Jump to content

cydrobolt

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Everything posted by cydrobolt

  1. Ever since I have uninstalled Comodo Firewall (I now use Windows Firewall), Malwarebytes is popping up, telling me it has blocked an incoming request to skype from a potentially malicious IP. I looked up the IP, and it comes from Nigeria. Should I be worried, or is this normal? Detection, 4/14/2014 6:32:20 PM, SYSTEM, ONYX, Protection, Malicious Website Protection, IP, 41.203.69.5, 34364, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe,
  2. Yes, I'm still using Comodo Firewall. Perhaps I should start using Comodo CIS again. Any other suggestions would be greatly appreciated.
  3. Do the logs show any problems? Based on what AdvancedSetup and John said, I think I'll revert to Comodo CIS. I got rid of CIS because it was causing me problems (delayed AV start). Do you guys have any recommendations?
  4. 2014-02-17 16:56 - 2010-05-26 12:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2014-02-17 16:56 - 2010-02-04 11:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll 2014-02-17 16:56 - 2010-02-04 11:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll 2014-02-17 16:56 - 2010-02-04 11:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll 2014-02-17 16:56 - 2010-02-04 11:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll 2014-02-17 16:56 - 2010-02-04 11:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll 2014-02-17 16:56 - 2010-02-04 11:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll 2014-02-17 16:56 - 2010-02-04 11:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll 2014-02-17 16:56 - 2010-02-04 11:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll 2014-02-17 16:56 - 2009-09-04 18:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll 2014-02-17 16:56 - 2009-09-04 18:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll 2014-02-17 16:56 - 2009-09-04 18:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll 2014-02-17 16:56 - 2009-09-04 18:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll 2014-02-17 16:56 - 2009-09-04 18:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll 2014-02-17 16:56 - 2009-09-04 18:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll 2014-02-17 16:56 - 2009-09-04 18:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll 2014-02-17 16:56 - 2009-09-04 18:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll 2014-02-17 16:56 - 2009-09-04 18:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll 2014-02-17 16:56 - 2009-09-04 18:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll 2014-02-17 16:56 - 2009-09-04 18:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll 2014-02-17 16:56 - 2009-09-04 18:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll 2014-02-17 16:56 - 2009-09-04 18:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll 2014-02-17 16:56 - 2009-09-04 18:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll 2014-02-17 16:56 - 2009-03-16 15:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll 2014-02-17 16:56 - 2009-03-16 15:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll 2014-02-17 16:56 - 2009-03-16 15:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll 2014-02-17 16:56 - 2009-03-16 15:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll 2014-02-17 16:56 - 2009-03-16 15:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll 2014-02-17 16:56 - 2009-03-16 15:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll 2014-02-17 16:56 - 2009-03-09 16:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll 2014-02-17 16:56 - 2009-03-09 16:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll 2014-02-17 16:56 - 2009-03-09 16:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll 2014-02-17 16:56 - 2009-03-09 16:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll 2014-02-17 16:56 - 2008-10-27 11:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll 2014-02-17 16:56 - 2008-10-27 11:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll 2014-02-17 16:56 - 2008-10-27 11:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll 2014-02-17 16:56 - 2008-10-27 11:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll 2014-02-17 16:56 - 2008-10-27 11:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll 2014-02-17 16:56 - 2008-10-27 11:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll 2014-02-17 16:56 - 2008-10-27 11:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll 2014-02-17 16:56 - 2008-10-27 11:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll 2014-02-17 16:56 - 2008-10-10 05:52 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll 2014-02-17 16:56 - 2008-10-10 05:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll 2014-02-17 16:56 - 2008-10-10 05:52 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll 2014-02-17 16:56 - 2008-10-10 05:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll 2014-02-17 16:56 - 2008-10-10 05:52 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll 2014-02-17 16:56 - 2008-10-10 05:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll 2014-02-17 16:56 - 2008-07-31 11:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll 2014-02-17 16:56 - 2008-07-31 11:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll 2014-02-17 16:56 - 2008-07-31 11:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll 2014-02-17 16:56 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll 2014-02-17 16:56 - 2008-07-31 11:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll 2014-02-17 16:56 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll 2014-02-17 16:56 - 2008-07-10 12:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll 2014-02-17 16:56 - 2008-07-10 12:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll 2014-02-17 16:56 - 2008-07-10 12:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll 2014-02-17 16:56 - 2008-07-10 12:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll 2014-02-17 16:56 - 2008-07-10 12:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll 2014-02-17 16:56 - 2008-07-10 12:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll 2014-02-17 16:55 - 2014-02-17 16:56 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx 2014-02-17 16:54 - 2014-02-17 16:54 - 00292184 _____ (Microsoft Corporation) C:\Users\Chaoyi\Downloads\dxwebsetup.exe 2014-02-17 16:53 - 2014-02-17 16:54 - 01005302 _____ () C:\Users\Chaoyi\Downloads\d3dx9_24.zip 2014-02-17 16:29 - 2014-03-11 20:57 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Deployment 2014-02-16 21:43 - 2014-02-16 21:43 - 00000549 _____ () C:\Users\Chaoyi\Downloads\OpenWithNotepad.zip 2014-02-16 21:04 - 2014-02-16 21:04 - 00000000 ____D () C:\Program Files\Classic Shell 2014-02-16 21:02 - 2014-02-16 21:02 - 05631168 _____ (IvoSoft) C:\Users\Chaoyi\Downloads\ClassicShellSetup_4_0_4.exe 2014-02-16 17:51 - 2014-02-16 17:51 - 00001453 _____ () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-16 17:51 - 2014-02-16 17:51 - 00000020 ___SH () C:\Users\Jun\ntuser.ini 2014-02-16 14:35 - 2014-02-16 14:35 - 00000000 __SHD () C:\Recovery 2014-02-16 14:35 - 2014-02-16 12:02 - 00000000 ___DC () C:\WINDOWS\Panther 2014-02-16 14:34 - 2014-02-16 14:34 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll 2014-02-16 14:34 - 2014-02-16 14:34 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-02-16 14:34 - 2014-02-16 14:34 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-02-16 14:34 - 2014-02-16 14:34 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe 2014-02-16 14:33 - 2014-02-16 14:33 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe 2014-02-16 14:33 - 2014-02-16 14:33 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe 2014-02-16 14:32 - 2014-02-16 14:32 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-02-16 14:32 - 2014-02-16 14:32 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-02-16 14:32 - 2014-02-16 14:32 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-16 14:32 - 2014-02-16 14:32 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-02-16 14:32 - 2014-02-16 14:32 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2014-02-16 14:32 - 2014-02-16 14:32 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-02-16 14:32 - 2014-02-16 14:32 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-02-16 14:32 - 2014-02-16 14:32 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-02-16 14:32 - 2014-02-16 14:32 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-02-16 14:30 - 2014-02-16 14:30 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms 2014-02-16 14:30 - 2014-02-16 14:30 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms 2014-02-16 14:29 - 2014-02-16 14:29 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2014-02-16 14:29 - 2014-02-16 14:29 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2014-02-16 14:29 - 2014-02-16 14:29 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2014-02-16 14:29 - 2014-02-16 14:29 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2014-02-16 14:29 - 2014-02-16 14:29 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys 2014-02-16 14:29 - 2014-02-16 14:29 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2014-02-16 14:29 - 2014-02-16 14:29 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys 2014-02-16 14:28 - 2014-02-16 14:28 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-02-16 14:28 - 2014-02-16 14:28 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-02-16 14:27 - 2014-02-16 14:27 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2014-02-16 14:27 - 2014-02-16 14:27 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2014-02-16 14:27 - 2014-02-16 14:27 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2014-02-16 14:27 - 2014-02-16 14:27 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2014-02-16 14:27 - 2014-02-16 14:27 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2014-02-16 14:27 - 2014-02-16 14:27 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2014-02-16 14:27 - 2014-02-16 14:27 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2014-02-16 14:27 - 2014-02-16 14:27 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2014-02-16 14:27 - 2014-02-16 14:27 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys 2014-02-16 14:27 - 2014-02-16 14:27 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-02-16 14:27 - 2014-02-16 14:27 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-02-16 14:27 - 2014-02-16 14:27 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2014-02-16 14:26 - 2014-02-16 14:26 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files\Reference