\SecukitNX\CrossEX\secukitnx\1.0.1.846\npkicasecukitnx.dll [2015-12-07] (iniLINE Co., Ltd.)
FF Plugin-x32: touchenex@raon.com/npCrossEXPlugin -> C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.981\npraontouchenex.dll [2016-09-29] (iniLINE Co., Ltd.)
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: @ahnlab.com/asp/npmkd25sp -> C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll [2016-06-22] (AhnLab, Inc.)
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: @designmade.com/application/designmade-printmade -> C:\Program Files (x86)\Printmade2\npPrintmade2.dll [2015-07-10] ( )
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: @iniline.com/npCrossWeb -> C:\Users\aa\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0AB9084F-0EF8-499a-A461-DE46D3C4A45B}\plugins\npCrossWeb.dll [2015-07-09] (INITECH Co., Ltd.)
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: @initech.com/npSandBox -> C:\Program Files (x86)\initech\INISAFE SandBox V1\npSandBox.10052.dll [2014-11-10] (Initech Co., Ltd.)
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: @naver.com/npNLiveCast -> C:\Users\aa\AppData\Roaming\Mozilla\Plugins\NPNLiveCast.dll [2015-10-07] (NAVER Corp.)
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: @naver.com/npNLiveCast64 -> C:\Users\aa\AppData\Roaming\Mozilla\Plugins\NPNLiveCast64.dll [2015-10-07] (NAVER Corp.)
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: @raonsecure.com/npKSCertRelay -> C:\Program Files (x86)\KeySharp\kscertrelay\npKSCertRelay.dll [2017-01-19] (RaonSecure Co., Ltd.)
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: @softforum.com/npXEVplugin -> C:\Program Files (x86)\SoftForum\XecureExpress\npXEVplugin.dll [2013-05-24] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2016-09-01] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2016-09-01] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files (x86)\INFovine\npVineTransfer.dll [2015-07-16] (INFOVINE)
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: www.navercorp.com/NDownloaderObj -> C:\Users\aa\AppData\Roaming\NAVER\FileDownloader\npNDownloaderObj_1_0_0_35.dll [2014-03-13] (NAVER Corp.)
FF Plugin HKU\S-1-5-21-4202491627-2688634506-2428423890-1000: www.navercorp.com/NDownloaderObjX64 -> C:\Users\aa\AppData\Roaming\NAVER\FileDownloader\npNDownloaderObj64_1_0_0_35.dll [2014-03-13] (NAVER Corp.)
FF Plugin ProgramFiles/Appdata: C:\Users\aa\AppData\Roaming\mozilla\plugins\NPNLiveCast.dll [2015-10-07] (NAVER Corp.)
FF Plugin ProgramFiles/Appdata: C:\Users\aa\AppData\Roaming\mozilla\plugins\npNLiveCast64.dll [2015-10-07] (NAVER Corp.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\aa\AppData\Local\Google\Chrome\User Data\Default [2017-11-23]
CHR Profile: C:\Users\aa\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-23]
CHR Extension: (프레젠테이션) - C:\Users\aa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (문서) - C:\Users\aa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google 드라이브) - C:\Users\aa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08]
CHR Extension: (YouTube) - C:\Users\aa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
CHR Extension: (스프레드시트) - C:\Users\aa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google 문서 오프라인) - C:\Users\aa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-09]
CHR Extension: (AdBlock) - C:\Users\aa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-14]
CHR Extension: (Chrome 웹 스토어 결제) - C:\Users\aa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\aa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\aa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-17]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ALMountService; C:\Program Files (x86)\ESTsoft\ALZip\ALMountService.exe [228568 2017-09-13] (ESTsoft Corp.)
R2 ALUpdateService; C:\Program Files (x86)\ESTsoft\ALUpdate\eausvc.exe [381384 2017-03-22] (ESTsoft Corp.)
R2 AnySign4PC Launcher; C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe [2278384 2016-09-01] (SOFTFORUM)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 CCDN Service; C:\Program Files (x86)\CCDNService\CCDNService.exe [1925272 2016-12-20] (Gvix(주))
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-11-02] (Microsoft Corporation)
R2 DokanMounter; C:\Program Files\ipTIME\ipTIME NAS\ipDISK_Drive\mounter.exe [14848 2013-08-29] () [File not signed]
R2 Extended Brower Controler Service; C:\Program Files (x86)\ExBC\ExBCSvc.exe [115288 2017-04-04] (GVIX)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-02-15] (Macrovision Europe Ltd.) [File not signed]
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [355840 2009-11-18] (Marvell) [File not signed]
R2 I3GMainSvc; C:\Program Files (x86)\IPinside_LWS\I3GMainSvc.exe [240440 2017-01-20] (Interezen. Co., Ltd.)
S3 IMGSF50_Svc; C:\Windows\IMGSF50Svc.exe [70968 2015-11-25] (MarkAny)
R2 INISAFEClientManager; C:\Program Files (x86)\initech\common\ClientService\IniClientSvc.exe [221800 2017-05-23] (Initech Co., Ltd.)
S2 KCPTOTALPLUGIN; c:\Program Files\KCP\kcppayservice.exe [30784 2016-02-17] ()
R2 KOS_Service; C:\Kings\KOS\KOSSvc.exe [8009976 2016-02-15] (Kings Information & Network Co., Ltd)
S3 MyFw40Service; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe [681120 2016-08-30] (AhnLab, Inc.)
R2 Naver Updater; C:\Program Files (x86)\Naver\NaverCommon\NaverAdminAPISvc.exe [270480 2016-11-24] (NAVER Corp.)
R2 Naver Updater_x64; C:\Program Files\Naver\NaverCommon\NaverAdminAPISvc.exe [332432 2016-11-24] (NAVER Corp.)
R2 NaverComicService; C:\Program Files (x86)\Naver\Naver Comic Viewer\ComicService.exe [142304 2016-03-25] (NAVER Corp.)
S3 NCleanService; C:\Program Files\naver\NaverCleaner\NCleanService.exe [991384 2016-12-12] (NAVER Corporation)
R2 nossvc; C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [1726800 2017-08-31] (INCA Internet Co., Ltd.)
R2 npkfxsvc; C:\Windows\SysWow64\npkfxsvc.exe [203600 2016-03-29] (INCA Internet Co., Ltd.)
R2 PSSWSCSVC; C:\Program Files (x86)\EPS\Lib\Support\PWSLocalServer.exe [925384 2016-11-23] (SGA Solutions)
R2 SafeTransactionSVC; C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe [690880 2017-09-20] (AhnLab, Inc.)
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [793280 2014-11-04] (Samsung Electronics Co., Ltd.)
R2 V3 Service; C:\Program Files\AhnLab\V3Lite30\ASDSvc.exe [690880 2017-09-12] (AhnLab, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-12] (VIA Technologies, Inc.)
R2 VPWalletService; C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe [977320 2017-11-01] (VP Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WizveraPMSvc; C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe [924848 2015-09-21] (WIZVERA)
S2 NATService; C:\Program Files (x86)\NAT Service\natsvc.exe [X]
S2 SDLRunS; C:\Users\aa\AppData\Roaming\SPEEDD~1\speeddownsvc.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AhnFlt2K; C:\Windows\system32\drivers\AhnFlt2K.sys [84048 2015-09-03] (AhnLab, Inc.)
S3 AhnRec2K; C:\Windows\system32\drivers\AhnRec2K.sys [36280 2015-09-03] (AhnLab, Inc.)
R3 AhnRghNt; C:\Windows\system32\drivers\AhnRghNt.sys [84488 2017-09-05] (AhnLab, Inc.)
R1 AMonLWLH; C:\Windows\System32\DRIVERS\amonlwlh.sys [61112 2015-03-12] (AhnLab, Inc.)
R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [155256 2017-08-29] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys [62720 2016-08-25] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASDF; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys [200832 2016-08-25] (AhnLab, Inc.)
R3 AntiStealth_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\AHAWKENT.sys [61664 2017-09-05] (AhnLab, Inc.)
R3 AntiStealth_SafeTransactionF; C:\Program Files\AhnLab\Safe Transaction\TfFRegNt.sys [197152 2017-09-05] (AhnLab, Inc.)
R3 AntiStealth_V3LITE30; C:\Program Files\AhnLab\V3Lite30\AHAWKENT.sys [61664 2017-09-05] (AhnLab, Inc.)
R3 AntiStealth_V3LITE30F; C:\Program Files\AhnLab\V3Lite30\TfFRegNt.sys [197152 2017-09-05] (AhnLab, Inc.)
S3 ascrts_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\asc\ascrts.sys [3447128 2017-11-22] (AhnLab, Inc.)
S3 ascrts_V3LITE30; C:\Program Files\AhnLab\V3Lite30\asc\ascrts.sys [3447128 2017-11-22] (AhnLab, Inc.)
S3 ATamptNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\atamptnt.sys [342768 2016-08-25] (AhnLab, Inc.)
R3 ATamptNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\atamptnt.sys [337496 2017-08-29] (AhnLab, Inc.)
R1 ATamptNt_V3LITE30; C:\Program Files\AhnLab\V3Lite30\atamptnt.sys [337496 2017-08-29] (AhnLab, Inc.)
R1 CBFilterFS; C:\Windows\system32\drivers\cbfltfs.sys [154816 2013-08-16] (EldoS Corporation)
R3 Cdm2DrNt; C:\Windows\system32\Drivers\Cdm2DrNt.sys [92296 2017-05-23] (AhnLab, Inc.)
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [36432 2008-03-05] (DemoForge, LLC)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2013-08-29] (Windows ® Win 7 DDK provider)
R3 HCVDRV3; C:\Windows\System32\DRIVERS\HCVDRV3.sys [11992 2012-01-26] (Cnesty)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16384 2009-12-04] ()
R3 HSBDrv64; C:\Windows\System32\drivers\HSBDrv64.sys [140112 2017-10-18] (AhnLab, Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-10-28] (Intel Corporation)
S3 ISMgr; C:\Windows\system32\ImageSAFERDrv64.sys [11256 2009-11-26] ()
R3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [40232 2017-01-10] (RaonSecure Co., Ltd.)
S3 JRTDIFW; C:\Windows\system32\JRTDIFW.sys [17184 2017-01-19] (SoftSecurity Corporation)
S3 kck64; C:\Windows\system32\kck64.sys [101152 2016-10-31] (Kings Information & Network)
S3 MeDCoreD_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\MeDCoreD.sys [1024312 2017-11-03] (AhnLab, Inc.)
R3 MeDCoreD_V3LITE30; C:\Program Files\AhnLab\V3Lite30\MeDCoreD.sys [1024312 2017-11-03] (AhnLab, Inc.)
S3 MeDVpDrv_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\MeDVpDrv.sys [619832 2017-11-03] (AhnLab, Inc.)
R3 MeDVpDrv_V3LITE30; C:\Program Files\AhnLab\V3Lite30\MeDVpDrv.sys [619832 2017-11-03] (AhnLab, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [119856 2017-09-01] (AhnLab, Inc.)
R3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [160840 2017-09-01] (AhnLab, Inc.)
R3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [205648 2017-11-01] (AhnLab, Inc.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2009-12-04] (Marvell Semiconductor, Inc.)
R3 noskp; C:\Windows\syswow64\noskp64.sys [50064 2017-08-04] (INCA Internet Co.,Ltd.)
R3 nosku; C:\Windows\syswow64\nosku64.sys [58896 2017-07-24] (INCA Internet Co.,Ltd.)
S3 NPFW; C:\Windows\system32\NPFWVT64.sys [154312 2014-04-02] (INCA Internet Co.,Ltd.)
S3 NPFW; C:\Windows\SysWOW64\NPFWVT64.sys [154312 2014-04-02] (INCA Internet Co.,Ltd.)
S3 NPIDS; C:\Windows\system32\NpIdsVt64.sys [89352 2013-09-09] (INCA Internet Co.,Ltd.)
S3 NPIDS; C:\Windows\SysWOW64\NpIdsVt64.sys [89352 2013-09-09] (INCA Internet Co.,Ltd.)
S3 npkfxp; c:\windows\syswow64\npkfxp.sys [28152 2017-10-17] (INCA Internet Co.,Ltd.)
S3 npkfxu; c:\windows\syswow64\npkfxu.sys [37416 2017-10-17] (INCA Internet Co.,Ltd.)
R3 np_ck64s; C:\Windows\syswow64\np_ck64s.sys [75680 2017-10-17] (INCA Internet Co.,Ltd.)
S3 ProDefense; C:\Windows\system32\drivers\ProDefense.sys [28552 2017-09-08] (Bluegem Security)
S3 scsk5; C:\Windows\SysWow64\drivers\scsk5.sys [51560 2017-08-04] ()
R3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [147240 2016-05-03] (INCA Internet Co., Ltd.)
R3 TKCtrl; C:\Windows\SysWOW64\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [198808 2017-08-07] (INCA Internet Co., Ltd.)
R3 TKFsFtM; C:\Windows\system32\TKFsFt64.sys [28824 2014-07-07] (INCA Internet Co., Ltd.)
R1 TKFWFV; C:\Windows\System32\TKFWFV64.sys [34400 2013-11-27] (INCA Internet Co., Ltd.)
S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [199856 2017-01-18] (INCA Internet Co.,Ltd.)
S3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [118904 2017-07-24] (INCA Internet Co.,Ltd.)
R3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [54504 2017-04-17] (INCA Internet Co., Ltd.)
R3 TKRgAc; C:\Windows\system32\TKRgAc2k64.sys [115760 2017-08-01] (INCA Internet Co., Ltd.)
R3 TKRgFt; C:\Windows\system32\TKRgFtXp64.sys [68968 2017-08-01] (INCA Internet Co., Ltd.)
S3 TNFwNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys [172816 2016-08-25] (AhnLab, Inc.)
S3 TNFwNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TNFwNt.sys [156624 2017-05-24] (AhnLab, Inc.)
S3 TNNipsNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys [213352 2016-08-25] (AhnLab, Inc.)
S3 TNNipsNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TNNipsNt.sys [197784 2017-09-14] (AhnLab, Inc.)
S3 TSFLTDRV_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\tsfltdrv.sys [521896 2017-09-11] (AhnLab, Inc.)
R1 TSFLTDRV_V3LITE30; C:\Program Files\AhnLab\V3Lite30\tsfltdrv.sys [521896 2017-09-11] (AhnLab, Inc.)
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 x64kdss; syswow64\Drivers\x64kdss.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-23 13:43 - 2017-11-23 13:44 - 000037117 _____ C:\Users\aa\Downloads\FRST.txt
2017-11-23 13:43 - 2017-11-23 13:43 - 002391552 _____ (Farbar) C:\Users\aa\Downloads\FRST64 (1).exe
2017-11-23 13:43 - 2017-11-23 13:43 - 000000000 ____D C:\FRST
2017-11-23 13:38 - 2017-11-23 13:38 - 000281552 _____ C:\Windows\Minidump\112317-17940-01.dmp
