Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2017
Ran by admin (administrator) on USER (03-07-2017 22:27:10)
Running from C:\Users\admin\Downloads
Loaded Profiles: admin (Available Profiles: admin)오후 10:38 2017-07-03
Platform: Windows 8.1 (Update) (X64) Language: 한국어(대한민국)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Interezen. Co., Ltd.) C:\Program Files (x86)\IPinside_LWS\I3GMainSvc.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
(ESTsoft Corp.) C:\Program Files (x86)\ESTsoft\ALUpdate\eausvc.exe
(SOFTFORUM) C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SGA Solutions) C:\Program Files (x86)\SGA\ezCertForClient\Service\G4CWSLocalServer.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Visicom Media Inc.) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe
() C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Wizvera) C:\Program Files (x86)\Wizvera\Delfino-G3\delfino.exe
(Interezen. Co., Ltd.) C:\Program Files (x86)\IPinside_LWS\I3GProc.exe
(WIZVERA) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\StSess.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(AhnLab, Inc.) C:\Program Files\AhnLab\Safe Transaction\Nz32\StSess32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(iniLINE Co., Ltd.) C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe
(Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
(SOFTFORUM) C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PC.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() D:\Black Desert\bin64\BlackDesert64.exe
(Wellbia.com Co., Ltd.) D:\Black Desert\bin64\xc\kr\2\xcoronahost.xem
(Wellbia.com) D:\Black Desert\bin64\xc\kr\2\xxd-0.xem
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Coherent Labs) D:\Black Desert\bin64\host\CoherentUI_Host.exe
(Coherent Labs) D:\Black Desert\bin64\host\CoherentUI_Host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\admin\Downloads\FRST64 (1).exe
(Coherent Labs) D:\Black Desert\bin64\host\CoherentUI_Host.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2016-01-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [AhnLab Safe Transaction Application] => C:\Program Files\AhnLab\Safe Transaction\stsess.exe [4743880 2017-04-14] (AhnLab, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AnySign4PC] => C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PC.exe [2406408 2016-04-06] (SOFTFORUM)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [141760 2017-02-23] (Panda Security, S.L.)
HKLM-x32\...\Run: [wizvera-veraport] => C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe [1721008 2016-11-28] (WIZVERA)
HKLM-x32\...\Run: [wizvera-delfino-pc] => C:\Program Files (x86)\Wizvera\Delfino-G3\delfino.exe [2126544 2017-05-08] (Wizvera)
HKLM-x32\...\Run: [ipinside-lws] => C:\Program Files (x86)\IPinside_LWS\I3GProc.exe [269088 2017-06-18] (Interezen. Co., Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-3449503849-2698387126-3059338809-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-3449503849-2698387126-3059338809-1001\...\Run: [CrossEXService] => C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe [1414168 2016-07-14] (iniLINE Co., Ltd.)
HKU\S-1-5-21-3449503849-2698387126-3059338809-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [8315200 2017-06-20] (Kakao Corp. )
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts-x32: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{00493025-1894-4F20-BBAB-FD54BDAE3DF6}: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{B79F85F7-F0BD-4FEF-B799-B73C19EF287A}: [DhcpNameServer] 168.126.63.1 168.126.63.2
Internet Explorer:
==================
HKU\S-1-5-21-3449503849-2698387126-3059338809-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://naver.com/
HKU\S-1-5-21-3449503849-2698387126-3059338809-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ko-kr/?ocid=iehp
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2016-11-22] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2016-11-22] ()
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2016-11-22] ()
Toolbar: HKLM-x32 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2016-11-22] ()
DPF: HKLM-x32 {063F7D71-5E0B-48F2-87D5-F63C5917947E} hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
DPF: HKLM-x32 {1CBDCD5A-18EE-4CCA-9AEA-93D5D27E310B} hxxp://update.nprotect.net/keycrypt/kfb/cab/npkfxx_1512171.cab
DPF: HKLM-x32 {477D5B9A-6479-44F8-9718-9340119B0308} hxxp://banking.shinhan.com/wizvera/veraport/down/veraport20.cab
DPF: HKLM-x32 {7E9FDB80-5316-11D4-B02C-00C04F0CD404} hxxp://download.softforum.com/Published/XecureWeb/v7.2.8.6/xw_install.cab
DPF: HKLM-x32 {976A7D6C-B14C-4E50-A5C3-B43D8C49D8C8} hxxp://nmail.greencross.com/Mail/Webmail/DHTMLEd_Inc/Editor/TagFree/tweditor.cab
DPF: HKLM-x32 {9EF096ED-EBB5-44F1-9657-D6732B745E78} hxxp://nmail.greencross.com/Mail/Webmail/DHTMLEd_Inc/CoviUpload/CoviFileTrans.cab
DPF: HKLM-x32 {AC2CE4A7-75CE-4B11-B245-CE697861C3C1} hxxp://www.citibank.co.kr/mailplugin/INISAFEMailv4.cab
DPF: HKLM-x32 {B1D16D27-B5AC-434D-85D2-9D1CD4C0E018} hxxps://pay.kcp.co.kr/plugin_new/file/KCPPayUX.cab
DPF: HKLM-x32 {B70EA6F1-4C66-4F85-AB4D-CB3B1EB1A341} hxxp://img.shinhan.com/shttp/sphone/11017/INISAFECertClientv1.cab
DPF: HKLM-x32 {C945E31A-102E-4A0D-8854-D599D7AED5FA} hxxp://www9.hakwonsarang.co.kr/mmsc/activex/vsflex8.cab
DPF: HKLM-x32 {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} hxxp://update.nprotect.net/netizenv55/bank/kfb/81/dev/npenkIEInstall5.cab
Handler-x32: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11018.dll [2017-01-23] ((c) INITECH)
Handler-x32: touchenex - {4a20e600-8604-11e6-a5d1-005056c00008} - C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.981\CrossEXProtocol.dll [2016-09-29] (iniLINE Co., Ltd.)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll [2015-08-26] (AhnLab, Inc.)