Assemblies 2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files\MSBuild 2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-02-16 14:25 - 2012-07-23 13:35 - 00079528 ____R (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amd_sata.sys 2014-02-16 14:25 - 2012-07-23 13:35 - 00026280 ____R (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amd_xata.sys 2014-02-16 14:24 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2014-02-16 14:24 - 2013-08-03 00:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2014-02-16 14:24 - 2013-08-03 00:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2014-02-16 14:24 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2014-02-16 14:24 - 2013-08-03 00:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2014-02-16 14:24 - 2013-08-03 00:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2014-02-16 12:04 - 2014-03-14 15:15 - 00000000 __RDO () C:\Users\Chaoyi\SkyDrive 2014-02-16 12:02 - 2014-02-16 12:02 - 00001453 _____ () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-16 12:02 - 2014-02-16 12:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-02-16 12:02 - 2014-02-16 12:02 - 00000020 ___SH () C:\Users\Chaoyi\ntuser.ini 2014-02-16 11:57 - 2014-03-14 16:33 - 01743547 _____ () C:\WINDOWS\WindowsUpdate.log 2014-02-16 11:56 - 2014-02-16 11:56 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat 2014-02-16 11:45 - 2014-02-16 11:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2014-02-16 11:45 - 2014-02-16 11:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2014-02-16 11:42 - 2014-02-16 11:42 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2014-02-16 11:40 - 2014-03-12 15:46 - 00000000 ____D () C:\Users\Chaoyi 2014-02-16 11:40 - 2014-02-16 17:51 - 00000000 ____D () C:\Users\Jun 2014-02-16 11:40 - 2014-02-16 11:56 - 00036198 _____ () C:\WINDOWS\diagwrn.xml 2014-02-16 11:40 - 2014-02-16 11:56 - 00036198 _____ () C:\WINDOWS\diagerr.xml 2014-02-16 11:40 - 2014-02-16 11:41 - 00000000 ___RD () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-02-16 11:40 - 2014-02-16 11:41 - 00000000 ___RD () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-02-16 11:40 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-16 11:40 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-02-16 11:40 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-02-16 11:40 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-02-16 11:40 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-16 11:40 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\Realtek 2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\ASUS 2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\AMD 2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 _____ () C:\WINDOWS\ativpsrm.bin 2014-02-16 10:34 - 2014-02-16 11:56 - 00006670 _____ () C:\WINDOWS\comsetup.log 2014-02-14 13:55 - 2014-02-14 13:57 - 11990847 _____ () C:\Users\Chaoyi\Downloads\sa-mp-0.3z-R1-install.exe ==================== One Month Modified Files and Folders ======= 2014-03-14 17:44 - 2014-03-14 17:43 - 00018539 _____ () C:\Users\Chaoyi\Downloads\FRST.txt 2014-03-14 17:43 - 2014-03-14 17:42 - 00000000 ____D () C:\FRST 2014-03-14 17:41 - 2014-03-14 17:41 - 02157056 _____ (Farbar) C:\Users\Chaoyi\Downloads\FRST64.exe 2014-03-14 17:40 - 2014-03-14 17:40 - 00036923 _____ () C:\Users\Chaoyi\Desktop\CheckResults.txt 2014-03-14 17:38 - 2014-03-14 17:38 - 00688992 _____ (Swearware) C:\Users\Chaoyi\Downloads\dds.com 2014-03-14 17:38 - 2014-03-14 17:38 - 00353352 _____ (Malwarebytes Corporation) C:\Users\Chaoyi\Downloads\mbam-check-2.0.0.1000.exe 2014-03-14 17:37 - 2014-03-14 17:37 - 00688992 _____ (Swearware) C:\Users\Chaoyi\Downloads\dds.scr 2014-03-14 17:37 - 2014-01-01 12:53 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Skype 2014-03-14 17:34 - 2014-01-01 01:18 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-14 17:22 - 2014-01-02 19:23 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2003096260-2618070249-4292722047-1002UA.job 2014-03-14 17:19 - 2014-01-01 13:13 - 00000000 ____D () C:\Users\Chaoyi\.VirtualBox 2014-03-14 17:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-03-14 16:53 - 2014-01-01 13:19 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\.minecraft 2014-03-14 16:33 - 2014-02-16 11:57 - 01743547 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-14 15:56 - 2014-01-03 19:01 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\ClassicShell 2014-03-14 15:39 - 2013-12-30 19:54 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2003096260-2618070249-4292722047-1002 2014-03-14 15:34 - 2014-01-01 01:19 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-14 15:34 - 2014-01-01 01:18 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-14 15:22 - 2014-01-02 19:23 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2003096260-2618070249-4292722047-1002Core.job 2014-03-14 15:15 - 2014-02-16 12:04 - 00000000 __RDO () C:\Users\Chaoyi\SkyDrive 2014-03-13 19:07 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-03-13 18:22 - 2014-01-02 22:00 - 00000600 _____ () C:\Users\Chaoyi\AppData\Roaming\winscp.rnd 2014-03-13 17:40 - 2014-03-13 17:39 - 00017375 _____ () C:\Users\Chaoyi\Downloads\mod-spamhaus-0.7.tar.gz 2014-03-13 15:58 - 2014-01-10 17:19 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\FileZilla 2014-03-12 21:46 - 2013-11-14 03:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-12 21:42 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-12 21:42 - 2013-08-22 10:44 - 00476560 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-12 21:41 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-03-12 21:40 - 2014-03-01 08:57 - 00020282 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat 2014-03-12 21:38 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-12 21:38 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-12 21:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-12 21:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-12 17:34 - 2014-02-03 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-12 17:31 - 2014-03-12 17:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-12 17:31 - 2014-03-12 17:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-12 15:46 - 2014-03-12 15:46 - 00000000 ____D () C:\Users\Chaoyi\pip 2014-03-12 15:46 - 2014-02-16 11:40 - 00000000 ____D () C:\Users\Chaoyi 2014-03-12 15:43 - 2014-03-12 15:43 - 00840846 _____ () C:\Users\Chaoyi\setuptools-3.1.zip 2014-03-12 15:42 - 2014-03-12 15:42 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\.distlib 2014-03-12 15:42 - 2014-03-09 09:52 - 00000000 ____D () C:\Python27 2014-03-11 21:41 - 2014-01-02 22:37 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\vlc 2014-03-11 21:41 - 2014-01-01 23:43 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\GitHub 2014-03-11 21:39 - 2014-01-01 23:43 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\GitHub 2014-03-11 21:32 - 2014-01-03 14:37 - 00000000 ____D () C:\Users\Chaoyi\.idlerc 2014-03-11 20:57 - 2014-02-17 16:29 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Deployment 2014-03-11 16:43 - 2014-01-01 21:06 - 00000000 ____D () C:\Users\Chaoyi\node_modules 2014-03-11 16:43 - 2014-01-01 21:06 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\npm-cache 2014-03-11 15:17 - 2014-01-25 08:48 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Mozilla 2014-03-10 23:08 - 2014-01-04 05:19 - 00000000 ____D () C:\Users\Jun\AppData\Roaming\ClassicShell 2014-03-10 22:43 - 2013-12-31 18:29 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2003096260-2618070249-4292722047-1003 2014-03-10 17:41 - 2013-08-22 10:46 - 00328269 _____ () C:\WINDOWS\setupact.log 2014-03-08 08:16 - 2014-01-01 13:47 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat 2014-03-07 17:51 - 2014-03-07 17:51 - 04822473 _____ (Tim Kosse) C:\Users\Chaoyi\Downloads\FileZilla_3.7.4.1_win32-setup.exe 2014-03-07 14:25 - 2014-03-07 14:25 - 06468040 _____ () C:\Users\Chaoyi\Downloads\The_New_Bitdefender_SPT.exe 2014-03-07 14:25 - 2014-03-07 14:25 - 00000000 ____D () C:\ProgramData\Dumps 2014-03-06 16:54 - 2014-03-06 16:54 - 00201226 _____ () C:\ProgramData\1394137572.bdinstall.bin 2014-03-06 16:51 - 2014-03-06 16:50 - 00002842 _____ () C:\WINDOWS\system32\lic2.xml16654 2014-03-06 16:50 - 2014-03-06 16:48 - 00000000 ____D () C:\Program Files\Bitdefender 2014-03-06 16:48 - 2014-03-06 16:26 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\QuickScan 2014-03-06 16:26 - 2014-03-06 16:26 - 10447328 _____ () C:\Users\Chaoyi\Downloads\Antivirus_Free_Edition_x64.exe 2014-03-06 16:25 - 2014-03-06 16:25 - 00162208 _____ () C:\Users\Chaoyi\Downloads\Antivirus_Free_Edition.exe 2014-03-04 19:33 - 2014-03-04 19:33 - 00060150 _____ () C:\Users\Chaoyi\Downloads\polr-0.15-RC1.zip 2014-03-04 19:00 - 2014-03-04 19:00 - 44275037 _____ (Igor Pavlov) C:\Users\Chaoyi\Downloads\DevKit-mingw64-64-4.7.2-20130224-1432-sfx.exe 2014-03-04 18:53 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-03-04 18:53 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-04 18:52 - 2014-03-04 18:52 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Sublime Text 2 2014-03-04 18:50 - 2014-03-04 18:50 - 06513608 _____ ( ) C:\Users\Chaoyi\Downloads\Sublime Text 2.0.2 x64 Setup.exe 2014-03-03 15:25 - 2014-01-08 18:29 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\TS3Client 2014-03-03 10:53 - 2014-03-03 10:53 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Composer 2014-03-03 10:53 - 2014-03-03 10:53 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Composer 2014-03-03 09:28 - 2014-03-03 09:28 - 00000000 ____D () C:\Users\Chaoyi\Desktop\ircii 2014-03-03 09:21 - 2014-03-03 09:21 - 00002713 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-03 09:21 - 2014-03-03 09:21 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-03 09:21 - 2014-03-03 09:21 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Skype 2014-03-03 09:21 - 2014-01-01 12:53 - 00000000 ____D () C:\ProgramData\Skype 2014-03-01 10:08 - 2014-02-26 22:35 - 00000718 _____ () C:\Users\Public\Desktop\Cygwin64 Terminal.lnk 2014-03-01 09:40 - 2014-03-01 09:40 - 00000000 ____D () C:\Users\Chaoyi\Downloads\eclipse-standard-luna-M5-win32-x86_64 2014-03-01 09:34 - 2014-03-01 09:32 - 212358569 _____ () C:\Users\Chaoyi\Downloads\eclipse-standard-luna-M5-win32-x86_64.zip 2014-03-01 09:24 - 2014-03-01 09:24 - 02433949 _____ () C:\Users\Chaoyi\Downloads\External_Python (1).zip 2014-03-01 08:57 - 2014-03-01 08:57 - 05509039 _____ ( ) C:\Users\Chaoyi\Downloads\BluelineFull.exe 2014-03-01 08:57 - 2014-03-01 08:57 - 00000000 ___HD () C:\VTRoot 2014-03-01 02:05 - 2014-03-12 16:36 