2017-11-23 13:34 - 2017-11-23 13:34 - 002391552 _____ (Farbar) C:\Users\aa\Downloads\FRST64.exe
2017-11-23 13:33 - 2017-11-23 13:37 - 000000000 ____D C:\AdwCleaner
2017-11-23 13:33 - 2017-11-23 13:33 - 008261584 _____ (Malwarebytes) C:\Users\aa\Downloads\AdwCleaner.exe
2017-11-23 11:09 - 2017-11-23 11:09 - 000000000 ____D C:\Users\Happy.Bus.Day.2016.720p.HDRip.H264.AAC-JAYENT.egg
2017-11-23 11:09 - 2017-11-22 17:55 - 1792405478 _____ C:\Users\Happy.Bus.Day.2016.720p.HDRip.H264.AAC-JAYENT.egg\Happy.Bus.Day.2016.720p.HDRip.H264.AAC-JAYENT.mp4
2017-11-23 10:15 - 2017-11-23 10:15 - 000000000 ___HD C:\Users\aa\Documents\$#UPD4I
2017-11-23 10:15 - 2017-11-23 10:15 - 000000000 ___HD C:\$#UPD4I
2017-11-22 16:34 - 2017-11-22 16:34 - 000000000 ____D C:\Users\aa\AppData\LocalLow\AEGIS
2017-11-22 16:27 - 2017-11-22 16:27 - 000000000 ____D C:\Program Files (x86)\Aegis Enterprise inc
2017-11-22 16:26 - 2017-11-22 16:26 - 000000000 ____D C:\Users\aa\AppData\Local\Downloaded Installations
2017-11-16 17:17 - 2017-11-16 17:33 - 1711810518 _____ C:\Users\The.Outlaws.2017.1280x720.HD-Movement.mp4
2017-11-16 17:07 - 2017-11-16 17:07 - 002398187 _____ C:\Users\aa\Desktop\기성관련20171116.xlsx
2017-11-16 16:12 - 2017-11-16 16:12 - 000187005 _____ C:\Users\aa\Desktop\복사본 4.17년09월2차_자재_테라솔루션(외자재-통신)_5회-김진성.xlsx
2017-11-10 10:14 - 2017-11-10 17:25 - 000065233 _____ C:\Users\회사\2017년 10일급여정산20171110.xlsx
2017-11-08 15:05 - 2017-11-08 15:05 - 000000000 ____D C:\Users\MEMOIR.OF.A.MURDERER.2016.720p.HDRip.H264.AC3-PCHD.egg
2017-11-08 15:05 - 2017-11-07 19:24 - 2625704176 _____ C:\Users\MEMOIR.OF.A.MURDERER.2016.720p.HDRip.H264.AC3-PCHD.egg\MEMOIR.OF.A.MURDERER.2016.720p.HDRip.H264.AC3-PCHD.mkv
2017-11-08 15:04 - 2017-11-08 15:04 - 000001771 _____ C:\Users\Public\Desktop\AhnLab V3 Zip 2.0.lnk
2017-11-08 14:54 - 2017-11-08 14:54 - 000000000 ____D C:\Users\The.Fortress.2017.720p.HDRip.H264.AAC-PCHD.egg
2017-11-08 14:54 - 2017-11-07 18:58 - 3447770879 ____N C:\Users\The.Fortress.2017.720p.HDRip.H264.AAC-PCHD.egg\The.Fortress.2017.720p.HDRip.H264.AAC-PCHD.mkv
2017-11-08 13:48 - 2017-11-08 13:50 - 000000000 ____D C:\Users\[멜론] 2017년 11월 06일 실시간 TOP100.egg
2017-11-08 13:09 - 2017-11-08 13:10 - 915674364 _____ C:\Users\최신곡.zip
2017-11-07 17:19 - 2017-11-07 17:21 - 000000000 ____D C:\Program Files (x86)\VP
2017-11-07 17:15 - 2017-11-07 17:19 - 000000000 ____D C:\Users\aa\Documents\Koino
2017-11-07 15:34 - 2017-11-07 15:34 - 000065951 _____ C:\Users\aa\Desktop\2017년 10일법인급여신고20171107.xlsx
2017-11-06 12:38 - 2017-11-06 12:38 - 000000000 ____D C:\Users\aa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
2017-11-06 12:38 - 2017-11-06 12:38 - 000000000 ____D C:\Program Files (x86)\Daum
2017-11-06 11:22 - 2017-11-06 11:22 - 004765279 _____ (ffdshow ) C:\Users\aa\Downloads\ffdshow_rev4532_20140717_clsid (1).exe
2017-11-03 16:25 - 2017-11-03 16:26 - 010793856 _____ C:\Users\aa\Downloads\VPISPPlusSetup_V2101.exe
2017-11-02 17:25 - 2017-11-02 17:25 - 000008331 _____ C:\Users\aa\Downloads\전체이용내역조회_20171102172519.zip
2017-11-02 17:21 - 2017-11-02 17:21 - 002419432 _____ (Initech Co., Ltd.) C:\Users\aa\Downloads\SmartManagerEX (2).exe
2017-11-02 17:20 - 2017-11-02 17:20 - 002419432 _____ (Initech Co., Ltd.) C:\Users\aa\Downloads\SmartManagerEX (1).exe
2017-11-02 16:36 - 2017-11-02 16:37 - 000000000 ____D C:\Users\2017.09.10 벅스 성인가용 챠트 100.egg
2017-11-02 16:34 - 2017-11-02 16:35 - 675879987 _____ C:\Users\2017.09.10 벅스 성인가용 챠트 100.egg.zip
2017-11-02 15:25 - 2017-11-02 15:25 - 000000000 ____D C:\Users\aa\AppData\Local\Packages
2017-11-02 14:37 - 2017-11-02 14:37 - 000659536 _____ (Soft25 Inc ) C:\Users\aa\Downloads\JXMailEnterprisePlugin (14).exe
2017-11-01 14:31 - 2017-11-02 12:36 - 000036701 _____ C:\Users\aa\Desktop\OI-ATO17080012(Invoice)-20170906 10h18m03s.pdf
2017-10-31 16:01 - 2017-10-31 16:04 - 1997240547 _____ C:\Users\S07E02.1080p.KorSub.HDTV.x264.mkv
2017-10-31 12:45 - 2017-10-31 12:46 - 583671089 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E15-E16.HDTV.x264.PROPER-SVA.mkv
2017-10-31 12:45 - 2017-10-31 12:45 - 264916510 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E14.HDTV.x264-SVA.mkv
2017-10-31 12:45 - 2017-10-31 12:45 - 000201133 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E15-E16.HDTV.x264.PROPER-SVA.smi
2017-10-31 12:44 - 2017-10-31 12:44 - 238119182 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E13.HDTV.x264-FLEET.mkv
2017-10-31 12:44 - 2017-10-31 12:44 - 000091277 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E14.HDTV.x264-SVA.smi
2017-10-31 12:44 - 2017-10-31 12:44 - 000081163 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E13.HDTV.x264-FLEET.smi
2017-10-31 12:43 - 2017-10-31 12:44 - 398990703 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E12.WEB-DL.x264-RARBG.mp4
2017-10-31 12:43 - 2017-10-31 12:43 - 000080825 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E12.WEB-DL.x264-RARBG.smi
2017-10-31 12:42 - 2017-10-31 12:43 - 403451432 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E11.WEB-DL.x264-RARBG.mp4
2017-10-31 12:42 - 2017-10-31 12:42 - 292165568 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E10.WEB-DL.x264-RARBG.mp4
2017-10-31 12:42 - 2017-10-31 12:42 - 000101845 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E10.WEB-DL.x264-RARBG.smi
2017-10-31 12:42 - 2017-10-31 12:42 - 000095655 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E11.WEB-DL.x264-RARBG.smi
2017-10-31 12:41 - 2017-10-31 12:42 - 268395486 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E09.WEB-DL.x264-RARBG.mp4
2017-10-31 12:41 - 2017-10-31 12:41 - 000120837 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E09.WEB-DL.x264-RARBG.smi
2017-10-31 12:40 - 2017-10-31 12:41 - 323869009 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E08.WEB-DL.x264-RARBG.mp4
2017-10-31 12:40 - 2017-10-31 12:40 - 259528530 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E07.WEB-DL.x264-RARBG.mp4
2017-10-31 12:40 - 2017-10-31 12:40 - 000128064 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E07.WEB-DL.x264-RARBG.smi
2017-10-31 12:40 - 2017-10-31 12:40 - 000104759 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E08.WEB-DL.x264-RARBG.smi
2017-10-31 12:39 - 2017-10-31 12:40 - 271549805 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E06.WEB-DL.x264-RARBG.mp4
2017-10-31 12:39 - 2017-10-31 12:39 - 000133718 _____ C:\Users\SD(mkv)\Fear.the.Walking.Dead.S03E06.WEB-DL.x264-RARBG.smi
2017-10-31 12:36 - 2017-11-10 17:47 - 000000000 ____D C:\Users\SD(mkv)
2017-10-31 12:17 - 2017-10-31 12:20 - 1292349488 _____ C:\Users\Game.of.Thrones.S07E04.720p.WEB-DL.DDP5.1.H.264-GoT.mkv
2017-10-31 12:17 - 2017-10-31 12:17 - 000062923 _____ C:\Users\Game.of.Thrones.S07E04.720p.WEB-DL.DDP5.1.H.264-GoT.smi
2017-10-31 11:54 - 2017-10-31 11:54 - 000046515 _____ C:\Users\aa\Desktop\Traffic 2차분Invoice  Packing List 20171031(한신).pdf
2017-10-31 11:28 - 2017-10-31 11:28 - 461794720 _____ C:\Users\Game.of.Thrones.S07E07.WEB.H264-STRiFE.mkv
2017-10-31 11:28 - 2017-10-31 11:28 - 000096005 _____ C:\Users\Game.of.Thrones.S07E07.WEB.H264-STRiFE.smi
2017-10-31 11:26 - 2017-10-31 11:28 - 951911798 _____ C:\Users\Game.of.Thrones.S07E06.WEB.h264-TBS.mkv
2017-10-31 11:26 - 2017-10-31 11:26 - 000067841 _____ C:\Users\Game.of.Thrones.S07E06.WEB.h264-TBS.smi
2017-10-31 11:22 - 2017-10-31 11:26 - 795744511 _____ C:\Users\Game.of.Thrones.S07E05.WEB.h264.REPACK-TBS.mkv
2017-10-31 11:22 - 2017-10-31 11:22 - 000076293 _____ C:\Users\Game.of.Thrones.S07E05.WEB.h264.REPACK-TBS.smi
2017-10-31 11:16 - 2017-10-31 11:16 - 000055743 _____ C:\Users\Game.of.Thrones.S07E06.XviD-AFG.smi
2017-10-31 11:11 - 2017-10-31 11:13 - 847619038 _____ C:\Users\Game.of.Thrones.S07E03.WEB.h264-TBS.mkv
2017-10-31 11:11 - 2017-10-31 11:11 - 000084077 _____ C:\Users\Game.of.Thrones.S07E03.WEB.h264-TBS.smi
2017-10-30 18:23 - 2017-10-30 18:23 - 306090602 _____ C:\Users\Game.of.Thrones.S07E01.HDTV.x264-SVA.mkv
2017-10-30 18:23 - 2017-10-30 18:23 - 000065006 _____ C:\Users\Game.of.Thrones.S07E01.HDTV.x264-SVA.smi
2017-10-27 17:01 - 2017-10-27 17:01 - 000000000 ____D C:\Users\Resurrected.Victims.2017.1080p.H264.AAC-Unknown.egg
2017-10-27 17:01 - 2017-10-26 22:16 - 3741097017 ____N C:\Users\Resurrected.Victims.2017.1080p.H264.AAC-Unknown.egg\Resurrected.Victims.2017.1080p.H264.AAC-Unknown.mp4
2017-10-24 19:03 - 2017-10-24 19:03 - 000064821 _____ C:\Users\회사\2017년 25일급여정산20171025.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-23 13:39 - 2017-07-20 12:26 - 000000000 ____D C:\ProgramData\CCDN
2017-11-23 13:38 - 2016-10-18 16:04 - 875225322 _____ C:\Windows\MEMORY.DMP
2017-11-23 13:38 - 2016-10-18 16:04 - 000000000 ____D C:\Windows\Minidump
2017-11-23 13:38 - 2009-07-14 14:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-23 13:37 - 2017-07-19 15:22 - 000000000 ___RD C:\Users\aa\Documents\.
2017-11-23 13:37 - 2009-07-14 13:45 - 000010512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-23 13:37 - 2009-07-14 13:45 - 000010512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-23 13:30 - 2017-07-18 17:27 - 000000000 ____D C:\james@guardon.co.kr - james
2017-11-23 11:51 - 2016-07-27 13:20 - 000000000 ____D C:\Program Files (x86)\GRETECH
2017-11-23 11:09 - 2017-07-20 12:25 - 000000000 ____D C:\Program Files (x86)\pdpopx
2017-11-23 11:02 - 2016-02-15 12:09 - 000166984 _____ C:\Users\aa\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-23 10:49 - 2017-07-20 12:27 - 000010717 _____ C:\Users\aa\AppData\Roaming\dp.dat
2017-11-23 10:49 - 2017-07-20 12:26 - 000000000 ____D C:\Users\aa\AppData\LocalLow\ExBC
2017-11-23 10:18 - 2017-07-18 18:45 - 000000000 ____D C:\Users\aa\AppData\Roaming\Nas_Drive_Cache
2017-11-23 10:18 - 2016-02-15 12:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-23 10:16 - 2017-08-07 17:52 - 000002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-11-23 10:13 - 2009-07-14 13:45 - 005211656 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-23 10:11 - 2009-07-14 11:34 - 000000478 _____ C:\Windows\win.ini
2017-11-23 09:32 - 2017-01-31 09:06 - 000000000 ____D C:\Users\aa\AppData\LocalLow\IPinside
2017-11-22 18:55 - 2017-07-19 15:12 - 000000000 ____D C:\Users\aa\Desktop\업무일지
2017-11-22 17:28 - 2010-11-22 02:21 - 000429954 _____ C:\Windows\system32\perfh012.dat
2017-11-22 17:28 - 2010-11-22 02:21 - 000121046 _____ C:\Windows\system32\perfc012.dat
2017-11-22 17:28 - 2009-07-14 14:13 - 001329062 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-22 17:28 - 2009-07-14 12:20 - 000000000 ____D C:\Windows\inf
2017-11-22 16:27 - 2009-07-14 14:32 - 000000000 ____D C:\Windows\Downloaded Program Files
2017-11-22 15:23 - 2016-03-11 10:06 - 000000172 _____ C:\Users\aa\AppData\LocalLow\.delfino.conf
2017-11-22 11:52 - 2016-02-15 13:10 - 003353240 _____ (AhnLab, Inc.) C:\Windows\system32\btscan.exe
2017-11-22 09:35 - 2017-08-07 17:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-20 18:20 - 2017-07-18 17:13 - 000500224 _____ C:\Users\aa\Desktop\연락처20170718.xls
2017-11-15 19:07 - 2017-07-18 19:36 - 000000000 ____D C:\Users\회사
2017-11-15 12:40 - 2016-05-04 11:46 - 000000000 ____D C:\Users\aa\AppData\Local\ElevatedDiagnostics
2017-11-15 09:45 - 2016-02-15 13:08 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-15 09:45 - 2016-02-15 13:08 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-15 09:45 - 2016-02-15 13:08 - 000004104 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-11-15 09:45 - 2016-02-15 13:08 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-15 09:45 - 2016-02-15 12:34 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-14 17:58 - 2016-02-26 10:06 - 000000000 ____D C:\Users\aa\AppData\LocalLow\Naver
2017-11-14 17:58 - 2016-02-26 10:06 - 000000000 ____D C:\Program Files\naver
2017-11-14 17:58 - 2016-02-26 10:06 - 000000000 ____D C:\Program Files (x86)\naver
2017-11-14 17:09 - 2016-02-15 14:46 - 000003116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 17:09 - 2016-02-15 14:46 - 000002988 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 09:40 - 2016-02-15 14:46 - 000002169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2017-11-08 15:04 - 2016-02-15 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AhnLab
2017-11-08 15:04 - 2016-02-15 13:09 - 000000000 ____D C:\Program Files\AhnLab
2017-11-08 14:53 - 2016-04-15 14:50 - 000000000 ___SD C:\Users\aa\AppData\LocalLow\Temp
2017-11-07 17:19 - 2015-08-12 17:53 - 000214584 _____ (SoftCamp Co.,Ltd.) C:\Windows\SysWOW64\SCSKLoader.exe
2017-11-07 17:18 - 2016-04-28 15:58 - 000000000 ____D C:\Users\aa\AppData\LocalLow\KVP
2017-11-07 16:09 - 2017-08-07 14:59 - 000000000 ____D C:\Users\회사\월별지급
2017-11-03 16:38 - 2017-10-17 18:35 - 000000000 ____D C:\Program Files (x86)\TradeSign
2017-11-03 16:37 - 2017-09-05 10:22 - 000000000 ____D C:\Program Files (x86)\KICA
2017-11-03 16:37 - 2016-12-13 14:40 - 000000000 ____D C:\Program Files (x86)\VOICEYE
2017-11-03 16:36 - 2017-08-07 17:56 - 000000000 ___RD C:\Users\aa\OneDrive
2017-11-03 16:36 - 2017-07-24 10:08 - 000000000 ____D C:\Program Files (x86)\jmi
2017-11-03 16:36 - 2016-12-13 14:40 - 000000000 ____D C:\Users\aa\AppData\Local\MarkAny
2017-11-03 16:36 - 2016-04-25 11:29 - 000000000 ____D C:\Program Files (x86)\DreamSecurity
2017-11-01 01:45 - 2016-03-29 14:09 - 000205648 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\mkd3kfnt.sys
 