FF Plugin-x32: @daum.net/npDaumGameStarter -> C:\Users\Default\AppData\Roaming\DaumGame\npDaumGameStarter.dll [2016-11-09] (Kakao Games Corp.)
FF Plugin-x32: @gomtv.com/gomtvx-plugin -> C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll [2013-05-28] (Gretech Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nprotect.com/keycrypt -> C:\Windows\SysWOW64\npkfxmp.dll [2015-11-27] (INCA Internet Co., Ltd.)
FF Plugin-x32: @nprotect.com/nProtect Netizen v5.5 -> C:\Program Files (x86)\INCAInternet\nProtect Netizen v5.5\npenkOBInstall5.dll [2016-05-04] (INCA Internet Co., Ltd)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-02] (NVIDIA Corporation)
FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2016-01-27] (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2016-01-27] (SoftForum Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-02] (Google Inc.)
FF Plugin-x32: @wizvera.com/npVeraport20 -> C:\Program Files (x86)\Wizvera\Veraport20\npveraport20.dll [2016-11-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32:
touchenex@raon.com/npCrossEXPlugin -> C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.981\npraontouchenex.dll [2016-09-29] (iniLINE Co., Ltd.)
FF Plugin HKU\S-1-5-21-3449503849-2698387126-3059338809-1001: @iniline.com/npCrossMail -> C:\Users\admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{90E3C402-A319-4429-AD5C-E7B30B7240B3}\plugins\npCrossMail.dll [2014-10-28] (INITECH Co., Ltd.)
FF Plugin HKU\S-1-5-21-3449503849-2698387126-3059338809-1001: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2016-01-27] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-3449503849-2698387126-3059338809-1001: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2016-01-27] (SoftForum Co., Ltd.)
Chrome:
=======
CHR DefaultSearchKeyword: Default -> google.co.kr_
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2017-07-03]
CHR Extension: (Google 슬라이드) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-02]
CHR Extension: (Google 문서도구) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-02]
CHR Extension: (Google 드라이브) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-02]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-02]
CHR Extension: (TouchEn PC보안 확장) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dncepekefegjiljlfbihljgogephdhph [2017-07-02]
CHR Extension: (Adobe Acrobat) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-02]
CHR Extension: (Panda Safe Web) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fagakgcelolinfnkfgekcnedpaklfcok [2017-07-02]
CHR Extension: (Google 시트) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-02]
CHR Extension: (Google 문서 오프라인) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-02]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-02]
CHR Extension: (Video DownloadHelper) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2017-07-02]
CHR Extension: (Chrome 웹 스토어 결제) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-02]
CHR Extension: (Browsec VPN - Free and Unlimited VPN) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2017-07-02]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-02]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-02]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3449503849-2698387126-3059338809-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ALUpdateService; C:\Program Files (x86)\ESTsoft\ALUpdate\eausvc.exe [381384 2017-03-22] (ESTsoft Corp.)
R2 AnySign4PC Launcher; C:\Program Files (x86)\SoftForum\XecureWeb\AnySign\dll\AnySign4PCLauncher.exe [2275336 2016-04-06] (SOFTFORUM)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-06-27] ()
R2 G4CSSWSCSVC; C:\Program Files (x86)\SGA\ezCertForClient\Service\G4CWSLocalServer.exe [859288 2016-11-09] (SGA Solutions)
R2 I3GMainSvc; C:\Program Files (x86)\IPinside_LWS\I3GMainSvc.exe [240440 2017-06-18] (Interezen. Co., Ltd.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [110384 2017-02-15] (Panda Security, S.L.)
S2 npkfxsvc; C:\Windows\SysWOW64\npkfxsvc.exe [205088 2017-01-14] (INCA Internet Co., Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-06] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-06] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-02] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-01-06] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 panda_url_filtering; C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [246256 2016-11-22] (Visicom Media Inc.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [47096 2017-04-26] (Panda Security, S.L.)