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-03-01 00:58 - 2014-03-12 16:36 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-03-01 00:30 - 2014-03-12 16:36 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-03-01 00:17 - 2014-03-12 16:36 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-28 23:54 - 2014-03-12 16:36 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-02-28 23:47 - 2014-03-12 16:36 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-02-28 23:42 - 2014-03-12 16:36 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-28 23:18 - 2014-03-12 16:36 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-28 23:14 - 2014-03-12 16:36 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-02-28 23:10 - 2014-03-12 16:36 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-28 23:03 - 2014-03-12 16:36 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-02-28 22:57 - 2014-03-12 16:36 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-02-28 22:38 - 2014-03-12 16:36 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-28 22:32 - 2014-03-12 16:36 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-02-28 22:27 - 2014-03-12 16:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-02-28 22:25 - 2014-03-12 16:36 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-02-28 22:25 - 2014-03-12 16:36 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-02-28 21:34 - 2014-02-28 21:34 - 02433949 _____ () C:\Users\Chaoyi\Downloads\External_Python.zip 2014-02-28 19:38 - 2014-02-26 21:09 - 00000968 _____ () C:\Users\Chaoyi\Downloads\setup.log 2014-02-28 19:38 - 2014-02-26 21:09 - 00000242 _____ () C:\Users\Chaoyi\Downloads\setup.log.full 2014-02-26 21:08 - 2014-02-26 21:08 - 00778752 _____ () C:\Users\Chaoyi\Downloads\setup-x86_64.exe 2014-02-23 21:24 - 2014-02-23 21:24 - 00000000 ____D () C:\Users\Jun\AppData\Roaming\Malwarebytes 2014-02-23 18:32 - 2013-12-30 19:42 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Packages 2014-02-21 20:48 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-02-18 16:37 - 2014-02-18 16:37 - 00003633 _____ () C:\Users\Chaoyi\Downloads\LCPDFR 1.0 Taser Data Files (1).zip 2014-02-17 20:53 - 2014-02-17 20:53 - 00514013 _____ () C:\Users\Chaoyi\Downloads\NhYC.txt 2014-02-17 17:58 - 2014-02-17 17:58 - 04714971 _____ () C:\Users\Chaoyi\Downloads\dfsetup217.zip 2014-02-17 16:59 - 2014-02-17 16:59 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe 2014-02-17 16:59 - 2014-02-17 16:59 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe 2014-02-17 16:59 - 2014-02-17 16:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe 2014-02-17 16:59 - 2014-02-17 16:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll 2014-02-17 16:56 - 2014-02-17 16:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx 2014-02-17 16:54 - 2014-02-17 16:54 - 00292184 _____ (Microsoft Corporation) C:\Users\Chaoyi\Downloads\dxwebsetup.exe 2014-02-17 16:54 - 2014-02-17 16:53 - 01005302 _____ () C:\Users\Chaoyi\Downloads\d3dx9_24.zip 2014-02-16 21:43 - 2014-02-16 21:43 - 00000549 _____ () C:\Users\Chaoyi\Downloads\OpenWithNotepad.zip 2014-02-16 21:04 - 2014-02-16 21:04 - 00000000 ____D () C:\Program Files\Classic Shell 2014-02-16 21:03 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2014-02-16 21:02 - 2014-02-16 21:02 - 05631168 _____ (IvoSoft) C:\Users\Chaoyi\Downloads\ClassicShellSetup_4_0_4.exe 2014-02-16 17:52 - 2013-12-31 18:23 - 00000000 ____D () C:\Users\Jun\AppData\Local\Packages 2014-02-16 17:51 - 2014-02-16 17:51 - 00001453 _____ () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-16 17:51 - 2014-02-16 17:51 - 00000020 ___SH () C:\Users\Jun\ntuser.ini 2014-02-16 17:51 - 2014-02-16 11:40 - 00000000 ____D () C:\Users\Jun 2014-02-16 17:51 - 2013-12-31 18:23 - 00000000 ___RD () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-16 17:51 - 2013-12-31 18:23 - 00000000 ___RD () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-02-16 14:35 - 2014-02-16 14:35 - 00000000 __SHD () C:\Recovery 2014-02-16 14:34 - 2014-02-16 14:34 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll 2014-02-16 14:34 - 2014-02-16 14:34 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-02-16 14:34 - 2014-02-16 14:34 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-02-16 14:34 - 2014-02-16 14:34 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll 2014-02-16 14:34 - 2013-08-22 11:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2014-02-16 14:33 - 2014-02-16 14:33 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe 2014-02-16 14:33 - 2014-02-16 14:33 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll 2014-02-16 14:33 - 2014-02-16 14:33 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe 2014-02-16 14:33 - 2014-02-16 14:33 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe 2014-02-16 14:32 - 2014-02-16 14:32 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-02-16 14:32 - 2014-02-16 14:32 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-02-16 14:32 - 2014-02-16 14:32 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-16 14:32 - 2014-02-16 14:32 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-02-16 14:32 - 2014-02-16 14:32 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2014-02-16 14:32 - 2014-02-16 14:32 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-02-16 14:32 - 2014-02-16 14:32 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-02-16 14:32 - 2014-02-16 14:32 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-02-16 14:32 - 2014-02-16 14:32 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-02-16 14:32 - 2014-02-16 14:32 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-02-16 14:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-02-16 14:30 - 2014-02-16 14:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-02-16 14:30 - 2014-02-16 14:30 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll 2014-02-16 14:30 - 2014-02-16 14:30 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms 2014-02-16 14:30 - 2014-02-16 14:30 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms 2014-02-16 14:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer 2014-02-16 14:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager 2014-02-16 14:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera 2014-02-16 14:29 - 2014-02-16 14:29 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2014-02-16 14:29 - 2014-02-16 14:29 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2014-02-16 14:29 - 2014-02-16 14:29 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2014-02-16 14:29 - 2014-02-16 14:29 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2014-02-16 14:29 - 2014-02-16 14:29 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys 2014-02-16 14:29 - 2014-02-16 14:29 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2014-02-16 14:29 - 2014-02-16 14:29 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll 2014-02-16 14:29 - 2014-02-16 14:29 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys 2014-02-16 14:28 - 2014-02-16 14:28 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-02-16 14:28 - 2014-02-16 14:28 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-02-16 14:27 - 2014-02-16 14:27 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2014-02-16 14:27 - 2014-02-16 14:27 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2014-02-16 14:27 - 2014-02-16 14:27 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2014-02-16 14:27 - 2014-02-16 14:27 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2014-02-16 14:27 - 2014-02-16 14:27 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2014-02-16 14:27 - 2014-02-16 14:27 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2014-02-16 14:27 - 2014-02-16 14:27 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2014-02-16 14:27 - 2014-02-16 14:27 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2014-02-16 14:27 - 2014-02-16 14:27 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys 2014-02-16 14:27 - 2014-02-16 14:27 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2014-02-16 14:27 - 2014-02-16 14:27 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2014-02-16 14:27 - 2014-02-16 14:27 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2014-02-16 14:27 - 2014-02-16 14:27 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2014-02-16 14:26 - 2014-02-16 14:26 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files\Reference Assemblies 2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files\MSBuild 2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-02-16 12:02 - 2014-02-16 14:35 - 00000000 ___DC () C:\WINDOWS\Panther 2014-02-16 12:02 - 2014-02-16 12:02 - 00001453 _____ () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-16 12:02 - 2014-02-16 12:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-02-16 12:02 - 2014-02-16 12:02 - 00000020 ___SH () C:\Users\Chaoyi\ntuser.ini 2014-02-16 12:02 - 2013-12-30 19:43 - 00000000 ___RD () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-16 12:02 - 2013-12-30 19:43 - 00000000 ___RD () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-02-16 11:56 - 2014-02-16 11:56 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat 2014-02-16 11:56 - 2014-02-16 11:40 - 00036198 _____ () C:\WINDOWS\diagwrn.xml 2014-02-16 11:56 - 2014-02-16 11:40 - 00036198 _____ () C:\WINDOWS\diagerr.xml 2014-02-16 11:56 - 2014-02-16 10:34 - 00006670 _____ () C:\WINDOWS\comsetup.log 2014-02-16 11:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Registration 2014-02-16 11:52 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media 2014-02-16 11:52 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries 2014-02-16 11:49 - 2014-01-13 20:18 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.0.0-p353-x64 2014-02-16 11:49 - 2014-01-08 18:28 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-02-16 11:49 - 2014-01-05 14:35 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2 2014-02-16 11:49 - 2014-01-01 23:43 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc 2014-02-16 11:49 - 2013-12-30 20:41 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js 2014-02-16 11:49 - 2013-11-14 03:17 - 00000000 ____D () C:\WINDOWS\ShellNew 2014-02-16 11:49 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2014-02-16 11:49 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-02-16 11:49 - 2012-11-29 13:48 - 00000000 ____D () C:\WINDOWS\nl 2014-02-16 11:49 - 2012-11-29 13:47 - 00000000 ____D () C:\WINDOWS\it 2014-02-16 11:49 - 2012-11-29 13:47 - 00000000 ____D () C:\WINDOWS\fr 2014-02-16 11:49 - 2012-11-29 13:47 - 00000000 ____D () C:\WINDOWS\es 2014-02-16 11:49 - 2012-11-29 13:47 - 00000000 ____D () C:\WINDOWS\el 2014-02-16 11:49 - 2012-11-29 13:47 - 00000000 ____D () C:\WINDOWS\de 2014-02-16 11:49 - 2012-11-29 13:46 - 00000000 ____D () C:\WINDOWS\en 2014-02-16 11:49 - 2012-11-29 11:39 - 00000000 ____D () C:\WINDOWS\en-GB 2014-02-16 11:49 - 2012-11-29 11:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\OEM 2014-02-16 11:45 - 2014-02-16 11:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2014-02-16 11:45 - 2014-02-16 11:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2014-02-16 11:45 - 2013-08-22 11:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log 2014-02-16 11:45 - 2012-07-26 01:37 - 00000000 ____D () C:\Users\Default.migrated 2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm 2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr 2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\system32\winrm 2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\system32\WCN 2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\system32\slmgr 2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts 2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform 2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-02-16 11:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2014-02-16 11:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe 2014-02-16 11:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism 2014-02-16 11:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2014-02-16 11:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism 2014-02-16 11:44 - 2012-11-29 11:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2014-02-16 11:43 - 2013-11-14 03:17 - 00000000 ____D () C:\Program Files\Windows Journal 2014-02-16 11:43 - 2013-08-22 11:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME 2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Help 2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System 2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2014-02-16 11:43 - 2012-11-29 14:02 - 00000000 ____D () C:\ProgramData\PRICache 2014-02-16 11:42 - 2014-02-16 11:42 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2014-02-16 11:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2014-02-16 11:42 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2014-02-16 11:41 - 2014-02-16 11:40 - 00000000 ___RD () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-02-16 11:41 - 2014-02-16 11:40 - 00000000 ___RD () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\Realtek 2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\ASUS 2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\AMD 2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 _____ () C:\WINDOWS\ativpsrm.bin 2014-02-16 11:37 - 2014-01-19 09:32 - 00000000 ____D () C:\AMD 2014-02-16 11:36 - 2013-11-14 03:20 - 00000808 _____ () C:\WINDOWS\PFRO.log 2014-02-16 11:36 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default 2014-02-16 11:19 - 2013-01-18 01:32 - 01916949 _____ () C:\WINDOWS\WindowsUpdate (1).log 2014-02-16 10:03 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-02-15 08:30 - 2014-01-01 03:07 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-02-15 08:29 - 2014-01-01 03:07 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-02-14 19:27 - 2014-01-01 13:50 - 00000000 ____D () C:\Users\Chaoyi\VirtualBox VMs 2014-02-14 13:57 - 2014-02-14 13:55 - 11990847 _____ () C:\Users\Chaoyi\Downloads\sa-mp-0.3z-R1-install.exe 2014-02-12 16:29 - 2014-01-01 01:18 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-02-12 16:29 - 2014-01-01 01:18 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-03-12 16:35] - [2014-01-31 12:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02 LastRegBack: 2014-03-13 18:49 ==================== End Of Log ============================
  5. ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programs\Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.242.0.12 Chrome: ======= CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll () CHR Plugin: (Google Talk Plugin) - C:\Users\Chaoyi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\Chaoyi\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Chaoyi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Chaoyi\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Microsoft Office 2010) - D:\Programs\Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - D:\Programs\Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Extension: (Tank Hero: Laser Wars (Web)) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkkneogpiampdcpgceflcjjmghppmmn [2014-01-01] CHR Extension: (Google Docs) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-01] CHR Extension: (Google Drive) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-01] CHR Extension: (Last.fm free music player) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh [2014-01-01] CHR Extension: (Web Developer) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-01-01] CHR Extension: (WOT) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-01-01] CHR Extension: (YouTube) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-01] CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-01-01] CHR Extension: (Google Search) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-01] CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2014-01-01] CHR Extension: (Nitrous.IO) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdcneeepllhjlbejkfnaolelbpdacai [2014-01-01] CHR Extension: (Ratchet & Clank Future 2) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn [2014-02-17] CHR Extension: (PanicButton) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-01-01] CHR Extension: (HTTPS Everywhere) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-02-07] CHR Extension: (AdBlock) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-01] CHR Extension: (Cut the Rope) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2014-01-01] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-01-01] CHR Extension: (Grey Minimalist) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibnimblojplfbdgeebipbioedefogoi [2014-01-01] CHR Extension: (Google Keep) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-01-01] CHR Extension: (Google Voice (by Google)) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-01-01] CHR Extension: (Cloud9) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp [2014-01-01] CHR Extension: (Google Wallet) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-01] CHR Extension: (Instagram for Chrome) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-01-01] CHR Extension: (Gmail) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-01] CHR Extension: (Secure Shell) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhechapfaindjhompbnflcldabbghjo [2014-01-01] CHR Extension: (Canvas Rider) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2014-01-01] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO) R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC) S3 wampapache; D:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation) S3 wampmysqld; D:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices) S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] () R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek ) R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender) U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider) R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [715824 2013-11-14] (COMODO) R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38072 2013-09-24] (COMODO) R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation) R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [118400 2013-09-24] (COMODO) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-16] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-16] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project) R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-14 17:43 - 2014-03-14 17:44 - 00018539 _____ () C:\Users\Chaoyi\Downloads\FRST.txt 2014-03-14 17:42 - 2014-03-14 17:43 - 00000000 ____D () C:\FRST 2014-03-14 17:41 - 2014-03-14 17:41 - 02157056 _____ (Farbar) C:\Users\Chaoyi\Downloads\FRST64.exe 2014-03-14 17:40 - 2014-03-14 17:40 - 00036923 _____ () C:\Users\Chaoyi\Desktop\CheckResults.txt 2014-03-14 17:38 - 2014-03-14 17:38 - 00688992 _____ (Swearware) C:\Users\Chaoyi\Downloads\dds.com 2014-03-14 17:38 - 2014-03-14 17:38 - 00353352 _____ (Malwarebytes Corporation) C:\Users\Chaoyi\Downloads\mbam-check-2.0.0.1000.exe 2014-03-14 17:37 - 2014-03-14 17:37 - 00688992 _____ (Swearware) C:\Users\Chaoyi\Downloads\dds.scr 2014-03-13 17:41 - 2008-11-03 06:44 - 00061440 _____ () C:\Users\Chaoyi\Downloads\mod-spamhaus-0.7.tar 2014-03-13 17:41 - 2008-11-03 06:43 - 00000000 ____D () C:\Users\Chaoyi\Downloads\mod-spamhaus 2014-03-13 17:39 - 2014-03-13 17:40 - 00017375 _____ () C:\Users\Chaoyi\Downloads\mod-spamhaus-0.7.tar.gz 2014-03-12 17:31 - 2014-03-12 17:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-12 17:31 - 2014-03-12 17:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-12 16:36 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-03-12 16:36 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-03-12 16:36 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-03-12 16:36 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-03-12 16:36 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-03-12 16:36 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-03-12 16:36 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-03-12 16:36 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-03-12 16:36 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-03-12 16:36 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-03-12 16:36 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-03-12 16:36 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-03-12 16:36 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-03-12 16:36 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-03-12 16:36 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-03-12 16:36 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-03-12 16:36 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-03-12 16:36 - 2014-01-31 12:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2014-03-12 16:36 - 2014-01-31 09:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2014-03-12 16:36 - 2014-01-29 04:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-03-12 16:36 - 2014-01-27 11:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-03-12 16:36 - 2014-01-27 11:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-03-12 16:36 - 2013-12-21 10:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2014-03-12 