==================== Files in the root of some directories =======
 
2017-07-20 12:27 - 2017-11-23 10:49 - 000010717 _____ () C:\Users\aa\AppData\Roaming\dp.dat
2016-04-28 15:52 - 2016-04-28 16:04 - 000084155 _____ () C:\Users\aa\AppData\Local\issacweb.log
2016-09-29 09:32 - 2016-09-29 09:32 - 000004096 ____H () C:\Users\aa\AppData\Local\keyfile3.drm
 
Some files in TEMP:
====================
2017-11-02 15:24 - 2017-11-14 17:58 - 005423192 _____ (NAVER Corp.) C:\Users\aa\AppData\Local\Temp\InstToolbar.exe
2017-11-02 15:24 - 2017-11-02 15:24 - 001762800 _____ () C:\Users\aa\AppData\Local\Temp\NaverAdminAPISetup_x64.exe
2017-11-02 15:25 - 2017-11-02 15:25 - 001160960 _____ () C:\Users\aa\AppData\Local\Temp\NaverAdminAPISetup_x86.exe
2017-11-02 15:24 - 2017-11-14 17:58 - 000454936 _____ () C:\Users\aa\AppData\Local\Temp\NaverAgent_Setup.exe
2017-11-02 15:24 - 2017-11-02 15:24 - 001486944 _____ (NHN Corp.) C:\Users\aa\AppData\Local\Temp\NaverCommonUpdaterInst.exe
2017-11-20 16:32 - 2017-11-20 16:32 - 000015872 _____ () C:\Users\aa\AppData\Local\Temp\NsisCrypt.dll
2017-11-22 16:36 - 2017-11-22 16:36 - 001288864 _____ () C:\Users\aa\AppData\Local\Temp\VpKeyboardSetup64.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe
[2010-11-21 12:24] - [2011-01-16 08:01] - 000389632 _____ (Microsoft Corporation) 87A00ED70FEC36D0DD968E5058C29AA1
 
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 12:24] - [2009-07-14 10:41] - 001008640 _____ (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E
 
C:\Windows\SysWOW64\User32.dll
[2010-11-21 12:24] - [2009-10-21 14:53] - 000833024 _____ (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356
 