R2 SafeTransactionSVC; C:\Program Files\AhnLab\Safe Transaction\ASDSvc.exe [690864 2017-04-07] (AhnLab, Inc.)
R2 VPWalletService; C:\Program Files (x86)\VP\VPWalletService\VPWalletService.exe [376952 2017-03-31] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-13] (Microsoft Corporation)
R2 WizveraPMSvc; C:\Program Files (x86)\Wizvera\Common\wpmsvc\wpmsvc.exe [1003248 2017-05-08] (WIZVERA)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AhnFlt2K; C:\Windows\system32\drivers\AhnFlt2K.sys [84048 2015-09-03] (AhnLab, Inc.)
S3 AhnRec2K; C:\Windows\system32\drivers\AhnRec2K.sys [36280 2015-09-03] (AhnLab, Inc.)
R3 AhnRghNt; C:\Windows\system32\drivers\AhnRghNt.sys [83944 2017-03-28] (AhnLab, Inc.)
R2 AMonCDW8; C:\Windows\system32\Drivers\AMonCDW8.sys [205576 2017-02-15] (AhnLab, Inc.)
R3 AntiStealth_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\AHAWKENT.sys [63248 2017-03-13] (AhnLab, Inc.)
R3 AntiStealth_SafeTransactionF; C:\Program Files\AhnLab\Safe Transaction\TfFRegNt.sys [200848 2017-03-13] (AhnLab, Inc.)
S3 ascrts_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\asc\ascrts.sys [3316320 2017-06-22] (AhnLab, Inc.)
R3 ATamptNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\ATamptNt.sys [359400 2017-04-06] (AhnLab, Inc.)
R3 Cdm2DrNt; C:\Windows\system32\Drivers\Cdm2DrNt.sys [108496 2016-08-25] (AhnLab, Inc.)
S3 dcCtrlDrv; C:\Windows\system32\drivers\dcCtrlDrv.sys [76344 2011-02-14] (Redgate Co,. Ltd.)
S3 dcMiniDrv; C:\Windows\System32\DRIVERS\dcMiniDrv.sys [34360 2011-08-03] (Redgate Co,. Ltd.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 HSBDrv64; C:\Windows\System32\drivers\HSBDrv64.sys [140096 2017-04-04] (AhnLab, Inc.)
R3 iusb3adp; C:\Windows\System32\drivers\iusb3adp.sys [37672 2015-07-31] (Intel)
S3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [40232 2017-02-21] (RaonSecure Co., Ltd.)
S3 MeDCoreD_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\MeDCoreD.sys [1022224 2017-05-22] (AhnLab, Inc.)
S3 MeDVpDrv_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\MeDVpDrv.sys [618256 2017-05-22] (AhnLab, Inc.)
S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [119832 2017-02-01] (AhnLab, Inc.)
R3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [160824 2017-04-03] (AhnLab, Inc.)
R3 Mkd3kfNt; C:\Windows\System32\drivers\Mkd3kfNt.sys [203016 2017-04-03] (AhnLab, Inc.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [105984 2017-02-08] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [209168 2016-06-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [119880 2017-02-08] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [123664 2016-06-29] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [80152 2016-07-06] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [114448 2016-06-29] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [88400 2016-06-29] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [132880 2016-06-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [333584 2016-06-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [196600 2017-02-08] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [121104 2016-06-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [278432 2016-07-01] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [123152 2016-06-29] (Panda Security, S.L.)
S3 NPFW; C:\Windows\system32\NPFWVT64.sys [154312 2014-04-02] (INCA Internet Co.,Ltd.)
S3 NPFW; C:\Windows\SysWOW64\NPFWVT64.sys [154312 2014-04-02] (INCA Internet Co.,Ltd.)
S3 NPIDS; C:\Windows\system32\NpIdsVt64.sys [89352 2013-09-09] (INCA Internet Co.,Ltd.)
S3 NPIDS; C:\Windows\SysWOW64\NpIdsVt64.sys [89352 2013-09-09] (INCA Internet Co.,Ltd.)
S3 npkfxp; c:\windows\syswow64\npkfxp.sys [28640 2017-01-14] (INCA Internet Co.,Ltd.)
S3 npkfxu; c:\windows\syswow64\npkfxu.sys [37416 2017-01-14] (INCA Internet Co.,Ltd.)
S3 np_ck64s; c:\windows\syswow64\np_ck64s.sys [75680 2017-01-14] (INCA Internet Co.,Ltd.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-01-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [59448 2017-01-06] (NVIDIA Corporation)
R3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-20] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [177424 2017-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [131856 2017-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [205584 2017-02-20] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [131344 2017-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [144656 2017-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [114960 2017-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [70360 2016-08-08] (Panda Security, S.L.)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
S3 scskusbf; C:\Windows\SysWow64\drivers\scskusbf.sys [21872 2017-03-31] (SoftCamp)
S3 scskusbs; C:\Windows\SysWow64\drivers\scskusbs.sys [100720 2017-03-31] (SoftCamp)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 TNFwNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TNFwNt.sys [172816 2016-10-07] (AhnLab, Inc.)