16:36 - 2013-12-20 06:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2014-03-12 16:36 - 2013-12-20 06:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2014-03-12 16:35 - 2014-02-10 23:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-03-12 16:35 - 2014-02-10 22:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-03-12 16:35 - 2014-02-10 22:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-03-12 16:35 - 2014-01-31 12:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2014-03-12 16:35 - 2014-01-31 12:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2014-03-12 16:35 - 2014-01-31 05:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll 2014-03-12 16:35 - 2014-01-29 05:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2014-03-12 16:35 - 2014-01-29 04:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2014-03-12 16:35 - 2014-01-29 04:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2014-03-12 16:35 - 2014-01-29 04:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2014-03-12 16:35 - 2014-01-29 03:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2014-03-12 16:35 - 2014-01-29 03:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2014-03-12 16:35 - 2014-01-29 03:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2014-03-12 16:35 - 2014-01-29 02:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll 2014-03-12 16:35 - 2014-01-28 20:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2014-03-12 16:35 - 2014-01-27 15:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2014-03-12 16:35 - 2014-01-27 15:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2014-03-12 16:35 - 2014-01-27 15:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2014-03-12 16:35 - 2014-01-27 14:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2014-03-12 16:35 - 2014-01-27 14:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2014-03-12 16:35 - 2014-01-27 14:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2014-03-12 16:35 - 2014-01-27 14:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2014-03-12 16:35 - 2014-01-27 14:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2014-03-12 16:35 - 2014-01-27 13:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-03-12 16:35 - 2014-01-27 13:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll 2014-03-12 16:35 - 2014-01-27 13:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll 2014-03-12 16:35 - 2014-01-27 07:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-03-12 16:35 - 2014-01-17 19:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2014-03-12 16:35 - 2014-01-17 17:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-03-12 16:35 - 2013-12-21 04:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll 2014-03-12 16:35 - 2013-10-30 20:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-03-12 16:35 - 2013-10-30 20:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2014-03-12 16:35 - 2013-10-30 20:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-03-12 15:46 - 2014-03-12 15:46 - 00000000 ____D () C:\Users\Chaoyi\pip 2014-03-12 15:43 - 2014-03-12 15:43 - 00840846 _____ () C:\Users\Chaoyi\setuptools-3.1.zip 2014-03-12 15:42 - 2014-03-12 15:42 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\.distlib 2014-03-09 09:52 - 2014-03-12 15:42 - 00000000 ____D () C:\Python27 2014-03-07 17:51 - 2014-03-07 17:51 - 04822473 _____ (Tim Kosse) C:\Users\Chaoyi\Downloads\FileZilla_3.7.4.1_win32-setup.exe 2014-03-07 14:25 - 2014-03-07 14:25 - 06468040 _____ () C:\Users\Chaoyi\Downloads\The_New_Bitdefender_SPT.exe 2014-03-07 14:25 - 2014-03-07 14:25 - 00000000 ____D () C:\ProgramData\Dumps 2014-03-06 16:54 - 2014-03-06 16:54 - 00201226 _____ () C:\ProgramData\1394137572.bdinstall.bin 2014-03-06 16:50 - 2014-03-06 16:51 - 00002842 _____ () C:\WINDOWS\system32\lic2.xml16654 2014-03-06 16:50 - 2009-07-15 02:21 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll 2014-03-06 16:49 - 2013-04-17 15:59 - 00718840 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys 2014-03-06 16:49 - 2013-04-17 15:59 - 00593144 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys 2014-03-06 16:49 - 2012-11-02 15:17 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys 2014-03-06 16:48 - 2014-03-06 16:50 - 00000000 ____D () C:\Program Files\Bitdefender 2014-03-06 16:48 - 2013-05-28 13:12 - 00382536 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys 2014-03-06 16:48 - 2013-04-22 14:21 - 00148696 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys 2014-03-06 16:26 - 2014-03-06 16:48 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\QuickScan 2014-03-06 16:26 - 2014-03-06 16:26 - 10447328 _____ () C:\Users\Chaoyi\Downloads\Antivirus_Free_Edition_x64.exe 2014-03-06 16:25 - 2014-03-06 16:25 - 00162208 _____ () C:\Users\Chaoyi\Downloads\Antivirus_Free_Edition.exe 2014-03-04 19:33 - 2014-03-04 19:33 - 00060150 _____ () C:\Users\Chaoyi\Downloads\polr-0.15-RC1.zip 2014-03-04 19:00 - 2014-03-04 19:00 - 44275037 _____ (Igor Pavlov) C:\Users\Chaoyi\Downloads\DevKit-mingw64-64-4.7.2-20130224-1432-sfx.exe 2014-03-04 18:52 - 2014-03-04 18:52 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Sublime Text 2 2014-03-04 18:50 - 2014-03-04 18:50 - 06513608 _____ ( ) C:\Users\Chaoyi\Downloads\Sublime Text 2.0.2 x64 Setup.exe 2014-03-03 10:53 - 2014-03-03 10:53 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Composer 2014-03-03 10:53 - 2014-03-03 10:53 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Composer 2014-03-03 09:28 - 2014-03-03 09:28 - 00000000 ____D () C:\Users\Chaoyi\Desktop\ircii 2014-03-03 09:21 - 2014-03-03 09:21 - 00002713 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-03 09:21 - 2014-03-03 09:21 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-03 09:21 - 2014-03-03 09:21 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Skype 2014-03-01 09:40 - 2014-03-01 09:40 - 00000000 ____D () C:\Users\Chaoyi\Downloads\eclipse-standard-luna-M5-win32-x86_64 2014-03-01 09:32 - 2014-03-01 09:34 - 212358569 _____ () C:\Users\Chaoyi\Downloads\eclipse-standard-luna-M5-win32-x86_64.zip 2014-03-01 09:24 - 2014-03-01 09:24 - 02433949 _____ () C:\Users\Chaoyi\Downloads\External_Python (1).zip 2014-03-01 08:57 - 2014-03-12 21:40 - 00020282 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat 2014-03-01 08:57 - 2014-03-01 08:57 - 05509039 _____ ( ) C:\Users\Chaoyi\Downloads\BluelineFull.exe 2014-03-01 08:57 - 2014-03-01 08:57 - 00000000 ___HD () C:\VTRoot 2014-02-28 21:34 - 2014-02-28 21:34 - 02433949 _____ () C:\Users\Chaoyi\Downloads\External_Python.zip 2014-02-26 22:35 - 2014-03-01 10:08 - 00000718 _____ () C:\Users\Public\Desktop\Cygwin64 Terminal.lnk 2014-02-26 21:09 - 2014-02-28 19:38 - 00000968 _____ () C:\Users\Chaoyi\Downloads\setup.log 2014-02-26 21:09 - 2014-02-28 19:38 - 00000242 _____ () C:\Users\Chaoyi\Downloads\setup.log.full 2014-02-26 21:08 - 2014-02-26 21:08 - 00778752 _____ () C:\Users\Chaoyi\Downloads\setup-x86_64.exe 2014-02-23 21:24 - 2014-02-23 21:24 - 00000000 ____D () C:\Users\Jun\AppData\Roaming\Malwarebytes 2014-02-18 16:37 - 2014-02-18 16:37 - 00003633 _____ () C:\Users\Chaoyi\Downloads\LCPDFR 1.0 Taser Data Files (1).zip 2014-02-17 20:53 - 2014-02-17 20:53 - 00514013 _____ () C:\Users\Chaoyi\Downloads\NhYC.txt 2014-02-17 17:58 - 2014-02-17 17:58 - 04714971 _____ () C:\Users\Chaoyi\Downloads\dfsetup217.zip 2014-02-17 16:59 - 2014-02-17 16:59 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe 2014-02-17 16:59 - 2014-02-17 16:59 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe 2014-02-17 16:59 - 2014-02-17 16:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe 2014-02-17 16:59 - 2014-02-17 16:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll 2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll 2014-02-17 16:56 - 2010-06-02 05:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll 2014-02-17 16:56 - 2010-06-02 05:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll 2014-02-17 16:56 - 2010-05-26 12:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2014-02-17 16:56 - 2010-05-26 12:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll (still too long, posting in another post)
  6. I get the following when I try to run DDS (tried both .scr and .com). I am currently using Windows 8.1 http://imgur.com/y67WpOw MBAMCheck Logs: mbam-check result log version: 2.0.0.1000 Malwarebytes Version: REG_SZ 1.75.0.1300 Date Log Created: 03/14/14Time Log Created: 17:40:05 User Account type: Administrator 64 bit Operating System Product Name: REG_SZ Windows 8.1 Current Build Number: 9200 Current Version Number: 6.2 Current CSDVersion: Proxy Status: No proxy is Set LAN Settings:============= only 'Automatically detect settings' is selected SystemPartition:================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition REG_SZ \Device\HarddiskVolume2 Balloon Tips Status:==================== Enabled Time Format Settings:===================== Should be:h:mm:ss ttAM PM : Currently:REG_SZ h:mm:ss ttREG_SZ AMREG_SZ PMREG_SZ : Language and Regional Settings:=============================== ACP: Language is English (United States)MACCP: Language is English (United States)OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check:==================================================== All Users Startup Folder Exists.Current User's Startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors:=============================================================================== TERMService:==============Type : 32State : 1 (The service is not running.) (State is stopped)WIN32_EXIT_CODE : 1077SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 TermService Start is set to: 3 (Manual Startup) Compatibility Flag Settings (Any MBAM file listings should be removed):======================================================================= HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\LayersD:\Chaoyi\GTA IV\Grand Theft Auto IV\GTAIV.exeREG_SZ ~ RUNASADMIN Malwarebytes Anti-Malware Shell Extension Block Check:====================================================== MBAM Startup Entries: =====================HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnceHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Service and Driver Status:========================== MBAMProtector:==============Type : 2State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 MBAMService:==============Type : 16State : 4 (The service is running.)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 MBAMScheduler:==============Type : 16State : 4 (The service is running.)