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-11-20 11:32
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2017
Ran by aa (23-11-2017 13:44:52)
Running from C:\Users\aa\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-02-15 02:49:19)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
aa (S-1-5-21-4202491627-2688634506-2428423890-1000 - Administrator - Enabled) => C:\Users\aa
Administrator (S-1-5-21-4202491627-2688634506-2428423890-500 - Administrator - Disabled)
Guest (S-1-5-21-4202491627-2688634506-2428423890-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: V3 Lite (Enabled - Up to date) {F53321E8-06B4-04FE-3F4B-C79E730117D6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: V3 Lite (Enabled - Up to date) {4E52C00C-208E-0B70-05FB-FCEC08865D6B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat 9 Pro - Korean (HKLM-x32\...\{AC76BA86-1042-0000-7760-000000000004}{AC76BA86-1042-0000-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.187 - Adobe Systems Incorporated)
AGSWalletforVista (HKLM-x32\...\{9C71B1EA-59A3-404F-9B04-CEC28188A234}) (Version: 1.0.0.3 - Aegis Enterprise inc)
AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version:  - AhnLab, Inc)
AhnLab Safe Transaction (HKLM\...\{19DD1D8D-927F-45DF-ADF4-75D38267848D}) (Version: 1.3.23.955 - AhnLab, Inc.)
AhnLab V3 Zip 2.0 (HKLM\...\{0A9DDB30-C3E4-4760-B7BF-959EB2874C64}) (Version: 2.0.2.216 - AhnLab, Inc.)
AnySign4PC 1.1.0.8 (HKLM-x32\...\AnySign4PC) (Version: 1.1.0.8 - HANCOM SECURE Inc.)
AutoCAD 2012 - Korean (HKLM\...\{5783F2D7-A001-0412-0102-0060B0CE6BBA}) (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD 2012 - Korean (HKLM\...\AutoCAD 2012 - Korean) (Version: 18.2.51.0 - Autodesk)
AutoCAD 2012 Language Pack - Korean (HKLM\...\{5783F2D7-A001-0412-1102-0060B0CE6BBA}) (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD 2012용 Autodesk Inventor Fusion 플러그인 (HKLM\...\{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}) (Version: 0.0.1.138 - Autodesk) Hidden
AutoCAD 2012용 Autodesk Inventor Fusion 플러그인 언어 팩 (HKLM\...\{E552C39C-C70E-464F-9733-8311331BDD90}) (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Inventor Fusion 2012 (HKLM\...\{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}) (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 언어 팩 (HKLM\...\{FFF7F80F-929E-497F-A112-B070DE816128}) (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\AutoCAD 2012용 Autodesk Inventor Fusion 플러그인) (Version: 0.0.1.138 - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
AxSignGATE 3.0 (HKLM-x32\...\AxSignGATE) (Version: 3.0 - 한국정보인증(주))
CCDNService 2.0.0.12 (HKLM-x32\...\CCDNService) (Version: 2.0.0.12 - Gvix(주))
Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Daum ActiveX 컨트롤 - Daum 메일 파일업로더 (HKLM-x32\...\{A21E6CD8-70E4-45CF-A1A8-FC1584D8523E}) (Version:  - Kakao Corp.)
Delfino (x86) 버전 2.1.4.3 (HKLM-x32\...\{E48E2437-FB9B-4596-9525-00DAFC7AABED}_is1) (Version: 2.1.4.3 - Wizvera)
Delfino G3 (x86) 버전 3.1.4.1 (HKLM-x32\...\{1CBD185A-9CB3-4f30-B7E4-75CC551455F9}_is1) (Version: 3.1.4.1 - Wizvera)
EasyKeytec (키보드 보안 프로그램) (HKLM-x32\...\Easykeytec) (Version:  - )
eISP 2.0 (HKLM-x32\...\eISP 2.0) (Version: 2.01 - 브이피(주))
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP)
iniLINE CrossEX Service (HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\iniLINE_CrossEX) (Version: 1.0.2.2 - iniLINE Co., Ltd.)
INISAFE CrossWeb EX v3.0 (HKLM-x32\...\UnINISafeWebEX) (Version: 3.0.0.73 - Initech, Inc.)
INISAFE SandBox 1.0 (HKLM-x32\...\INISAFE SandBox) (Version: 1.0 - Initech, Inc.)
INISafe SFilter v7.2 (HKLM-x32\...\UnINISafeWeb7) (Version: 7.2.0.16 - ©INITECH)
INISAFE Web v6.4 (HKLM-x32\...\UnINISafeWeb64) (Version: 6 - Initech ©.)
IPinside Agent (HKLM-x32\...\IPinside Agent) (Version: 1.0.2.9 - interezen)
IPinside LWS Agent (HKLM-x32\...\IPinside LWS Agent) (Version: 3.0.0.3 - interezen)
IPinside Non-p Agent (HKLM-x32\...\IPinside Non-p Agent) (Version: 2.0.0.3 - interezen)
ipTIME NAS Wizard (HKLM-x32\...\ipTIMENAS) (Version:  - )
IssacWebProCMS 4.5.0.10 oovi (HKLM-x32\...\IssacWebProCMS_oovi_is1) (Version:  - Penta Security Systems, Inc.)
JX-Mail ActiveX (HKLM-x32\...\JX-Mail ActiveX_is1) (Version:  - )
KBS Kong v3 (HKLM-x32\...\{EEED2879-F4AB-430A-998C-801D0E5B9C1E}) (Version: 3.2.2.03 - KBS인터넷(주))
KeySharp CertRelay (HKLM-x32\...\KeySharp CertRelay) (Version: 2.1.0.8 - RaonSecure Co., Ltd.)
KeySharp CertRelay(W) (HKLM-x32\...\KeySharp CertRelay(W)) (Version:  - )
keysharpnxbiz (x86) 버전 3.2.2.3 (HKLM-x32\...\{E18C0D1F-EA43-4bb3-B28A-CEA42110C331}_is1) (Version: 3.2.2.3 - WIZVERA & RAONSECURE)
Kings Online Security (HKLM-x32\...\KOS) (Version: 1.0.0.5 - Kings Information & Network Co., Ltd.)
League of Legends (HKLM-x32\...\{75B5DFD2-414C-45F1-82C0-B03337597862}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
LG Uplus XPay Plugin (Plugin) 1.0.5.1 (HKLM-x32\...\LG Uplus XPay Plugin (npRuntime)) (Version: 1.0.5.1 - LG Uplus Corp)
MagicLine4NP (HKLM-x32\...\MagicLine4NP) (Version: 1.0.0.25 - DreamSecurity, Co.Ltd)
MAGICXML (HKLM-x32\...\MAGICXML) (Version: 1.0.0.27 - Dreamsecurity Inc.)
MarkAny Inc. e-PageSafer v2.5 COURT OzWeb(Uninstall) (HKLM-x32\...\MarkAny Inc. e-PageSafer v2.5 COURT OzWeb(Uninstall)) (Version: v2.5 - MarkAny Inc.)
MarkAny Inc. e-PageSafer V2.5 NoAX ( Basic )_2.5.1.3 (HKLM-x32\...\ePageSafer) (Version: v2.5 - MarkAny Inc.)
MAWS_NARA - 증명서 발급 시스템 (HKLM-x32\...\MAWS_NARA - 증명서 발급 시스템) (Version: v2.5 - MarkAny Inc.)
Microsoft .NET Framework 4 Client Profile 한국어 언어 팩 (HKLM\...\Microsoft .NET Framework 4 Client Profile KOR Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended 한국어 언어 팩 (HKLM\...\Microsoft .NET Framework 4 Extended KOR Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office 365 - ko-kr (HKLM\...\O365HomePremRetail - ko-kr) (Version: 16.0.8625.2127 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
MPEG2코덱(libmpeg2/mad) (HKLM-x32\...\MPEG2코덱(libmpeg2/mad)) (Version:  - )
NAT Service 3.5.4.19 (HKLM-x32\...\{F67E509A-0033-4759-9E71-CE372F4D89B4}}_is1) (Version: 3.5.4.19 - Neo Network)
Naver Software Downloader (HKLM-x32\...\Naver Software Downloader) (Version: 0.0.0.1 - NAVER Corp.)
npEfdsWCtrl (HKLM-x32\...\npEfdsWCtrl) (Version:  - INCA Internet Co., Ltd.)
nProtect KeyCrypt V6.5 (HKLM-x32\...\npkfx) (Version: 6.5 - INCA Internet Co., Ltd.)
nProtect Netizen v5.5 (HKLM-x32\...\nProtect Netizen v5.5) (Version: 2015.8.20.1 - INCA Internet Co., Ltd.)
nProtect Online Security V1.0(PFS) (HKLM-x32\...\nProtect Online Security V1.0(PFS)) (Version: 2016.3.24.1 - INCA Internet Co., Ltd.)
NTSMagicLineMBX (HKLM-x32\...\NTSMagicLineMBX) (Version: 1.0.10.13 - Dreamsecurity Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0412-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDPOP (HKLM-x32\...\PDPOP) (Version:  - TBENM Co., Ltd.)
Printmade2 (HKLM-x32\...\{4EF8C716-1E9A-4FD4-BC4F-E18BD949974C}_is1) (Version: 2.0.1.20 - NagoSoft, Inc.)
ProWorksGrid 1,0,0,78 (HKLM-x32\...\{DF7D9461-61E6-43E8-8E15-49D32544C187}) (Version: 1.00.0078 - INSWAVE Systems)
REDBC NX_PRNMAN (HKLM-x32\...\REDBC NX_PRNMAN_is1) (Version: 1.0.0.6 - RedBC Co.,Ltd.)
Rexpert30 Viewer 1,0,0,447 (HKLM-x32\...\Rexpert30 Viewer) (Version: 1,0,0,447 - ClipSoft)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.46 (2014-10-30) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.06.00.08(2016-09-07) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.26 (2017-03-13) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.11.14 (2014-11-04) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 1.0.1 - HP)
SecuKit NX (HKLM\...\SecuKit NX) (Version: 1.0.0.8 - 한국정보인증(주))
SignKorea NA Certification Toolkit(공인인증 프로그램) (HKLM-x32\...\SKCert.{FF902CAB-2018-4036-9CAC-91AAC839021C}) (Version: 2.1.6.2656 - 코스콤)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
SpeedDownload - Bomul (HKLM-x32\...\SpeedDownLoader) (Version: 2.0 - DreamWiz Internet Co.,Ltd)
TouchEn key with E2E for 32bit (HKLM-x32\...\TouchEn_key) (Version:  - RaonSecure Co., Ltd.)
TouchEn nxFirewall32 (HKLM-x32\...\{27640517-0513-4d81-A61E-228DC51680F8}) (Version: 1.0.0.11 - RaonSecure Co., Ltd.)
TouchEn nxKey with E2E for 32bit (HKLM-x32\...\TouchEn nxKey) (Version: 1.0.0.47 - RaonSecure Co., Ltd.)
V3 Lite (HKLM\...\{5FC548FC_0888_4832_B037_835C34A0B599}) (Version: 3.3.3.727 - AhnLab, Inc.)
Veraport(보안모듈 관리 프로그램) G3 - 3,0,4,2 (HKLM-x32\...\{2D992E01-604B-472C-A883-1DDA105A24D5}_is1) (Version: 3,0,4,2 - Wizvera)
WIZVERA Process Manager 1,0,1,7 (HKLM-x32\...\{8941A397-4065-4F41-92CE-0EB610846EED}_is1) (Version: 1,0,1,7 - WIZVERA)
XecureExpress (HKLM-x32\...\XecureExpress) (Version:  - )
XecureWeb Control (HKLM-x32\...\XecureWeb Control) (Version: 7, 2, 9, 1 - SoftForum Co., Ltd.)
XecureWeb UnifiedPlugin (HKLM-x32\...\XecureWeb UnifiedPlugin) (Version: 1.0.5.15 - SoftForum Co., Ltd.)
XecureWeb-Multi FCMS (HKLM-x32\...\XecureWeb-Multi FCMS) (Version: 1.0.1.4 - SoftForum Co., Ltd.)
yessign7 XML ActiveX Control (HKLM-x32\...\yessign7XMLActiveX) (Version: 1,0,1,50 - 금융결제원)
Youtube Downloader HD v. 2.9.9.27 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)
곰TV 플러그인 (HKLM-x32\...\GomTV Launcher Plugin) (Version: 1.0.0.3 - Gretech Corporation)
곰플레이어 (HKLM-x32\...\GOM Player) (Version: 2.3.22.5279 - GOM & Company)
네이버 ActiveX 가이드 (HKLM-x32\...\NaverSetup) (Version: 1.0.3.13 - NAVER Corp.)
네이버 라이브 스트리밍 서비스 (HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\NLiveCast) (Version: 2.0.0.19 - NAVER Corp.)
네이버 만화뷰어 (HKLM-x32\...\NComic) (Version: 1.0.1.1 - NAVER Corp.)
네이버 업데이터 (HKLM-x32\...\NaverUpdater) (Version: 1.0.2.31 - NAVER Corp.)
네이버 업데이터 64bit (HKLM\...\NaverUpdater) (Version: 1.0.64.31 - NAVER Corp.)
네이버 클리너 (HKLM\...\NCleaner) (Version: 1.0.64.171 - NAVER Corp. )
네이버 툴바 (HKLM-x32\...\NaverToolbar) (Version: 4.0.30.302 - NAVER Corp.)