S3 TNNipsNt_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TNNipsNt.sys [213360 2016-10-07] (AhnLab, Inc.)
S3 TSFLTDRV_SafeTransaction; C:\Program Files\AhnLab\Safe Transaction\TSFLTDRV.sys [332816 2017-02-15] (AhnLab, Inc.)
S3 V3ElamDr; C:\Windows\System32\drivers\V3ElamDr.sys [24648 2014-09-23] (AhnLab, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-13] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-13] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
R3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-03 22:27 - 2017-07-03 22:27 - 00026691 _____ C:\Users\admin\Downloads\FRST.txt
2017-07-03 22:26 - 2017-07-03 22:27 - 00000000 ____D C:\FRST
2017-07-03 22:26 - 2017-07-03 22:26 - 02435584 _____ (Farbar) C:\Users\admin\Downloads\FRST64 (1).exe
2017-07-03 22:22 - 2017-07-03 22:23 - 02432664 _____ C:\Users\admin\Downloads\FRST64.exe
2017-07-03 22:00 - 2017-07-03 22:00 - 00000000 ____D C:\Windows\LastGood
2017-07-02 21:18 - 2017-07-02 21:18 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-07-02 21:18 - 2017-05-02 05:14 - 00134592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-07-02 21:18 - 2017-03-11 06:17 - 00536864 _____ C:\Windows\system32\vulkan-1.dll
2017-07-02 21:18 - 2017-03-11 06:17 - 00525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-07-02 21:18 - 2017-03-11 06:17 - 00254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-07-02 21:18 - 2017-03-11 06:17 - 00233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-07-02 21:17 - 2017-07-02 21:17 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-07-02 20:13 - 2016-08-08 18:00 - 00070360 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-07-02 19:31 - 2017-07-02 19:31 - 00031510 _____ C:\Users\admin\Downloads\onejav.com_ebod590.torrent
2017-07-02 19:31 - 2017-07-02 19:31 - 00000000 ____D C:\Users\admin\AppData\LocalLow\uTorrent
2017-07-02 18:49 - 2017-07-02 18:49 - 00031896 _____ C:\Users\admin\Downloads\MTB.txt
2017-07-02 18:48 - 2017-07-02 18:48 - 00892416 _____ (Farbar) C:\Users\admin\Downloads\MiniToolBox.exe
2017-07-02 17:09 - 2017-07-02 17:09 - 00002265 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2017-07-02 17:09 - 2017-07-02 17:09 - 00002253 _____ C:\Users\Public\Desktop\Chrome.lnk
2017-07-02 16:46 - 2017-07-02 16:46 - 01130328 _____ (Google Inc.) C:\Users\admin\Downloads\ChromeSetup.exe
2017-07-02 16:46 - 2017-07-02 16:46 - 00003116 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-02 16:46 - 2017-07-02 16:46 - 00002988 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-02 11:50 - 2017-07-02 11:50 - 00000141 _____ C:\Users\admin\Documents\The Paper Wall.url
2017-07-02 11:50 - 2017-07-02 11:50 - 00000071 _____ C:\Users\admin\Documents\HelloJAV.COM Free Download the Japan and Asian Adult Video & Porn Torrent.url
2017-07-02 11:50 - 2017-07-02 11:50 - 00000071 _____ C:\Users\admin\Documents\FC2 동영상 성인-부라리넷-서양님의 정보-.url
2017-07-02 11:50 - 2017-07-02 11:50 - 00000071 _____ C:\Users\admin\Documents\FC2 동영상 성인-EER299.com님의 정보-.url
2017-07-02 11:50 - 2017-07-02 11:50 - 00000068 _____ C:\Users\admin\Documents\Free Masturbate Porn Videos from Thumbzilla.url
2017-07-02 11:50 - 2017-07-02 11:50 - 00000055 _____ C:\Users\admin\Documents\Photo - Fedor Shmidt Official Site.url
2017-07-02 11:50 - 2017-07-02 11:50 - 00000053 _____ C:\Users\admin\Documents\야플티비(@yapletv) 님 - 트위터 sssszzzz.url
2017-07-02 11:50 - 2017-07-02 11:50 - 00000053 _____ C:\Users\admin\Documents\나루토 매니아 -- 보루토 8화 애니.url
2017-07-02 11:50 - 2017-07-02 11:50 - 00000052 _____ C:\Users\admin\Documents\MARUMARU - 마루마루.url
2017-07-02 11:50 - 2017-07-02 11:50 - 00000048 _____ C:\Users\admin\Documents\New - OneJAV.com - Free JAV Torrents.url
2017-07-02 11:50 - 2017-07-02 11:50 - 00000046 _____ C:\Users\admin\Documents\ZANGSISI.url
2017-07-02 11:49 - 2017-07-02 11:49 - 00000068 _____ C:\Users\admin\Documents\강남건마[빠글원정대](@gananamgunma11) 님 - 트위터.url
2017-07-02 11:49 - 2017-07-02 11:49 - 00000058 _____ C:\Users\admin\Documents\랭킹 - FC2 동영상- 성인.url
2017-07-02 11:49 - 2017-07-02 11:49 - 00000057 _____ C:\Users\admin\Documents\[유해차단] 유해차단사이트 해제하는 방법 -- blueluna.url
2017-07-02 11:49 - 2017-07-02 11:49 - 00000050 _____ C:\Users\admin\Documents\NT - Browse.url
2017-07-02 11:49 - 2017-07-02 11:49 - 00000044 _____ C:\Users\admin\Documents\JavPOP.url
2017-07-02 11:36 - 2017-07-02 11:37 - 00000000 ___HD C:\Windows\AxInstSV
2017-07-02 10:23 - 2017-07-02 10:23 - 00041893 _____ C:\Users\admin\Downloads\A2000UA,A2000U.repair.zip
2017-07-02 10:21 - 2017-07-02 10:22 - 02891956 _____ C:\Users\admin\Downloads\A2000UA,A2000U.zip
2017-06-30 23:30 - 2017-07-02 17:22 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2017-06-27 21:15 - 2017-07-02 17:12 - 00000000 ____D C:\Users\admin\AppData\Local\UnrealEngine