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon MBAMProtector Registry Values:============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtectorWOW64 REG_DWORD 1Type REG_DWORD 2Start REG_DWORD 3ErrorControl REG_DWORD 1ImagePath REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sysDisplayName REG_SZ MBAMProtectorGroup REG_SZ FSFilter Anti-VirusDependOnService REG_MULTI_SZ FltMgr HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\InstancesDefaultInstance REG_SZ MBAMProtector InstanceHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector InstanceAltitude REG_SZ 328800Flags REG_DWORD 0MBAMService Registry Values:============================ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMServiceWOW64 REG_DWORD 1Description REG_SZ Malwarebytes Anti-Malware serviceDelayedAutostart REG_DWORD 0Type REG_DWORD 16Start REG_DWORD 2ErrorControl REG_DWORD 1ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"DisplayName REG_SZ MBAMServiceDependOnService REG_MULTI_SZ MBAMProtector ObjectName REG_SZ LocalSystemMBAMScheduler Registry Values:============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMSchedulerWOW64 REG_DWORD 1Description REG_SZ Malwarebytes Anti-Malware schedulerType REG_DWORD 16Start REG_DWORD 2ErrorControl REG_DWORD 1ImagePath REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"DisplayName REG_SZ MBAMSchedulerObjectName REG_SZ LocalSystem MBAM DLL's and Runtime Files:============================= HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid(Default): REG_SZ vbAccelerator Grid ControlHKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67} HKEY_CLASSES_ROOT\SSubTimer6.GSubclass(Default): REG_SZ SSubTimer6.GSubclassHKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.CTimer(Default): REG_SZ SSubTimer6.CTimerHKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\SSubTimer6.ISubclass(Default): REG_SZ SSubTimer6.ISubclassHKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A} HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ SSubTimer6.ISubclassHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID(Default): REG_SZ SSubTimer6.ISubclassHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION(Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ SSubTimer6.GSubclassHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dllThreadingModel REG_SZ ApartmentHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID(Default): REG_SZ SSubTimer6.GSubclassHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION(Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ SSubTimer6.CTimerHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented CategoriesHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dllThreadingModel REG_SZ ApartmentHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID(Default): REG_SZ SSubTimer6.CTimerHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgrammableHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION(Default): REG_SZ 1.0 HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocxHKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS(Default): REG_SZ 2HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-MalwareHKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocxHKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS(Default): REG_SZ 2HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-MalwareHKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dllHKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS(Default): REG_SZ 0HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-MalwareHKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dllHKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS(Default): REG_SZ 0HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-MalwareHKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ _ISubclassHKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}Version REG_SZ 1.0HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ ISubclassHKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}Version REG_SZ 1.0HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ __CTimerHKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}Version REG_SZ 1.0HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}(Default): REG_SZ CTimerHKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}Version REG_SZ 1.0HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}(Default): REG_SZ __vbalGridHKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}Version REG_SZ 1.1HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}(Default): REG_SZ vbalGridHKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32(Default): REG_SZ {00020420-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}Version REG_SZ 1.1MBAM Registry Settings and License Info:======================================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malwareadvancedheuristics REG_DWORD 1downloadprogram REG_DWORD 1hidereg REG_DWORD 0detectp2p REG_DWORD 0detectpum REG_DWORD 1detectpup REG_DWORD 2updatewarn REG_DWORD 1updatewarndays REG_DWORD 2useproxy REG_DWORD 0useauthentication REG_DWORD 0contextmenu REG_DWORD 1reportthreats REG_DWORD 1startwithwindows REG_DWORD 1startfsdisabled REG_DWORD 0startipdisabled REG_DWORD 0silentipmode REG_DWORD 0autoquarantine REG_DWORD 1notifyinstallprogram REG_DWORD 1trialpromptshown REG_DWORD 0autoquarantinenotify REG_DWORD 1alwaysscanarchives REG_DWORD 1InstallPath REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malwaredbdate REG_SZ Fri, 14 Mar 2014 19:19:36 GMTdbversion REG_SZ v2014.03.14.07programversion REG_SZ 1.75.0.1300programbuild REG_SZ consumerID XXXXX-XXXXX This is hidden data.Key XXXX-XXXX-XXXX-XXXX This is hidden data.SchedulerQueue REG_MULTI_SZ 1052673, 0, 0, 20, 0 | 30359501, 1082120703 HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malwarealwaysscanfiles REG_DWORD 1alwaysscanheuristics REG_DWORD 1alwaysscanmemory REG_DWORD 1alwaysscanregistry REG_DWORD 1alwaysscanstartups REG_DWORD 1autosavelog REG_DWORD 1openlog REG_DWORD 1defaultscan REG_DWORD 0terminateie REG_DWORD 0Language REG_SZ English.lngselectedrives REG_SZ C:\|D:\|HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malwarealwaysscanfiles REG_DWORD 1alwaysscanheuristics REG_DWORD 1alwaysscanmemory REG_DWORD 1alwaysscanregistry REG_DWORD 1alwaysscanstartups REG_DWORD 1autosavelog REG_DWORD 1openlog REG_DWORD 1defaultscan REG_DWORD 0terminateie REG_DWORD 0HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malwarealwaysscanfiles REG_DWORD 1alwaysscanheuristics REG_DWORD 1alwaysscanmemory REG_DWORD 1alwaysscanregistry REG_DWORD 1alwaysscanstartups REG_DWORD 1autosavelog REG_DWORD 1openlog REG_DWORD 1defaultscan REG_DWORD 0terminateie REG_DWORD 0 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1Inno Setup: Setup Version REG_SZ 5.5.3-dev (a)Inno Setup: App Path REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-MalwareInstallLocation REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-MalwareInno Setup: User REG_SZ ChaoyiInno Setup: Selected Tasks REG_DWORD 0Inno Setup: Deselected Tasks REG_SZ desktopicon,quicklaunchiconInno Setup: Language REG_SZ EnglishDisplayName REG_SZ Malwarebytes Anti-Malware version 1.75.0.1300DisplayIcon REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeUninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"QuietUninstallString REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENTDisplayVersion REG_SZ 1.75.0.1300Publisher REG_SZ Malwarebytes CorporationURLInfoAbout REG_SZ http://www.malwarebytes.orgNoModify REG_DWORD 1NoRepair REG_DWORD 1InstallDate REG_SZ 20140106MajorVersion REG_DWORD 1MinorVersion REG_DWORD 75EstimatedSize REG_DWORD 19815Pending File Rename Operations: ================================If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. Scheduler Queue:================ Scheduled Item: Update Schedule Options: | Realtime | Silent Start Time: Realtime Repeating Every: 20 Recover if missed by: 0 Context Menu Entries:===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt(Default): REG_SZ MBAMShlExt ClassHKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer(Default): REG_SZ MBAMExt.MBAMShlExt.1HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1(Default): REG_SZ MBAMShlExt ClassHKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}(Default): REG_SZ IMBAMShlExtHKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32(Default): REG_SZ {00020424-0000-0000-C000-000000000046}HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}Version REG_SZ 1.0HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}(Default): REG_SZ MBAMShlExt ClassHKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dllThreadingModel REG_SZ ApartmentHKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID(Default): REG_SZ MBAMExt.MBAMShlExt.1HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID(Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0(Default): REG_SZ MBAMExt 1.0 Type LibraryHKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dllHKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS(Default): REG_SZ 0HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-MalwareHKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0(Default): REG_SZ MBAMExt 1.0 Type LibraryHKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dllHKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS(Default): REG_SZ 0HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR(Default): REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware MBAM Drivers:============= C:\WINDOWS\system32\drivers\mbam.sys File Size: 25928 BYTES FileVersion: 1.60.2.0 Required Dependencies:====================== BFE:==============Type : 32State : 4 (The service is running.)