사용 설명서 보기 (HKLM-x32\...\View User Guide) (Version: 3.60.47.0 - )
삼성 프린터 진단 (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
알PDF 1.1 (HKLM-x32\...\ALPDF_is1) (Version: v1.1 - ESTsoft Corp.)
알집 10.72 (HKLM-x32\...\ALZip_is1) (Version: v10.72 - ESTsoft Corp.)
알툴즈 업데이트 (HKLM-x32\...\ALUpdate_is1) (Version: v16.1 - ESTsoft Corp.)
영웅문4 (HKLM-x32\...\{116E39FB-DB41-42D8-B976-A648BD68BBD9}) (Version: 4.00.000 - Kiwoom Securities)
카카오톡 (HKLM-x32\...\KakaoTalk) (Version: 2.6.3.1672 - Kakao Corp.)
하우코덱 (HKLM-x32\...\하우코덱) (Version:  - )
한글과컴퓨터 한글 2007 (HKLM-x32\...\{B2423C36-006E-4270-AEBC-CFC4CAF2C310}) (Version: 7.0.0.121 - Haansoft)
확장된 브라우저 컨트롤러 (HKLM-x32\...\ExBC) (Version:  - Gvix Co.,Ltd)
휴대폰인증서(보관)서비스 (HKLM-x32\...\INFovine) (Version:  - INFovine)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\aa\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\aa\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2017 - English\en-US\dwgviewrficn.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Korean\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2017 - English\dwgviewr.exe => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\aa\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\aa\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{b039d18d-c6c5-54f8-ace1-0b8fff1ed771}\InprocServer32 -> C:\Users\aa\AppData\Roaming\NAVER\FileDownloader\npNDownloaderObj64_1_0_0_35.dll (NAVER Corp.)
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Korean\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Korean\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Korean\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Korean\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.)
ContextMenuHandlers1: [!NetFax0] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2014-11-04] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax1] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2014-11-04] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax2] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2014-11-04] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax3] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2014-11-04] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax4] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2014-11-04] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax5] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2014-11-04] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax6] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2014-11-04] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [!NetFax7] -> {35308360-D4A6-436D-B701-1FEC7E96BA48} => C:\Windows\system32\spool\drivers\x64\3\NetFaxShell64.dll [2014-11-04] (Samsung Electronics Co., Ltd.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2016-02-07] (Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems Inc.)
ContextMenuHandlers1: [AhnLab.V3Shl] -> {F2F52A0A-D37B-481B-8861-547A512D2295} => C:\Program Files\AhnLab\V3Lite30\V3Shl.dll [2015-05-28] (AhnLab, Inc.)
ContextMenuHandlers1: [AhnLab.V3Zip] -> {3F967A1C-9BFA-4555-8D19-1184E22212FA} => C:\Program Files\AhnLab\V3Zip20\V3ZipSh3.dll [2011-10-06] (AhnLab, Inc.)
ContextMenuHandlers1: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2017-09-14] (ESTsoft Corp.)
ContextMenuHandlers2: [AhnLab.V3Shl] -> {F2F52A0A-D37B-481B-8861-547A512D2295} => C:\Program Files\AhnLab\V3Lite30\V3Shl.dll [2015-05-28] (AhnLab, Inc.)
ContextMenuHandlers2: [AhnLab.V3Zip] -> {3F967A1C-9BFA-4555-8D19-1184E22212FA} => C:\Program Files\AhnLab\V3Zip20\V3ZipSh3.dll [2011-10-06] (AhnLab, Inc.)
ContextMenuHandlers2: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2017-09-14] (ESTsoft Corp.)
ContextMenuHandlers4: [AhnLab.V3Shl] -> {F2F52A0A-D37B-481B-8861-547A512D2295} => C:\Program Files\AhnLab\V3Lite30\V3Shl.dll [2015-05-28] (AhnLab, Inc.)
ContextMenuHandlers4: [AhnLab.V3Zip] -> {3F967A1C-9BFA-4555-8D19-1184E22212FA} => C:\Program Files\AhnLab\V3Zip20\V3ZipSh3.dll [2011-10-06] (AhnLab, Inc.)
ContextMenuHandlers4: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2017-09-14] (ESTsoft Corp.)
ContextMenuHandlers5: [AhnLab.V3Shl] -> {F2F52A0A-D37B-481B-8861-547A512D2295} => C:\Program Files\AhnLab\V3Lite30\V3Shl.dll [2015-05-28] (AhnLab, Inc.)
ContextMenuHandlers5: [AhnLab.V3Zip] -> {3F967A1C-9BFA-4555-8D19-1184E22212FA} => C:\Program Files\AhnLab\V3Zip20\V3ZipSh3.dll [2011-10-06] (AhnLab, Inc.)
ContextMenuHandlers5: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2017-09-14] (ESTsoft Corp.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-12-31] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2008-06-11] (Adobe Systems Inc.)
ContextMenuHandlers6: [AhnLab.V3Shl] -> {F2F52A0A-D37B-481B-8861-547A512D2295} => C:\Program Files\AhnLab\V3Lite30\V3Shl.dll [2015-05-28] (AhnLab, Inc.)
ContextMenuHandlers6: [AhnLab.V3Zip] -> {3F967A1C-9BFA-4555-8D19-1184E22212FA} => C:\Program Files\AhnLab\V3Zip20\V3ZipSh3.dll [2011-10-06] (AhnLab, Inc.)
ContextMenuHandlers6: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2017-09-14] (ESTsoft Corp.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B33F1C1-61A7-475D-BB1B-0C31BF08F26A} - System32\Tasks\ipTIME_NAS_Drive_Task => C:\Program Files\ipTIME\ipTIME NAS\ipDISK_Drive\ipTIME_ipDISK_Drive.exe [2015-07-08] (EFM networks)
Task: {1D36682C-8D07-49A3-942C-8BB89789221F} - System32\Tasks\NClient\Logon Trigger => C:\Users\aa\AppData\Local\Naver\NClient\NClient.exe [2016-02-25] (NAVER Corp.)
Task: {1EFBCB7B-60BF-4947-96B0-72D19A95B17D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-15] (Adobe Systems Incorporated)
Task: {4522F06B-936A-4261-8901-E7CB307D9E72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-15] (Google Inc)
Task: {561E3BA3-83FB-4096-8E9A-8647914A9A45} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
Task: {6AF5B1FC-5AA6-4F35-828C-8B10F3302A28} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {90A80A34-8E81-4594-B1FD-27E3DA774778} - System32\Tasks\Microsoft\Internet Explorer\Internet Explorer 이전 버전 정리 => C:\Windows\SYSTEM32\ie4uinit.EXE [2016-02-15] (Microsoft Corporation)
Task: {9FEF1EBD-14D8-473F-9A9F-13EAEE28127D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-11-20] (Microsoft Corporation)
Task: {A1C6EB91-57BD-484C-A295-A5FC0405F743} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-15] (Google Inc)
Task: {A3335A60-6DC6-46F7-9732-C9A72F9EE13A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-29] ()
Task: {DA74E35E-52DC-4948-8175-220C9D6EC263} - System32\Tasks\NaverSoftware\ToolsLog => C:\Users\aa\AppData\Local\Naver\NClient\NClient.exe [2016-02-25] (NAVER Corp.)
Task: {EEB15CE7-75D2-4108-AABC-23A754CF9CB7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\aa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum\Daum ActiveX 매니저.Lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://cs.daum.net/faq/124/7912.html?faqId=9731
ShortcutWithArgument: C:\Users\aa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-19 10:18 - 2009-11-20 13:43 - 000405504 _____ () C:\Windows\System32\HPM1210LM.DLL
2017-08-03 14:43 - 2015-06-11 22:58 - 000022528 _____ () C:\Windows\System32\ssm4mlm.dll
2017-07-19 10:19 - 2009-11-20 13:43 - 000074240 ____N () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.DLL
2011-02-02 14:08 - 2011-02-02 14:08 - 000018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
2014-09-08 13:39 - 2014-09-08 13:39 - 000464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 000051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2016-12-13 13:58 - 2016-06-28 12:30 - 004109168 _____ () C:\Program Files (x86)\INFovine\UBIKeyService.exe
2013-08-29 18:46 - 2013-08-29 18:46 - 000014848 _____ () C:\Program Files\ipTIME\ipTIME NAS\ipDISK_Drive\mounter.exe
2016-03-31 15:11 - 2016-03-02 19:01 - 001849408 _____ () C:\Program Files\KCP\kcppayplugin.exe
2017-08-03 14:44 - 2013-02-22 13:29 - 000365568 _____ () C:\Windows\system32\SaMinDrv.dll
2017-08-03 14:43 - 2015-06-10 15:18 - 000087552 ____N () C:\Windows\system32\ssdevm64.dll
2016-03-29 14:10 - 2015-10-30 14:07 - 001108755 _____ () C:\Program Files\AhnLab\Safe Transaction\RunTmp\klib.dll
2017-11-14 09:40 - 2017-11-10 18:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-14 09:40 - 2017-11-10 18:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2016-09-01 15:28 - 2016-09-01 15:28 - 000127984 _____ () C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\xwm_smartcard.dll
2016-06-20 11:03 - 2016-06-20 11:03 - 000014336 _____ () C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\KEBSFSC_WR.dll
2016-06-20 11:04 - 2016-06-20 11:04 - 000143360 _____ () C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\NSLDAP32V50.dll
2016-01-26 16:51 - 2016-01-26 16:51 - 002951680 _____ () C:\Program Files (x86)\DreamSecurity\MagicLine4NP\CertManager.dll
2014-06-13 15:07 - 2014-06-13 15:07 - 000139264 _____ () C:\Program Files (x86)\DreamSecurity\MagicLine4NP\NSLDAP32V50.dll
2016-01-11 14:41 - 2016-01-11 14:41 - 001657856 _____ () C:\Program Files (x86)\DreamSecurity\MagicLine4NP\GPKIProcSession.dll
2017-09-05 10:38 - 2016-05-02 11:38 - 002226688 _____ () C:\Program Files (x86)\SignKorea\skcert\SantiagoSecurityService.dll
2017-09-05 10:38 - 2016-05-02 11:36 - 000141824 _____ () C:\Program Files (x86)\SignKorea\skcert\nss4Mango.dll
2016-12-13 13:57 - 2017-09-08 11:51 - 000361576 _____ () C:\Program Files (x86)\initech\INISAFE Web EX Client\INIExtensionPipe.dll
2016-12-13 13:57 - 2017-09-08 11:51 - 000489064 _____ () C:\Program Files (x86)\INITECH\INISAFE Web EX Client\INISAFECrossWebEX.dll
2016-03-16 14:26 - 2016-03-16 14:26 - 000051712 _____ () C:\Program Files (x86)\Naver\Naver Comic Viewer\tinyxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\aa\AppData\Local\Temp:{67AD6FA5-2A7D-47de-A0C4-F04C8F26F841} [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\customs.go.kr -> hxxps://unipass.customs.go.kr