2017-06-27 21:15 - 2017-06-27 21:15 - 00000000 ____D C:\Users\admin\AppData\Local\TslGame
2017-06-25 01:08 - 2017-06-25 01:08 - 00000017 _____ C:\Users\admin\AppData\Local\resmon.resmoncfg
2017-06-24 10:12 - 2017-04-22 06:53 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-06-24 10:12 - 2017-04-22 06:53 - 00018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-06-24 10:12 - 2017-04-22 06:50 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-06-24 10:12 - 2017-04-22 06:50 - 00018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-06-24 10:12 - 2017-04-12 03:27 - 00485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-06-24 10:12 - 2017-03-16 03:15 - 00690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-06-24 10:11 - 2017-04-12 03:27 - 00987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-06-24 10:11 - 2017-03-16 03:15 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-06-23 19:46 - 2017-07-02 16:22 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-23 19:46 - 2017-07-02 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-23 19:46 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-23 19:45 - 2017-06-23 19:45 - 64232976 _____ (Malwarebytes ) C:\Users\admin\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-22 23:58 - 2017-06-22 23:58 - 00003456 _____ C:\Windows\System32\Tasks\shutdown
2017-06-18 23:43 - 2017-07-03 22:01 - 00000000 ____D C:\Users\admin\AppData\LocalLow\IPinside
2017-06-18 21:33 - 2017-06-18 21:33 - 00000666 ___RH C:\Windows\hipiw.dll
2017-06-18 21:33 - 2017-06-18 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AhnLab
2017-06-18 21:33 - 2017-06-18 21:33 - 00000000 ____D C:\Program Files (x86)\IPinside_LWS
2017-06-18 21:33 - 2017-04-04 12:21 - 00140096 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\HSBDrv64.sys
2017-06-18 21:33 - 2017-04-03 21:48 - 00203016 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\mkd3kfnt.sys
2017-06-18 21:33 - 2017-04-03 21:48 - 00160824 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\mkd2nadr.sys
2017-06-18 21:33 - 2017-02-01 22:29 - 00119832 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\mkd2bthf.sys
2017-06-18 21:33 - 2015-06-11 10:11 - 00176784 _____ (Copyright (C) Korea University C.I.S.T) C:\Windows\system32\Drivers\klb64mkd.sys
2017-06-18 21:33 - 2015-06-11 10:11 - 00000147 _____ C:\Windows\system32\Drivers\klb64mkd.sig
2017-06-18 21:32 - 2017-07-03 22:00 - 00000017 _____ C:\Users\admin\AppData\LocalLow\.delfino.conf
2017-06-18 21:32 - 2017-06-18 21:32 - 00000000 ____D C:\Program Files\AhnLab
2017-06-18 21:32 - 2017-03-28 06:50 - 00083944 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AhnRghNt.sys
2017-06-18 21:32 - 2017-02-15 00:02 - 00205576 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonCDw8.sys
2017-06-18 21:32 - 2017-02-14 10:24 - 00181216 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonCDw7.sys
2017-06-18 21:32 - 2017-02-02 17:52 - 00085616 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonHKnt.sys
2017-06-18 21:32 - 2016-08-25 23:34 - 00108496 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\Cdm2DrNt.sys
2017-06-18 21:32 - 2016-06-23 10:04 - 00169800 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonTDnt.sys
2017-06-18 21:32 - 2016-06-23 10:04 - 00155224 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonTDLH.sys
2017-06-18 21:32 - 2015-09-03 16:13 - 00084048 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AhnFlt2k.sys
2017-06-18 21:32 - 2015-09-03 16:13 - 00036280 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AhnRec2k.sys
2017-06-18 21:32 - 2015-03-12 14:39 - 00061112 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\AMonLWLH.sys
2017-06-18 21:32 - 2014-09-23 11:20 - 00024648 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\V3ElamDr.sys
2017-06-18 21:32 - 2014-09-23 11:20 - 00009809 _____ C:\Windows\system32\Drivers\V3ElamDr.cat
2017-06-15 17:59 - 2017-06-02 20:30 - 03635200 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-15 17:59 - 2017-05-15 05:44 - 04170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-15 17:59 - 2017-05-15 05:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-15 17:59 - 2017-05-15 05:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-15 17:59 - 2017-05-15 04:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-15 17:59 - 2017-05-15 04:32 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-06-15 17:59 - 2017-05-15 04:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-15 17:59 - 2017-05-15 03:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-15 17:59 - 2017-05-15 03:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-15 17:59 - 2017-05-15 03:48 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-06-15 17:59 - 2017-05-15 03:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-15 17:59 - 2017-05-15 03:38 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-15 17:59 - 2017-05-15 03:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-15 17:59 - 2017-05-15 03:16 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-06-15 17:59 - 2017-05-15 03:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-15 17:59 - 2017-05-15 03:06 - 07441240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-15 17:59 - 2017-05-12 11:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-15 17:59 - 2017-05-12 11:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-15 17:59 - 2017-05-12 08:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-15 17:59 - 2017-05-12 08:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-15 17:59 - 2017-04-02 22:40 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-06-15 17:58 - 2017-06-02 21:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-15 17:58 - 2017-06-02 21:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-15 17:58 - 2017-06-02 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-15 17:58 - 2017-06-02 21:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-15 17:58 - 2017-06-02 21:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-15 17:58 - 2017-06-02 20:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-15 17:58 - 2017-06-02 19:58 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-15 17:58 - 2017-06-02 19:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-15 17:58 - 2017-06-02 19:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-15 17:58 - 2017-06-02 19:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-15 17:58 - 2017-06-02 19:02 - 02751488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-15 17:58 - 2017-06-02 18:43 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-15 17:58 - 2017-06-02 18:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-15 17:58 - 2017-05-16 04:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-15 17:58 - 2017-05-15 05:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-15 17:58 - 2017-05-15 05:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-15 17:58 - 2017-05-15 05:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-15 17:58 - 2017-05-15 04:31 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-06-15 17:58 - 2017-05-15 04:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-15 17:58 - 2017-05-15 04:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-15 17:58 - 2017-05-15 04:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-15 17:58 - 2017-05-15 04:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-15 17:58 - 2017-05-15 04:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-15 17:58 - 2017-05-15 03:46 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-06-15 17:58 - 2017-05-15 03:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-15 17:58 - 2017-05-15 03:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-15 17:58 - 2017-05-15 03:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-15 17:58 - 2017-05-15 03:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-15 17:58 - 2017-05-15 03:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-15 17:58 - 2017-05-15 03:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-15 17:58 - 2017-05-15 03:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-15 17:58 - 2017-05-15 03:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-15 17:58 - 2017-05-13 02:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-15 17:58 - 2017-05-13 01:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-15 17:58 - 2017-05-13 01:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-15 17:58 - 2017-05-13 00:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-15 17:58 - 2017-05-13 00:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-15 17:58 - 2017-05-13 00:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-15 17:58 - 2017-05-13 00:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-15 17:58 - 2017-05-12 13:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-15 17:58 - 2017-05-12 11:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-15 17:58 - 2017-05-12 11:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-15 17:58 - 2017-05-12 11:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-15 17:58 - 2017-05-12 11:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-06-15 17:58 - 2017-05-12 11:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-15 17:58 - 2017-05-12 11:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-15 17:58 - 2017-05-12 11:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-15 17:58 - 2017-05-11 03:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-15 17:58 - 2017-05-07 01:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-15 