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFEDisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001ErrorControl REG_DWORD 1Group REG_SZ NetworkProviderImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetworkStart REG_DWORD 2Type REG_DWORD 32Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002DependOnService REG_MULTI_SZ RpcSsWfpLwfs ObjectName REG_SZ NT AUTHORITY\LocalServiceServiceSidType REG_DWORD 3RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege FailureActions REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\ParametersServiceDllUnloadOnStop REG_DWORD 1ServiceMain REG_SZ BfeServiceMainServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll fltmgr:==============Type : 2State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE : 0SERVICE_EXIT_CODE : 0CHECKPOINT : 0WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgrAttachWhenLoaded REG_DWORD 1DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001ErrorControl REG_DWORD 3Group REG_SZ FSFilter InfrastructureImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sysStart REG_DWORD 0Tag REG_DWORD 1Type REG_DWORD 2Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 358752 BYTES FileVersion: 6.3.9600.16384C:\WINDOWS\SysWOW64\mscomctl.ocx File Size: 1070152 BYTES FileVersion: 6.1.98.34C:\WINDOWS\SysWOW64\olepro32.dll File Size: 80384 BYTES FileVersion: 6.3.9600.16384 List of MBAM Related Directories:================================= C:\Program Files (x86)\Malwarebytes' Anti-Malware7z.dll File Size: 914432 BYTES FileVersion: 9.20.0.0changes.txt File Size: 200 BYTESlicense.rtf File Size: 17916 BYTESmbam.chm File Size: 474148 BYTESmbam.dll File Size: 527944 BYTES FileVersion: 1.70.0.0mbam.exe File Size: 887432 BYTES FileVersion: 1.75.0.1mbamcore.dll File Size: 1127496 BYTES FileVersion: 1.70.0.0mbamext.dll File Size: 95304 BYTES FileVersion: 1.70.0.0mbamgui.exe File Size: 532040 BYTES FileVersion: 1.70.0.0mbamnet.dll File Size: 2191944 BYTES FileVersion: 1.70.0.0mbampt.exe File Size: 40008 BYTES FileVersion: 1.70.0.0mbamscheduler.exe File Size: 418376 BYTES FileVersion: 1.70.0.0mbamservice.exe File Size: 701512 BYTES FileVersion: 1.70.0.0mbamtoast.dll File Size: 74312 BYTES FileVersion: 1.70.0.0ssubtmr6.dll File Size: 46416 BYTES FileVersion: 1.1.0.3unins000.dat File Size: 15834 BYTESunins000.exe File Size: 712264 BYTES FileVersion: 51.52.0.0unins000.msg File Size: 11277 BYTESvbalsgrid6.ocx File Size: 496976 BYTES FileVersion: 2.0.0.40 C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleonchameleon.chm File Size: 186068 BYTESfirefox.com File Size: 218184 BYTESfirefox.exe File Size: 218184 BYTESfirefox.pif File Size: 218184 BYTESfirefox.scr File Size: 218184 BYTESiexplore.exe File Size: 218184 BYTESmbam-chameleon.com File Size: 218184 BYTESmbam-chameleon.exe File Size: 218184 BYTESmbam-chameleon.pif File Size: 218184 BYTESmbam-chameleon.scr File Size: 218184 BYTESmbam-killer.exe File Size: 896072 BYTESrundll32.exe File Size: 218184 BYTESsvchost.exe File Size: 218184 BYTESwinlogon.exe File Size: 218184 BYTES C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languagesarabic.lng File Size: 21894 BYTESbelarusian.lng File Size: 26884 BYTESbosnian.lng File Size: 27108 BYTESbulgarian.lng File Size: 27574 BYTEScatalan.lng File Size: 28252 BYTESchineseSI.lng File Size: 11024 BYTESchineseTR.lng File Size: 11952 BYTEScroatian.lng File Size: 26670 BYTESczech.lng File Size: 24874 BYTESdanish.lng File Size: 26582 BYTESdutch.lng File Size: 28342 BYTESenglish.lng File Size: 24542 BYTESestonian.lng File Size: 25146 BYTESfinnish.lng File Size: 25950 BYTESfrench.lng File Size: 29830 BYTESgerman.lng File Size: 29894 BYTESgreek.lng File Size: 29300 BYTEShebrew.lng File Size: 19362 BYTEShungarian.lng File Size: 28666 BYTESindonesian.lng File Size: 26854 BYTESitalian.lng File Size: 28194 BYTESjapanese.lng File Size: 16266 BYTESkorean.lng File Size: 14188 BYTESlatvian.lng File Size: 27100 BYTESlithuanian.lng File Size: 27838 BYTESnorwegian.lng File Size: 25116 BYTESpolish.lng File Size: 26644 BYTESportugueseBR.lng File Size: 28654 BYTESportuguesePT.lng File Size: 29062 BYTESromanian.lng File Size: 28290 BYTESrussian.lng File Size: 27302 BYTESserbian.lng File Size: 26804 BYTESslovak.lng File Size: 25644 BYTESslovenian.lng File Size: 24852 BYTESspanish.lng File Size: 30060 BYTESswedish.lng File Size: 25992 BYTESthai.lng File Size: 26092 BYTESturkish.lng File Size: 25876 BYTESvietnamese.lng File Size: 29528 BYTES C:\Users\Chaoyi\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware C:\Users\Chaoyi\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logsmbam-log-2014-01-11 (11-26-23).txt File Size: 1894 BYTESmbam-log-2014-01-23 (17-12-18).txt File Size: 1896 BYTESmbam-log-2014-02-24 (15-37-02).txt File Size: 1878 BYTESmbam-log-2014-02-24 (16-51-19).txt File Size: 1880 BYTESmbam-log-2014-02-24 (17-31-15).txt File Size: 1866 BYTES C:\Users\Chaoyi\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malwarerules.ref File Size: 7345016 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configurationbuild.conf File Size: 140 BYTESconfig.conf File Size: 4076 BYTEScustom.conf File Size: 20 BYTESdatabase.conf File Size: 432 BYTEShtml.conf File Size: 2904 BYTESlocal.conf File Size: 812 BYTESmanifest.conf File Size: 1752 BYTESmessaging.conf File Size: 1430 BYTESnews.conf File Size: 265 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logsprotection-log-2014-01-06.txt File Size: 2158 BYTESprotection-log-2014-01-07.txt File Size: 2158 BYTESprotection-log-2014-01-09.txt File Size: 996 BYTESprotection-log-2014-01-10.txt File Size: 3616 BYTESprotection-log-2014-01-11.txt File Size: 11728 BYTESprotection-log-2014-01-12.txt File Size: 1506 BYTESprotection-log-2014-01-13.txt File Size: 25406 BYTESprotection-log-2014-01-14.txt File Size: 996 BYTESprotection-log-2014-01-15.txt File Size: 652 BYTESprotection-log-2014-01-16.txt File Size: 996 BYTESprotection-log-2014-01-17.txt File Size: 690 BYTESprotection-log-2014-01-18.txt File Size: 2406 BYTESprotection-log-2014-01-19.txt File Size: 2402 BYTESprotection-log-2014-01-20.txt File Size: 6218 BYTESprotection-log-2014-01-21.txt File Size: 1456 BYTESprotection-log-2014-01-22.txt File Size: 2994 BYTESprotection-log-2014-01-23.txt File Size: 22526 BYTESprotection-log-2014-01-24.txt File Size: 34482 BYTESprotection-log-2014-01-25.txt File Size: 4208 BYTESprotection-log-2014-01-26.txt File Size: 996 BYTESprotection-log-2014-01-27.txt File Size: 2152 BYTESprotection-log-2014-01-29.txt File Size: 996 BYTESprotection-log-2014-01-31.txt File Size: 996 BYTESprotection-log-2014-02-03.txt File Size: 1236 BYTESprotection-log-2014-02-07.txt File Size: 4332 BYTESprotection-log-2014-02-08.txt File Size: 2646 BYTESprotection-log-2014-02-09.txt File Size: 472 BYTESprotection-log-2014-02-10.txt File Size: 996 BYTESprotection-log-2014-02-11.txt File Size: 2166 BYTESprotection-log-2014-02-14.txt File Size: 1704 BYTESprotection-log-2014-02-16.txt File Size: 4164 BYTESprotection-log-2014-02-18.txt File Size: 912 BYTESprotection-log-2014-02-21.txt File Size: 1998 BYTESprotection-log-2014-02-23.txt File Size: 6726 BYTESprotection-log-2014-02-24.txt File Size: 11732 BYTESprotection-log-2014-02-25.txt File Size: 12072 BYTESprotection-log-2014-02-26.txt File Size: 13174 BYTESprotection-log-2014-02-27.txt File Size: 11000 BYTESprotection-log-2014-02-28.txt File Size: 13234 BYTESprotection-log-2014-03-01.txt File Size: 26510 BYTESprotection-log-2014-03-02.txt File Size: 12226 BYTESprotection-log-2014-03-03.txt File Size: 26804 BYTESprotection-log-2014-03-04.txt File Size: 10338 BYTESprotection-log-2014-03-05.txt File Size: 8648 BYTESprotection-log-2014-03-06.txt File Size: 13174 BYTESprotection-log-2014-03-07.txt File Size: 15480 BYTESprotection-log-2014-03-08.txt File Size: 18610 BYTESprotection-log-2014-03-09.txt File Size: 15622 BYTESprotection-log-2014-03-10.txt File Size: 14074 BYTESprotection-log-2014-03-11.txt File Size: 11770 BYTESprotection-log-2014-03-12.txt File Size: 8568 BYTESprotection-log-2014-03-13.txt File Size: 10742 BYTESprotection-log-2014-03-14.txt File Size: 3446 BYTES C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine ===============================================================END OF FILE FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Chaoyi (administrator) on ONYX on 14-03-2014 17:43:35Running from C:\Users\Chaoyi\DownloadsWindows 8.1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version:Download link for 64-Bit Version:Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe(AMD) C:\WINDOWS\system32\atiesrxx.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(AMD) C:\WINDOWS\system32\atieclxx.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe(Microsoft Corporation) C:\Windows\System32\skydrive.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Oracle Corporation) D:\Programs\Netbeans 8.0\NetBeans 8.0 Beta\bin\netbeans64.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe() D:\Chaoyi\hexchat\hexchat.exe(Don HO don.h@free.fr) C:\Users\Chaoyi\Downloads\npp.6.5.3.bin\notepad++.exe(Google) C:\Users\Chaoyi\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\WINDOWS\SysWOW64\NOTEPAD.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-29] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)HKU\S-1-5-21-2003096260-2618070249-4292722047-1002\...\Run: [Google Update] - C:\Users\Chaoyi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-02] (Google Inc.) Continues on next post (too long) Addition.txt
  7. I cannot add exceptions on the Free version. Also, the problems persist even if BD is closed.
  8. I am using BD free. If there is not a solution, I'll uninstall BD and get CIS again.
  9. I don't want to uninstall Malwarebytes, though (I bought pro)
  10. Hello. I have recently installed Bitdefender on my PC (comodo & MBAM were having problems). I uninstalled Comodo CIS and got Bitdefender Free AV. After installing BD, some programs wouldn't run correctly. They produce an error about a certain BD module. I emailed BD Support, and they told me that MBAM was interfering with their product.