IE trusted site: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\dacom.net -> dacom.net
IE trusted site: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\lgdacom.net -> lgdacom.net
IE trusted site: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\uplus.co.kr -> uplus.co.kr
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 11:34 - 2016-02-15 12:39 - 000001451 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 practivate.adobe
127.0.0.1 practivate.adobe.com
127.0.0.1 practivate.adobe.newoa
127.0.0.1 practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
127.0.0.1 ereg.wip3.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\aa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 210.94.0.73
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: HncUpdate => C:\Program Files (x86)\Common Files\Hnc\HncUtils\HncUpdate.exe /A
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Korean IME Migration => C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{8958866F-193E-4636-BE72-6F4194FFEE76}] => (Allow) C:\Program Files\AhnLab\V3Lite30\MUpdate2\duri.ahn
FirewallRules: [{050B0AC3-4B03-4AF6-9BF9-15DA310DB9AD}] => (Allow) C:\Program Files\AhnLab\V3Lite30\MUpdate2\duri.ahn
FirewallRules: [{4D1D02CA-D851-4513-9441-A0647CC4FFB6}] => (Allow) C:\Program Files (x86)\naver\NaverCommon\NaverAdminAPISvc.exe
FirewallRules: [{72805C0C-E4E8-4575-83BA-E7DFB0905FA2}] => (Allow) C:\Program Files (x86)\naver\NaverCommon\NaverAdminAPISvc.exe
FirewallRules: [{A6373430-93DC-433C-B536-DCC375A978AD}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{6B6419E3-FDCB-430E-B760-07CEF5E7018F}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{2E7297D0-CF11-43B8-98B6-F7905A5BB70A}] => (Allow) C:\Users\aa\AppData\Roaming\NAVER\NLiveCast\NLiveCast.exe
FirewallRules: [{37C9C6A7-8C11-497F-8DD8-DABC8A30C3C2}] => (Allow) C:\Users\aa\AppData\Roaming\NAVER\NLiveCast\NLiveCast.exe
FirewallRules: [{76D67C28-55E2-4F38-A057-FE2B2524B14B}] => (Allow) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
FirewallRules: [TCP Query User{021DFAF4-CA4D-4CC2-A4E2-27BCEDCD0C52}C:\program files\kcp\kcppayplugin.exe] => (Allow) C:\program files\kcp\kcppayplugin.exe
FirewallRules: [UDP Query User{B231E97B-0032-411F-9BF7-9CC7E475BF58}C:\program files\kcp\kcppayplugin.exe] => (Allow) C:\program files\kcp\kcppayplugin.exe
FirewallRules: [TCP Query User{2DD9E905-3401-4A13-9BA6-9E13BA4F09A5}C:\program files\kcp\kcppayplugin.exe] => (Allow) C:\program files\kcp\kcppayplugin.exe
FirewallRules: [UDP Query User{5CC341F6-2897-4F80-B3BF-992798A9691F}C:\program files\kcp\kcppayplugin.exe] => (Allow) C:\program files\kcp\kcppayplugin.exe
FirewallRules: [TCP Query User{A0AB84DF-BC77-4500-8074-BEAFF4C9A954}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Block) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [UDP Query User{516676D4-2DFF-455D-8D2E-4BB2AF62B26F}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Block) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [{CF792F22-66C6-4AA3-9348-6A8776CE567F}] => (Allow) C:\Users\aa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8EDF381B-2FA7-47B1-8BA6-989F5306469D}] => (Allow) C:\Users\aa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4DAA5A62-A9DC-4642-A051-1BF067ABE9D3}] => (Allow) C:\Users\aa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDC7942A-9B8D-438D-B4F4-DC13ECBE1D4D}] => (Allow) C:\Users\aa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6744581-7EF8-4619-BC96-530DB34DE58E}] => (Allow) C:\Users\aa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C010CFD-D51D-4D77-8F2E-9D9971BD6921}] => (Allow) C:\Users\aa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{305F9171-50C2-4B1D-AB1D-B975556E6702}] => (Allow) C:\Program Files (x86)\DreamSecurity\MagicLine4NP\MagicLineNP.exe
FirewallRules: [{5D0B46B1-2FF4-4D8C-810B-1652DB24E3E7}] => (Allow) C:\Users\aa\AppData\Roaming\RIOTGames\rgDownload\rgDownload.exe
FirewallRules: [{590FFD72-3977-4AFF-9E94-B3471AB0166C}] => (Allow) C:\Users\aa\AppData\Roaming\RIOTGames\rgDownload\rgDownload.exe
FirewallRules: [{6094AFC6-EF69-4014-8539-12558B668208}] => (Allow) C:\Users\aa\AppData\Roaming\NAVER\NLiveCast\NLiveCast.exe
FirewallRules: [{C3DE1C07-0F56-4B67-ADB9-6B915FC52A53}] => (Allow) C:\Users\aa\AppData\Roaming\NAVER\NLiveCast\NLiveCast.exe
FirewallRules: [TCP Query User{D3BC6CB6-767E-45D6-A11D-21B4A5491C46}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Block) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [UDP Query User{DFC3FCDA-900B-45ED-A4C9-5C0693EC0B14}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Block) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
FirewallRules: [{A4000BE6-397F-460D-BE14-6EC540239814}] => (Allow) C:\Program Files (x86)\INFovine\UBIKeyService.exe
FirewallRules: [{BF8BA6BE-C47E-4D8D-A391-9F4B01CD6820}] => (Allow) C:\Program Files (x86)\INFovine\UBIKeyService.exe
FirewallRules: [{FD34907F-B557-4494-B664-3C912D4454AB}] => (Allow) C:\Program Files (x86)\IPinside_LWS\I3GProc.exe
FirewallRules: [TCP Query User{08133DC9-C076-481A-8828-1405F6685B0E}C:\program files (x86)\markany\maeps\epagesafer.exe] => (Block) C:\program files (x86)\markany\maeps\epagesafer.exe
FirewallRules: [UDP Query User{AE78D666-33AF-4DE6-9D9B-D29C5165DF30}C:\program files (x86)\markany\maeps\epagesafer.exe] => (Block) C:\program files (x86)\markany\maeps\epagesafer.exe
FirewallRules: [{557CAE4F-42C2-4D19-9AE3-667120A83594}] => (Allow) C:\Program Files\ipTIME\ipTIME NAS\ipDISK_Drive\ipTIME_ipDISK_Drive.exe
FirewallRules: [{0733F319-8EDF-44D5-B4E9-89FC66C0500E}] => (Allow) C:\Program Files (x86)\CCDNService\CCDNService.exe
FirewallRules: [{AED80551-CEE1-4AA9-81F5-899FE010DE41}] => (Allow) C:\Program Files (x86)\CCDNService\CCDNService.exe
FirewallRules: [{DFC5AE82-7707-4D9E-A055-0A45CC77163A}] => (Allow) C:\Program Files (x86)\pdpopx\pdpop_nanoomidown.exe
FirewallRules: [{CEC99107-18C0-4C10-8B47-E85CDEF3DF69}] => (Allow) C:\Program Files (x86)\pdpopx\pdpop_nanoomidown.exe
FirewallRules: [{81690481-C452-4792-B17F-AEB08F05DE50}] => (Allow) C:\Program Files (x86)\NAT Service\natsvc.exe
FirewallRules: [{5C962EDD-9699-41FA-9981-BA638758DD88}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{D70AA345-B8E0-4B0F-B290-675817A2EEAC}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{59EFC79C-F2B5-4577-99E4-0380E6A2C103}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{476EF1A8-BBB7-4684-B59D-CA9068AB435C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{FD18DD8D-E6AC-4659-87E0-275F698C21B7}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{13E6A559-FA39-4EC6-B57A-97FB224FCD61}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{1A28EAF8-E1B3-4761-A786-216F5504AD4B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{502E910E-15FA-4A49-8C1D-BDC8696CF4BB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{96246412-6280-4CE8-865C-EB19F9411CEB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{17501F55-3997-4EEA-995A-C100A14EB986}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{25A9031C-E76D-43A1-B7F0-493E5A7FE081}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{ABE7811D-F7FB-4A93-8425-30EBC715BA88}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{469E0122-BAB8-42AB-A95B-0A9950F3C697}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{8D391FDF-022C-43B6-B05B-678402E995AB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A21E6097-E308-4061-8B7D-9841F064FFE8}] => (Allow) C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PC.exe
FirewallRules: [{AAB46BFE-4703-4279-A9A3-3AA17CB9035A}] => (Allow) C:\Program Files (x86)\KICA\Common\kpmsvc\kpmcnt.exe
FirewallRules: [{5D1C81A4-BF07-448C-A21C-A0B6ED7B48FE}] => (Allow) C:\Program Files (x86)\KICA\Common\kpmsvc\kpmcnt.exe
FirewallRules: [{5E69B8CE-967D-43EC-8481-77B0BC498C9C}] => (Allow) LPort=14315
FirewallRules: [{DFA528C9-6367-40D2-B197-2002FB5D7E59}] => (Allow) C:\Program Files (x86)\Initech\INISAFE Web EX Client\INISAFECrossWebEXSvc.exe
FirewallRules: [{C3616205-BBAB-4906-97AA-5C4A8903B9BF}] => (Allow) C:\Program Files (x86)\Initech\INISAFE Web EX Client\INISAFECrossWebEXSvc.exe
FirewallRules: [TCP Query User{284912B2-D14F-4596-94D4-FF867D9D1A0A}C:\program files (x86)\kbs kong v3\kong_v3.exe] => (Allow) C:\program files (x86)\kbs kong v3\kong_v3.exe
FirewallRules: [UDP Query User{23473FFD-AF47-4FA2-B6A4-78BE28769138}C:\program files (x86)\kbs kong v3\kong_v3.exe] => (Allow) C:\program files (x86)\kbs kong v3\kong_v3.exe
FirewallRules: [{454DD134-7A53-459D-82C7-3FCEC8F7B197}] => (Allow) C:\Program Files (x86)\DreamSecurity\MagicLine4NPIZ\MagicLineNPIZ.exe
FirewallRules: [{561889F4-DF2B-4881-A525-449C75B57057}] => (Allow) C:\Users\aa\AppData\Local\Temp\Koino\AnySupport\HOST_KR\KoinoHost.exe
FirewallRules: [{3F8D5376-B23C-4F93-B8D3-B2C4545BCC69}] => (Allow) C:\Users\aa\AppData\Local\Temp\Koino\AnySupport\HOST_KR\KoinoHost.exe
FirewallRules: [{5D960BD0-4EF9-42EA-BB92-95A8840C7918}] => (Allow) LPort=80
FirewallRules: [{7C069D45-F868-4B93-A56F-7848C119351E}] => (Allow) LPort=443
FirewallRules: [{5CA40B8C-B22D-4577-9CDC-C2B92B992828}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8007AB47-5031-4628-8EF6-19AFD895C8D4}] => (Allow) C:\Program Files (x86)\naver\NaverCommon\NaverAdminAPISvc.exe
FirewallRules: [{524C72E7-1A9B-4375-A955-28B4CB87B70F}] => (Allow) C:\Program Files (x86)\naver\NaverCommon\NaverAdminAPISvc.exe
FirewallRules: [{10CF4C4B-AFC6-458D-9D11-742259A108F9}] => (Allow) C:\Program Files\naver\NaverCommon\NaverAdminAPISvc.exe
FirewallRules: [{55423AEA-09D7-43D1-BFC9-1DD7210315AE}] => (Allow) C:\Program Files\naver\NaverCommon\NaverAdminAPISvc.exe
FirewallRules: [{35C3AE4D-006F-4CA1-B5A6-EFB4BB661CD7}] => (Allow) C:\Program Files\AhnLab\Safe Transaction\StSess.exe
 