17:58 - 2017-05-07 01:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-15 17:58 - 2017-04-07 02:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-15 17:58 - 2017-04-07 02:16 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-06-15 17:58 - 2017-04-07 01:50 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-15 17:58 - 2017-04-07 01:46 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-15 17:58 - 2017-04-07 01:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-15 17:58 - 2017-04-07 01:35 - 01362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-06-15 17:58 - 2017-04-07 01:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-15 17:58 - 2017-04-07 00:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-06-15 17:58 - 2017-04-02 23:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-06-14 23:50 - 2017-06-14 23:50 - 00441514 _____ C:\Users\admin\Downloads\Workshop prensetation (2017-06-15).pptx
2017-06-14 22:48 - 2017-06-14 22:48 - 00220315 _____ C:\Users\admin\Downloads\2017 DIA US FDA IND-NDA training_참석 보고서_RA2.pdf
2017-06-12 23:00 - 2017-06-12 23:01 - 82711281 _____ C:\Users\admin\Downloads\하백의 신부 24권.pdf
2017-06-12 22:51 - 2017-06-12 22:51 - 89597004 _____ C:\Users\admin\Downloads\하백의 신부 23권.pdf
2017-06-12 22:39 - 2017-06-12 22:44 - 172352490 _____ C:\Users\admin\Downloads\하백의 신부 22권.pdf
2017-06-12 22:24 - 2017-06-12 22:45 - 182432206 _____ C:\Users\admin\Downloads\하백의 신부 21권.pdf
2017-06-11 22:57 - 2017-06-11 23:13 - 186491651 _____ C:\Users\admin\Downloads\하백의 신부 20권.pdf
2017-06-11 22:30 - 2017-06-11 22:31 - 215972423 _____ C:\Users\admin\Downloads\하백의 신부 19권.pdf
2017-06-11 22:08 - 2017-06-11 22:14 - 220259079 _____ C:\Users\admin\Downloads\하백의 신부 18권.pdf
2017-06-11 21:22 - 2017-06-11 21:30 - 223225649 _____ C:\Users\admin\Downloads\하백의 신부 17권.pdf
2017-06-11 21:04 - 2017-06-11 21:26 - 139014144 _____ C:\Users\admin\Downloads\하백의 신부 16권.pdf
2017-06-11 20:08 - 2017-06-11 20:09 - 152617578 _____ C:\Users\admin\Downloads\하백의 신부 15권.pdf
2017-06-11 19:51 - 2017-06-11 19:51 - 80586312 _____ C:\Users\admin\Downloads\하백의 신부 14권.pdf
2017-06-11 19:02 - 2017-06-11 19:04 - 56334517 _____ C:\Users\admin\Downloads\하백의 신부 13권.pdf
2017-06-11 17:21 - 2017-06-11 17:22 - 56511869 _____ C:\Users\admin\Downloads\하백의 신부 12권.pdf
2017-06-11 16:32 - 2017-06-11 16:33 - 60168335 _____ C:\Users\admin\Downloads\하백의 신부 11권.pdf
2017-06-11 15:48 - 2017-06-11 15:48 - 26885328 _____ C:\Users\admin\Downloads\하백의 신부 10권.pdf
2017-06-11 15:40 - 2017-06-11 15:41 - 43683972 _____ C:\Users\admin\Downloads\하백의 신부 9권.pdf
2017-06-11 15:25 - 2017-06-11 15:29 - 66268536 _____ C:\Users\admin\Downloads\하백의 신부 8권.pdf
2017-06-11 15:17 - 2017-06-11 15:17 - 77906381 _____ C:\Users\admin\Downloads\하백의 신부 7권.pdf
2017-06-11 15:13 - 2017-06-11 15:13 - 25302027 _____ C:\Users\admin\Downloads\하백의 신부 6권.pdf
2017-06-11 15:10 - 2017-06-11 15:10 - 21076036 _____ C:\Users\admin\Downloads\하백의 신부 5권.pdf
2017-06-11 14:54 - 2017-06-11 14:54 - 18550047 _____ C:\Users\admin\Downloads\하백의 신부 4권.pdf
2017-06-11 14:34 - 2017-06-11 14:35 - 32992986 _____ C:\Users\admin\Downloads\하백의 신부 3권.pdf
2017-06-11 14:29 - 2017-06-11 14:32 - 51864359 _____ C:\Users\admin\Downloads\하백의 신부 2권.pdf
2017-06-11 14:15 - 2017-06-11 14:16 - 61943464 _____ C:\Users\admin\Downloads\하백의 신부 1권.pdf
2017-06-06 23:08 - 2017-06-06 22:59 - 00041607 _____ C:\Users\admin\Desktop\checklist (1).xlsx
2017-06-06 12:34 - 2017-06-06 12:34 - 00164720 ____R (RaonSecure Co., Ltd.) C:\Windows\SysWOW64\CKAgent.exe
2017-06-06 12:34 - 2017-06-06 12:34 - 00164720 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\CKAgent.exe
2017-06-04 12:32 - 2017-06-04 12:32 - 00047592 _____ C:\Users\admin\Downloads\onejav.com_eyan088.torrent
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-03 22:09 - 2017-01-03 21:47 - 00003876 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E0C21BB2-BB83-4968-9198-FDA22208C6DA}
2017-07-03 22:09 - 2017-01-02 12:49 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-03 22:08 - 2017-01-29 23:39 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-03 22:06 - 2014-11-21 11:30 - 01433666 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-03 22:06 - 2014-11-21 10:38 - 00485112 _____ C:\Windows\system32\perfh012.dat
2017-07-03 22:06 - 2014-11-21 10:38 - 00128552 _____ C:\Windows\system32\perfc012.dat
2017-07-03 22:06 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\Inf
2017-07-03 22:00 - 2017-01-15 21:33 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2017-07-03 22:00 - 2017-01-02 12:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-03 22:00 - 2013-08-22 23:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-02 21:31 - 2017-01-02 12:19 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3449503849-2698387126-3059338809-1001