==================== Restore Points =========================
 
21-11-2017 17:32:11 Configured Microsoft Office Professional Plus 2007
22-11-2017 16:26:44 AGSWalletforVista 설치됨.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/23/2017 01:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: IEXPLORE.EXE, 버전: 11.0.9600.17840, 타임스탬프: 0x555fe1bb
오류 있는 모듈 이름: KERNELBASE.dll, 버전: 6.1.7601.18015, 타임스탬프: 0x50b83c8a
예외 코드: 0x0eedfade
오류 오프셋: 0x0000c41f
오류 있는 프로세스 ID: 0x24ec
오류 있는 응용 프로그램 시작 시간: 0x01d36413fc202785
오류 있는 응용 프로그램 경로: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
오류 있는 모듈 경로: C:\Windows\syswow64\KERNELBASE.dll
보고서 ID: 3e6ce865-d007-11e7-9f2e-b8aeedfe08d2
 
Error: (11/23/2017 01:31:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: IEXPLORE.EXE, 버전: 11.0.9600.17840, 타임스탬프: 0x555fe1bb
오류 있는 모듈 이름: KERNELBASE.dll, 버전: 6.1.7601.18015, 타임스탬프: 0x50b83c8a
예외 코드: 0x0eedfade
오류 오프셋: 0x0000c41f
오류 있는 프로세스 ID: 0x2f9c
오류 있는 응용 프로그램 시작 시간: 0x01d36413f5162412
오류 있는 응용 프로그램 경로: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
오류 있는 모듈 경로: C:\Windows\syswow64\KERNELBASE.dll
보고서 ID: 38520362-d007-11e7-9f2e-b8aeedfe08d2
 
Error: (11/23/2017 01:31:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: IEXPLORE.EXE, 버전: 11.0.9600.17840, 타임스탬프: 0x555fe1bb
오류 있는 모듈 이름: KERNELBASE.dll, 버전: 6.1.7601.18015, 타임스탬프: 0x50b83c8a
예외 코드: 0x0eedfade
오류 오프셋: 0x0000c41f
오류 있는 프로세스 ID: 0x2f4c
오류 있는 응용 프로그램 시작 시간: 0x01d36413d8f5b784
오류 있는 응용 프로그램 경로: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
오류 있는 모듈 경로: C:\Windows\syswow64\KERNELBASE.dll
보고서 ID: 30b840f5-d007-11e7-9f2e-b8aeedfe08d2
 
Error: (11/23/2017 01:31:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: "C:\Windows\System32\systemcpl.dll"에 대한 활성화 컨텍스트를 생성하지 못했습니다.
종속 어셈블리 Microsoft.Windows.Common-Controls,language="*",processorArchitecture="*",publicKeyToken="436865772d574741",type="win32",version="6.0.0.0"을(를) 찾을 수 없습니다.
자세한 진단을 위해서는 sxstrace.exe를 사용하십시오.
 
Error: (11/23/2017 10:18:17 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: 제품: Microsoft Office Professional Plus 2007 - '{8B689F89-5E1C-4DA9-B2B1-7B3843275596}' 업데이트를 설치하지 못했습니다. 오류 코드: 1642. Windows Installer에서는  소프트웨어 패키지의 설치 문제의 해결에 도움을 주는 로그 파일을 만들 수 있습니다. 로깅 지원을 사용하도록 설정하는 방법은 다음 링크를 참조해 주십시오. http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/23/2017 09:50:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: I3GProc.exe, 버전: 3.0.0.3, 타임스탬프: 0x587360c9
오류 있는 모듈 이름: unknown, 버전: 0.0.0.0, 타임스탬프: 0x00000000
예외 코드: 0xc0000005
오류 오프셋: 0x00800040
오류 있는 프로세스 ID: 0xcec
오류 있는 응용 프로그램 시작 시간: 0x01d363f504a0006e
오류 있는 응용 프로그램 경로: C:\Program Files (x86)\IPinside_LWS\I3GProc.exe
오류 있는 모듈 경로: unknown
보고서 ID: 5571bca3-cfe8-11e7-a94d-b8aeedfe08d2
 
Error: (11/23/2017 09:50:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: INISAFECrossWebEXSvc.exe, 버전: 3.0.0.7, 타임스탬프: 0x5923deb3
오류 있는 모듈 이름: unknown, 버전: 0.0.0.0, 타임스탬프: 0x00000000
예외 코드: 0xc0000005
오류 오프셋: 0x00440040
오류 있는 프로세스 ID: 0xa30
오류 있는 응용 프로그램 시작 시간: 0x01d363f503682c2a
오류 있는 응용 프로그램 경로: C:\Program Files (x86)\initech\INISAFE Web EX Client\INISAFECrossWebEXSvc.exe
오류 있는 모듈 경로: unknown
보고서 ID: 555c5040-cfe8-11e7-a94d-b8aeedfe08d2
 
Error: (11/22/2017 04:43:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: speeddownopen.exe, 버전: 2017.10.12.1, 타임스탬프: 0x59df2790
오류 있는 모듈 이름: ole32.dll, 버전: 6.1.7601.17514, 타임스탬프: 0x4ce7b96f
예외 코드: 0xc0000005
오류 오프셋: 0x0003bc24
오류 있는 프로세스 ID: 0xef0
오류 있는 응용 프로그램 시작 시간: 0x01d363291972c36d
오류 있는 응용 프로그램 경로: C:\Users\aa\AppData\Roaming\SpeedDown\speeddownopen.exe
오류 있는 모듈 경로: C:\Windows\syswow64\ole32.dll
보고서 ID: e6822f6e-cf58-11e7-b401-b8aeedfe08d2
 
Error: (11/22/2017 04:36:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: VPWalletLauncherC.exe, 버전: 2.1.0.6, 타임스탬프: 0x59f8ffb3
오류 있는 모듈 이름: KvpVcmd.dll, 버전: 5.0.3.0, 타임스탬프: 0x5a093871
예외 코드: 0xc0000005
오류 오프셋: 0x0006e1dd
오류 있는 프로세스 ID: 0x3680
오류 있는 응용 프로그램 시작 시간: 0x01d3636491cf8fed
오류 있는 응용 프로그램 경로: C:\Program Files (x86)\VP\VPWalletService\VPWalletLauncherC.exe
오류 있는 모듈 경로: C:\Users\aa\AppData\LocalLow\KVP\ISP\KvpVcmd.dll
보고서 ID: e1337d6f-cf57-11e7-b401-b8aeedfe08d2
 
Error: (11/22/2017 04:35:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 오류 있는 응용 프로그램 이름: IEXPLORE.EXE, 버전: 11.0.9600.17840, 타임스탬프: 0x555fe1bb
오류 있는 모듈 이름: KERNELBASE.dll, 버전: 6.1.7601.18015, 타임스탬프: 0x50b83c8a
예외 코드: 0xc000041d
오류 오프셋: 0x0000c41f
오류 있는 프로세스 ID: 0x31d8
오류 있는 응용 프로그램 시작 시간: 0x01d363582f4b6eae
오류 있는 응용 프로그램 경로: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
오류 있는 모듈 경로: C:\Windows\syswow64\KERNELBASE.dll
보고서 ID: ad0136e7-cf57-11e7-b401-b8aeedfe08d2
 
 
System errors:
=============
Error: (11/23/2017 01:40:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: 다음 오류로 인해 TKTool 서비스를 시작하지 못했습니다. 
지정된 파일을 찾을 수 없습니다.
 
Error: (11/23/2017 01:39:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: 다음의 부팅-시작 또는 시스템-시작 드라이버를 로드하지 못했습니다. 
cdrom
 
Error: (11/23/2017 01:39:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: 다음 오류로 인해 Speeddownload Services 서비스를 시작하지 못했습니다. 
지정된 파일을 찾을 수 없습니다.
 
Error: (11/23/2017 01:39:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: 다음 오류로 인해 NATService 서비스를 시작하지 못했습니다. 
지정된 파일을 찾을 수 없습니다.
 
Error: (11/23/2017 01:38:37 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 컴퓨터가 오류 검사 후 다시 부팅되었습니다. 오류 검사: 0x0000003b (0x00000000c0000005, 0xfffff80003568341, 0xfffff880097ee870, 0x0000000000000000). 덤프 저장 위치: C:\Windows\MEMORY.DMP. 보고서 ID: 112317-17940-01
 
Error: (11/23/2017 01:38:27 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: ‎2017-‎11-‎23의 오후 1:37:18에서 이전에 예기치 않은 시스템 종료가 있었습니다.
 
Error: (11/23/2017 01:35:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: 다음 경고를 받았습니다. 70.
 
Error: (11/23/2017 01:35:46 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: 다음 경고를 받았습니다. 70.
 
Error: (11/23/2017 12:45:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다. 
액세스가 거부되었습니다.
 
Error: (11/23/2017 11:45:05 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: SPP Notification Service 서비스가 다음 오류 때문에 종료되었습니다. 
액세스가 거부되었습니다.
 
 
CodeIntegrity:
===================================
  Date: 2017-11-23 13:38:28.658
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-23 13:27:40.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-23 13:17:38.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-23 13:07:37.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-23 12:57:36.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-23 12:47:34.934
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-23 12:37:33.825
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-23 12:27:32.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-23 12:17:31.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-11-23 12:07:30.545
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4170 CPU @ 3.70GHz
Percentage of memory in use: 29%
Total physical RAM: 8060.04 MB
Available physical RAM: 5691.7 MB
Total Virtual: 16118.27 MB
Available Virtual: 13574.37 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:195.31 GB) (Free:88.56 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:270.45 GB) (Free:193.23 GB) NTFS
Drive z: () (Network) (Total:445.76 GB) (Free:274.19 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6626E465)
Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:50 AM

Posted 23 November 2017 - 10:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://zum.com/?af=gt
SearchScopes: HKU\.DEFAULT -> DefaultScope {FFECAB6B-3FD5-48E2-9A4C-0E6193CF988B} URL = hxxp://esearch.ilikeclick.com/ilikeclick/?ec=20077999&MD=B&TT=%BC%D5%BD%AC%BF%EE+%B0%CB%BB%F6+-+%C0%CC%C1%F6%BC%AD%C4%A1&HK=&AT=&PL=10&TP=4&BT=4&query={searchTerms}
SearchScopes: HKU\.DEFAULT -> {FFECAB6B-3FD5-48E2-9A4C-0E6193CF988B} URL = hxxp://esearch.ilikeclick.com/ilikeclick/?ec=20077999&MD=B&TT=%BC%D5%BD%AC%BF%EE+%B0%CB%BB%F6+-+%C0%CC%C1%F6%BC%AD%C4%A1&HK=&AT=&PL=10&TP=4&BT=4&query={searchTerms}
BHO: ??? ????? -> {000011A1-74C9-4c7e-9B4E-59B5765CF409} -> c:\program files\naver\navertoolbar\naversafeguard\nsafeguard_2016_5_23_1.dll [2017-04-21] (NAVER Corp.)
BHO-x32: ??? ????? -> {000011A1-74C9-4c7e-9B4E-59B5765CF409} -> c:\program files (x86)\naver\navertoolbar\naversafeguard\nsafeguard_2016_5_23_1.dll [2017-04-21] (NAVER Corp.)
Handler: smartmanagerex - {3d062750-4a63-11e6-a84d-005056c00008} -  No File
FF Plugin-x32: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll [No File]
FF Plugin-x32: @SoftSecurity.com/npTEFWplugin -> C:\Windows\system32\NPTEFW.dll [No File]
S2 NATService; C:\Program Files (x86)\NAT Service\natsvc.exe [X]
S2 SDLRunS; C:\Users\aa\AppData\Roaming\SPEEDD~1\speeddownsvc.exe [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 x64kdss; syswow64\Drivers\x64kdss.sys [X]
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\aa\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\aa\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2017 - English\en-US\dwgviewrficn.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2017 - English\dwgviewr.exe => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\aa\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\aa\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => No File
AlternateDataStreams: C:\Users\aa\AppData\Local\Temp:{67AD6FA5-2A7D-47de-A0C4-F04C8F26F841} [0]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

p.s.
If not already executed run these 2 programs.
:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2: Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

How is the computer running now?

#3 samwiseOrgin

samwiseOrgin
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 23 November 2017 - 10:54 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-11-2017
Ran by aa (24-11-2017 11:52:53) Run:1
Running from C:\Users\aa\Downloads
Loaded Profiles: aa (Available Profiles: aa)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://zum.com/?af=gt
SearchScopes: HKU\.DEFAULT -> DefaultScope {FFECAB6B-3FD5-48E2-9A4C-0E6193CF988B} URL = hxxp://esearch.ilikeclick.com/ilikeclick/?ec=20077999&MD=B&TT=%BC%D5%BD%AC%BF%EE+%B0%CB%BB%F6+-+%C0%CC%C1%F6%BC%AD%C4%A1&HK=&AT=&PL=10&TP=4&BT=4&query={searchTerms}
SearchScopes: HKU\.DEFAULT -> {FFECAB6B-3FD5-48E2-9A4C-0E6193CF988B} URL = hxxp://esearch.ilikeclick.com/ilikeclick/?ec=20077999&MD=B&TT=%BC%D5%BD%AC%BF%EE+%B0%CB%BB%F6+-+%C0%CC%C1%F6%BC%AD%C4%A1&HK=&AT=&PL=10&TP=4&BT=4&query={searchTerms}
BHO: ??? ????? -> {000011A1-74C9-4c7e-9B4E-59B5765CF409} -> c:\program files\naver\navertoolbar\naversafeguard\nsafeguard_2016_5_23_1.dll [2017-04-21] (NAVER Corp.)
BHO-x32: ??? ????? -> {000011A1-74C9-4c7e-9B4E-59B5765CF409} -> c:\program files (x86)\naver\navertoolbar\naversafeguard\nsafeguard_2016_5_23_1.dll [2017-04-21] (NAVER Corp.)
Handler: smartmanagerex - {3d062750-4a63-11e6-a84d-005056c00008} -  No File
FF Plugin-x32: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll [No File]
FF Plugin-x32: @SoftSecurity.com/npTEFWplugin -> C:\Windows\system32\NPTEFW.dll [No File]
S2 NATService; C:\Program Files (x86)\NAT Service\natsvc.exe [X]
S2 SDLRunS; C:\Users\aa\AppData\Roaming\SPEEDD~1\speeddownsvc.exe [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 x64kdss; syswow64\Drivers\x64kdss.sys [X]
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\aa\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\aa\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2017 - English\en-US\dwgviewrficn.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2017 - English\dwgviewr.exe => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\aa\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\aa\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\amd64\FileSyncShell64.dll => No File
AlternateDataStreams: C:\Users\aa\AppData\Local\Temp:{67AD6FA5-2A7D-47de-A0C4-F04C8F26F841} [0]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFECAB6B-3FD5-48E2-9A4C-0E6193CF988B} => key removed successfully
HKLM\Software\Classes\CLSID\{FFECAB6B-3FD5-48E2-9A4C-0E6193CF988B} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000011A1-74C9-4c7e-9B4E-59B5765CF409} => key removed successfully
HKLM\Software\Classes\CLSID\{000011A1-74C9-4c7e-9B4E-59B5765CF409} => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000011A1-74C9-4c7e-9B4E-59B5765CF409} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{000011A1-74C9-4c7e-9B4E-59B5765CF409} => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\smartmanagerex => key removed successfully
HKLM\Software\Classes\CLSID\{3d062750-4a63-11e6-a84d-005056c00008} => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@softforum.com/npKeyPro => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@SoftSecurity.com/npTEFWplugin => key removed successfully
HKLM\System\CurrentControlSet\Services\NATService => key removed successfully
NATService => service removed successfully
HKLM\System\CurrentControlSet\Services\SDLRunS => key removed successfully
SDLRunS => service removed successfully
HKLM\System\CurrentControlSet\Services\JRSKD24 => key removed successfully
JRSKD24 => service removed successfully
HKLM\System\CurrentControlSet\Services\x64kdss => key removed successfully
x64kdss => service removed successfully
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5} => key removed successfully
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6} => key removed successfully
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852} => key removed successfully
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-4202491627-2688634506-2428423890-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
C:\Users\aa\AppData\Local\Temp => ":{67AD6FA5-2A7D-47de-A0C4-F04C8F26F841}" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69643253 B
Java, Flash, Steam htmlcache => 16181 B
Windows/system/drivers => 15061679 B
Edge => 0 B
Chrome => 796988090 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82269 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 66086 B
aa => 376618634 B
 
RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:57:01 ====

Notice : Adware was exceuted on the day OP was posted, Whitelisted one item
 
# AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 23 04:35:47 2017
# Updated on 2017/27/10 by Malwarebytes 
# Database: 11-23-2017.1
# Running on Windows 7 Professional (X64)
# Mode: scan
 
***** [ Services ] *****
 
PUP.Optional.Legacy, NATService
PUP.Optional.Legacy, SDLRunS
 
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Program Files (x86)\NAT Service
PUP.Optional.Legacy, C:\Users\aa\AppData\Roaming\SpeedDown
PUP.Optional.Legacy, C:\Users\aa\AppData\Roaming\FVPlus
PUP.Optional.Legacy, C:\Users\aa\Documents\SpeedDown 받은 파일
ALToolBar, C:\ProgramData\ESTsoft
ALToolBar, C:\ProgramData\Application Data\ESTsoft
ALToolBar, C:\Program Files (x86)\ESTsoft
ALToolBar, C:\Users\aa\AppData\Roaming\ESTsoft
ALToolBar, C:\Users\All Users\ESTsoft
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{08133DC9-C076-481A-8828-1405F6685B0E}C:\program files (x86)\markany\maeps\epagesafer.exe
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{AE78D666-33AF-4DE6-9D9B-D29C5165DF30}C:\program files (x86)\markany\maeps\epagesafer.exe
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\speeddown_bomul
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\Software\speeddown_bomul
PUP.Optional.Legacy, [Key] - HKCU\Software\speeddown_bomul
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedDownLoader
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{A832F633-668F-4F8A-9EA1-A6375D1C1418}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A832F633-668F-4F8A-9EA1-A6375D1C1418}
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-4202491627-2688634506-2428423890-1000\Software\Microsoft\Windows\CurrentVersion\Run | SDStart
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run | SDStart
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.Legacy, SearchProvider found: delta-homes - search.delta-homes.com_
PUP.Optional.Legacy, SearchProvider found: delta-homes - search.delta-homes.com
PUP.Optional.Legacy, SearchProvider found: delta-homes - search.delta-homes.com__
PUP.Optional.Legacy, SearchProvider found: delta-homes - delta-homes
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/24/17
Scan Time: 12:12 PM
Log File: 3ca0e45a-d0c5-11e7-ab5e-b8aeedfe08d2.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3335
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: OFFICE-PC\aa
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364535
Threats Detected: 13
Threats Quarantined: 13
Time Elapsed: 5 min, 40 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 5
Adware.KorAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SPEEDDOWNLOADER, Quarantined, [533], [221450],1.0.3335
Adware.KorAd, HKLM\SOFTWARE\CLASSES\sddownload.CSDDownload, Quarantined, [533], [162573],1.0.3335
Adware.KorAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A832F633-668F-4F8A-9EA1-A6375D1C1418}, Quarantined, [533], [162573],1.0.3335
Adware.KorAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A832F633-668F-4F8A-9EA1-A6375D1C1418}, Quarantined, [533], [162573],1.0.3335
PUP.Optional.HueCommunication, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\하우코덱, Quarantined, [967], [329162],1.0.3335
 
Registry Value: 1
Adware.KorAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SPEEDDOWNLOADER|URLINFOABOUT, Quarantined, [533], [221450],1.0.3335
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 7
PUP.Optional.HueCommunication, C:\USERS\AA\APPDATA\ROAMING\HOWCODEC\HOWCODECOPEN.EXE, Quarantined, [967], [329162],1.0.3335
Adware.Kraddare, C:\USERS\AA\APPDATA\ROAMING\HOWCODEC\HOWCODECHPER.EXE, Quarantined, [292], [36214],1.0.3335
PUP.Optional.HueCommunication, C:\USERS\AA\APPDATA\ROAMING\HOWCODEC\HOWCODECCH.EXE, Quarantined, [967], [329162],1.0.3335
PUP.Optional.HueCommunication, C:\USERS\AA\APPDATA\ROAMING\HOWCODEC\HOWCODECSVC.EXE, Quarantined, [967], [329162],1.0.3335
PUP.Optional.HueCommunication, C:\USERS\AA\APPDATA\ROAMING\HOWCODEC\HOWCODEC_UNINS.EXE, Quarantined, [967], [329162],1.0.3335
PUP.Optional.HueCommunication, C:\USERS\AA\APPDATA\ROAMING\HOWCODEC\HOWCODEC_UPDATE.EXE, Quarantined, [967], [329162],1.0.3335
PUP.Optional.HueCommunication, C:\USERS\AA\DOWNLOADS\HOWCODECSETUP.EXE, Quarantined, [967], [329162],1.0.3335
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#4 samwiseOrgin

samwiseOrgin
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 24 November 2017 - 02:10 AM

As for your information, this is all done in Korea. Korean I.P address, Korean OS system. 

I was able to download Malwarebytes in English so that log would shown in English



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:50 AM

Posted 24 November 2017 - 07:58 AM

Any remaining issues with this computer?

#6 samwiseOrgin

samwiseOrgin
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 26 November 2017 - 08:45 PM

It's monday morning now. I will get back to you as soon as possible



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:50 AM

Posted 02 December 2017 - 08:59 AM

Are you still with me?

#8 samwiseOrgin

samwiseOrgin
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 03 December 2017 - 09:17 PM

Are you still with me?

Sorry for late response.  

As far as I know, the speed of his computer has not been improved not that much


Edited by samwiseOrgin, 03 December 2017 - 11:26 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:50 AM

Posted 04 December 2017 - 08:02 AM



Hi,

I suspect that this might have been caused by the November Security Updates

You can refer to this article.
https://www.spywareinfoforum.com/topic/136872-ms-security-updates-nov-2017/

There is a lot or information but the post no. 8 may be informative.

Recently I was working on a similar problem.
The fastest way to solve the problem was to do a System Restore prior to November 14.

Your call.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:50 AM

Posted 10 December 2017 - 08:07 AM

Are you still with me?


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#11 samwiseOrgin

samwiseOrgin
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 10 December 2017 - 08:13 PM

Hi Nasdaq 

Thank you for walking with me though this. At this time, my boss' computer is still somewhat sluggish due to undetected malware(Im guessing this since I have found uTorrent and bunch of pirated downloaded TV shows, refer to the OP) but he insists of keeping all the files as it is due to the reason the PC was from his house. 

Oh well 

 

Thank you again and I do believe you can close the topic 


Edited by samwiseOrgin, 10 December 2017 - 08:14 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users