2017-07-02 21:18 - 2017-01-02 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-02 21:17 - 2017-01-02 12:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-02 20:13 - 2017-03-25 01:22 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2017-07-02 19:35 - 2013-08-23 00:36 - 00000000 ____D C:\Windows\system32\NDF
2017-07-02 18:01 - 2017-02-18 00:12 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-02 18:01 - 2013-08-23 00:20 - 00000000 ____D C:\Windows\CbsTemp
2017-07-02 17:11 - 2017-01-02 12:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-02 17:09 - 2017-01-03 21:57 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-02 16:22 - 2017-01-02 12:36 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA
2017-07-02 16:22 - 2017-01-02 12:14 - 00000000 ____D C:\Users\admin
2017-07-02 16:21 - 2017-01-15 21:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-02 16:21 - 2017-01-03 21:57 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2017-07-02 16:21 - 2013-08-23 00:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-07-02 16:21 - 2013-08-23 00:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-02 16:21 - 2013-08-23 00:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-02 16:21 - 2013-08-23 00:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-02 16:21 - 2013-08-23 00:36 - 00000000 ____D C:\Windows\registration
2017-07-02 16:20 - 2017-01-02 12:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-02 16:15 - 2017-03-15 21:45 - 00000000 ____D C:\Users\admin\AppData\Local\CrashDumps
2017-07-02 11:46 - 2017-03-05 18:54 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2017-07-02 11:37 - 2017-03-05 18:55 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Adobe
2017-06-30 23:31 - 2017-04-25 19:35 - 00000000 ____D C:\Users\admin\Documents\Black Desert
2017-06-27 17:06 - 2017-03-18 11:26 - 00004258 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-06-27 17:06 - 2017-03-18 11:26 - 00004116 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-06-22 11:02 - 2017-01-29 22:57 - 03228296 _____ (AhnLab, Inc.) C:\Windows\system32\btscan.exe
2017-06-22 07:06 - 2013-08-23 00:36 - 00000000 ____D C:\Windows\rescache
2017-06-18 23:56 - 2013-08-22 22:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-06-18 21:33 - 2017-01-23 21:38 - 00000000 ____D C:\Users\admin\AppData\LocalLow\AhnLab
2017-06-18 21:32 - 2017-01-23 21:38 - 00000000 ____D C:\Program Files (x86)\Wizvera
2017-06-18 00:15 - 2017-05-05 21:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-18 00:15 - 2017-05-05 21:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-18 00:15 - 2013-08-22 23:44 - 00587368 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-17 23:40 - 2013-08-23 00:36 - 00000000 ___RD C:\Windows\ToastData
2017-06-16 22:04 - 2017-01-02 12:14 - 00000000 ____D C:\Users\admin\AppData\Local\Packages
2017-06-16 22:04 - 2013-08-23 00:36 - 00000000 ____D C:\Windows\AppReadiness
2017-06-16 22:03 - 2017-05-05 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-16 22:03 - 2017-03-25 09:18 - 00000000 ____D C:\Windows\system32\MRT
2017-06-16 22:00 - 2017-03-25 09:18 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-12 20:30 - 2017-04-12 20:19 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-12 20:30 - 2017-04-12 20:19 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-12 20:30 - 2017-04-12 20:19 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-03 11:31 - 2014-11-21 19:14 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-03 11:31 - 2014-11-21 19:14 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2017-06-25 01:08 - 2017-06-25 01:08 - 0000017 _____ () C:\Users\admin\AppData\Local\resmon.resmoncfg
2017-01-02 12:22 - 2017-01-02 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-05-18 21:11 - 2017-05-18 21:11 - 0000016 _____ () C:\ProgramData\mntemp
Some files in TEMP:
====================
2017-04-25 19:36 - 2017-07-03 22:22 - 0000072 _____ () C:\Users\admin\AppData\Local\Temp\a6688a40030bc1da5839b9d5a4fd73a9.dll
2017-04-25 19:36 - 2017-07-03 22:25 - 0000000 _____ () C:\Users\admin\AppData\Local\Temp\f4f08310fb10a66c0aa4808000146ccc.dll
2016-12-21 13:43 - 2016-12-21 13:43 - 0015872 _____ () C:\Users\admin\AppData\Local\Temp\NsisCrypt.dll
2017-01-23 21:44 - 2006-11-02 22:15 - 0145184 ____R (Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\ose00000.exe
2017-01-23 21:42 - 2015-08-12 17:53 - 0029504 _____ (SoftCamp Co.,Ltd.) C:\Users\admin\AppData\Local\Temp\SCSKSender.exe
2017-01-15 21:32 - 2017-01-15 21:32 - 57657832 _____ (Panda Security, S.L.) C:\Users\admin\AppData\Local\Temp\{A797B11A-6E7F-4594-AA94-63BF812C4226}.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-02 10:39
==================== End of FRST.txt ============================