  11. A protection log 2013/12/20 15:23:12 -0500 FAMILY Chaoyi MESSAGE Executing scheduled update: On Reboot2013/12/20 15:23:24 -0500 FAMILY Chaoyi MESSAGE Starting protection2013/12/20 15:23:24 -0500 FAMILY Chaoyi MESSAGE Protection started successfully2013/12/20 15:23:24 -0500 FAMILY Chaoyi MESSAGE Starting IP protection2013/12/20 15:23:44 -0500 FAMILY Chaoyi MESSAGE IP Protection started successfully2013/12/20 15:26:43 -0500 FAMILY Chaoyi MESSAGE Executing scheduled update: On Reboot2013/12/20 15:26:58 -0500 FAMILY Chaoyi MESSAGE Starting protection2013/12/20 15:26:58 -0500 FAMILY Chaoyi MESSAGE Protection started successfully2013/12/20 15:26:58 -0500 FAMILY Chaoyi MESSAGE Starting IP protection2013/12/20 15:27:14 -0500 FAMILY Chaoyi MESSAGE IP Protection started successfully2013/12/20 15:31:16 -0500 FAMILY Chaoyi MESSAGE Executing scheduled update: On Reboot2013/12/20 15:31:29 -0500 FAMILY Chaoyi MESSAGE Starting protection2013/12/20 15:31:29 -0500 FAMILY Chaoyi MESSAGE Protection started successfully2013/12/20 15:31:29 -0500 FAMILY Chaoyi MESSAGE Starting IP protection2013/12/20 15:31:48 -0500 FAMILY Chaoyi MESSAGE IP Protection started successfully2013/12/20 15:33:35 -0500 FAMILY Chaoyi MESSAGE Starting database refresh2013/12/20 15:33:35 -0500 FAMILY Chaoyi MESSAGE Stopping IP protection2013/12/20 15:33:35 -0500 FAMILY Chaoyi MESSAGE Scheduled update executed successfully: database updated from version v2013.12.19.11 to version v2013.12.20.072013/12/20 15:33:36 -0500 FAMILY Chaoyi MESSAGE IP Protection stopped successfully2013/12/20 15:33:44 -0500 FAMILY Chaoyi MESSAGE Database refreshed successfully2013/12/20 15:33:44 -0500 FAMILY Chaoyi MESSAGE Starting IP protection2013/12/20 15:33:57 -0500 FAMILY Chaoyi MESSAGE IP Protection started successfully another log 2013/07/17 08:18:00 -0400 FAMILY Chaoyi MESSAGE Starting protection2013/07/17 08:18:00 -0400 FAMILY Chaoyi MESSAGE Protection started successfully2013/07/17 08:18:00 -0400 FAMILY Chaoyi MESSAGE Starting IP protection2013/07/17 08:18:25 -0400 FAMILY Chaoyi MESSAGE IP Protection started successfully2013/07/17 08:45:23 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:23 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:23 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:23 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:39 -0400 FAMILY Chaoyi IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:39 -0400 FAMILY Chaoyi IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:39 -0400 FAMILY Chaoyi IP-BLOCK 88.86.119.233 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:48 -0400 FAMILY Chaoyi IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:48 -0400 FAMILY Chaoyi IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:48 -0400 FAMILY Chaoyi IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:48 -0400 FAMILY Chaoyi IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:48 -0400 FAMILY Chaoyi IP-BLOCK 91.211.116.14 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:48 -0400 FAMILY Chaoyi IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 08:45:49 -0400 FAMILY Chaoyi IP-BLOCK 83.222.109.45 (Type: outgoing, Port: 62983, Process: hl2.exe)2013/07/17 09:02:50 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.27 (Type: outgoing, Port: 64618, Process: hl2.exe)2013/07/17 09:02:50 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.129 (Type: outgoing, Port: 64618, Process: hl2.exe)2013/07/17 09:02:50 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 64618, Process: hl2.exe)2013/07/17 09:02:50 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.33 (Type: outgoing, Port: 64618, Process: hl2.exe)2013/07/17 09:02:50 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 64618, Process: hl2.exe)2013/07/17 09:10:39 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.27 (Type: outgoing, Port: 62918, Process: hl2.exe)2013/07/17 09:10:39 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.129 (Type: outgoing, Port: 62918, Process: hl2.exe)2013/07/17 09:10:39 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 62918, Process: hl2.exe)2013/07/17 09:10:39 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.33 (Type: outgoing, Port: 62918, Process: hl2.exe)2013/07/17 09:10:39 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 62918, Process: hl2.exe)2013/07/17 09:20:38 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update: Hourly | Silent2013/07/17 09:21:41 -0400 FAMILY Chaoyi MESSAGE Scheduled update executed successfully: database updated from version v2013.07.16.08 to version v2013.07.17.042013/07/17 09:21:42 -0400 FAMILY Chaoyi MESSAGE Starting database refresh2013/07/17 09:21:42 -0400 FAMILY Chaoyi MESSAGE Stopping IP protection2013/07/17 09:21:43 -0400 FAMILY Chaoyi MESSAGE IP Protection stopped successfully2013/07/17 09:22:25 -0400 FAMILY Chaoyi MESSAGE Database refreshed successfully2013/07/17 09:22:25 -0400 FAMILY Chaoyi MESSAGE Starting IP protection2013/07/17 09:24:00 -0400 FAMILY Chaoyi MESSAGE IP Protection started successfully2013/07/17 09:32:00 -0400 FAMILY Chaoyi MESSAGE Executing scheduled scan: Flash Scan | Daily | Silent | -remove | -terminate | -log2013/07/17 09:32:02 -0400 FAMILY Chaoyi MESSAGE Scheduled scan executed successfully2013/07/17 10:16:27 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update: Hourly | Silent2013/07/17 10:16:35 -0400 FAMILY Chaoyi MESSAGE Database already up-to-date2013/07/17 11:04:30 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update: Hourly | Silent2013/07/17 11:04:50 -0400 FAMILY Chaoyi MESSAGE Starting database refresh2013/07/17 11:04:50 -0400 FAMILY Chaoyi MESSAGE Stopping IP protection2013/07/17 11:04:50 -0400 FAMILY Chaoyi MESSAGE Scheduled update executed successfully: database updated from version v2013.07.17.04 to version v2013.07.17.052013/07/17 11:04:51 -0400 FAMILY Chaoyi MESSAGE IP Protection stopped successfully2013/07/17 11:05:00 -0400 FAMILY Chaoyi MESSAGE Database refreshed successfully2013/07/17 11:05:00 -0400 FAMILY Chaoyi MESSAGE Starting IP protection2013/07/17 11:05:15 -0400 FAMILY Chaoyi MESSAGE IP Protection started successfully2013/07/17 12:05:23 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update: Hourly | Silent2013/07/17 12:05:31 -0400 FAMILY Chaoyi MESSAGE Database already up-to-date2013/07/17 12:06:05 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.129 (Type: outgoing, Port: 49954, Process: hl2.exe)2013/07/17 12:06:05 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 49954, Process: hl2.exe)2013/07/17 12:06:05 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 49954, Process: hl2.exe)2013/07/17 12:06:05 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.59 (Type: outgoing, Port: 49954, Process: hl2.exe)2013/07/17 12:06:06 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 49954, Process: hl2.exe)2013/07/17 12:06:06 -0400 FAMILY Chaoyi IP-BLOCK 66.150.164.227 (Type: outgoing, Port: 49954, Process: hl2.exe)2013/07/17 12:25:19 -0400 FAMILY Chaoyi IP-BLOCK 117.21.224.24 (Type: outgoing, Port: 56813, Process: avastsvc.exe)2013/07/17 12:25:19 -0400 FAMILY Chaoyi IP-BLOCK 117.21.224.24 (Type: outgoing, Port: 56814, Process: avastsvc.exe)2013/07/17 12:27:22 -0400 FAMILY Chaoyi IP-BLOCK 117.21.224.24 (Type: outgoing, Port: 56871, Process: avastsvc.exe)2013/07/17 12:27:22 -0400 FAMILY Chaoyi IP-BLOCK 117.21.224.24 (Type: outgoing, Port: 56872, Process: avastsvc.exe)2013/07/17 12:58:32 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update: Hourly | Silent2013/07/17 12:59:07 -0400 FAMILY Chaoyi MESSAGE Starting database refresh2013/07/17 12:59:07 -0400 FAMILY Chaoyi MESSAGE Stopping IP protection2013/07/17 12:59:07 -0400 FAMILY Chaoyi MESSAGE Scheduled update executed successfully: database updated from version v2013.07.17.05 to version v2013.07.17.062013/07/17 12:59:08 -0400 FAMILY Chaoyi MESSAGE IP Protection stopped successfully2013/07/17 12:59:37 -0400 FAMILY Chaoyi MESSAGE Database refreshed successfully2013/07/17 12:59:37 -0400 FAMILY Chaoyi MESSAGE Starting IP protection2013/07/17 13:00:03 -0400 FAMILY Chaoyi MESSAGE IP Protection started successfully2013/07/17 13:57:39 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update: Hourly | Silent2013/07/17 13:57:45 -0400 FAMILY Chaoyi MESSAGE Database already up-to-date2013/07/17 15:19:22 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update: Hourly | Silent2013/07/17 15:19:52 -0400 FAMILY Chaoyi MESSAGE Scheduled update executed successfully: database updated from version v2013.07.17.06 to version v2013.07.17.072013/07/17 15:19:52 -0400 FAMILY Chaoyi MESSAGE Starting database refresh2013/07/17 15:19:52 -0400 FAMILY Chaoyi MESSAGE Stopping IP protection2013/07/17 15:19:52 -0400 FAMILY Chaoyi MESSAGE IP Protection stopped successfully2013/07/17 15:20:03 -0400 FAMILY Chaoyi MESSAGE Database refreshed successfully2013/07/17 15:20:03 -0400 FAMILY Chaoyi MESSAGE Starting IP protection2013/07/17 15:20:18 -0400 FAMILY Chaoyi MESSAGE IP Protection started successfully2013/07/17 16:05:06 -0400 FAMILY Chaoyi MESSAGE Executing scheduled update: Hourly | Silent2013/07/17 16:05:09 -0400 FAMILY Chaoyi MESSAGE Database already up-to-date2013/07/17 18:24:54 -0400 FAMILY (null) MESSAGE Executing scheduled update: Hourly | Silent2013/07/17 19:30:24 -0400 FAMILY (null) MESSAGE Starting database refresh2013/07/17 19:30:24 -0400 FAMILY (null) MESSAGE Stopping IP protection2013/07/17 19:30:24 -0400 FAMILY (null) MESSAGE Scheduled update executed successfully: database updated from version v2013.07.17.07 to version v2013.07.17.082013/07/17 19:30:25 -0400 FAMILY (null) MESSAGE IP Protection stopped successfully2013/07/17 19:30:42 -0400 FAMILY Jun MESSAGE Database refreshed successfully2013/07/17 19:30:42 -0400 FAMILY Jun MESSAGE Starting IP protection2013/07/17 19:31:50 -0400 FAMILY Jun MESSAGE IP Protection started successfully2013/07/17 20:15:57 -0400 FAMILY Jun MESSAGE Executing scheduled update: Hourly | Silent2013/07/17 20:17:24 -0400 FAMILY Jun MESSAGE Scheduled update executed successfully: database updated from version v2013.07.17.08 to version v2013.07.17.092013/07/17 20:17:24 -0400 FAMILY Jun MESSAGE Starting database refresh2013/07/17 20:17:24 -0400 FAMILY Jun MESSAGE Stopping IP protection2013/07/17 20:17:25 -0400 FAMILY Jun MESSAGE IP Protection stopped successfully2013/07/17 20:17:37 -0400 FAMILY Jun MESSAGE Database refreshed successfully2013/07/17 20:17:37 -0400 FAMILY Jun MESSAGE Starting IP protection2013/07/17 20:17:53 -0400 FAMILY Jun MESSAGE IP Protection started successfully2013/07/17 22:16:27 -0400 FAMILY Jun MESSAGE Executing scheduled update: Hourly | Silent2013/07/17 22:16:32 -0400 FAMILY Jun MESSAGE Database already up-to-date attach.txt CheckResults.txt dds.txt
  12. I've gotten Malwarebytes PRO and Comodo CIS around the same time. CIS 5 never had problems with MBAM, but after their 6.0 update, MBAM caused delayed execution of CIS and many other problems with the software. I reinstalled CIS many times, but the problem persists. I also had problems logging in or displaying the desktop. After I disabled MBAM Update, many of those problems were resolved. After I disabled MBAM, everything seems a lot better now. No more delayed start/logon problems.
  13. Malwarebytes Antimalware constantly takes up about 40% CPU, causing my computer to respond very very slowly. It's becoming an issue because it's interfering with my computer running. How do I stop this?
  14. Hello, I changed the start icon using W7SBC, which modified Explorer.EXE. Do you think the tool had a malicious intent? It seems like a widely used tool for modding the start menu.
  15. Hello. Thanks for the reply. RKILL - Rkill 2.6.1 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2013 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/06/2013 03:47:38 PM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Possibly Patched Files. * C:\Windows\Explorer.EXE Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * C:\Windows\explorer.exe : 2,388,992 : 02/25/2011 02:19 AM : 29564073873cd84b4ff1f393e069ddf1 [NoSig] +-> C:\Windows\SysWOW64\explorer.exe : 2,616,320 : 02/25/2011 01:30 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe : 2,872,320 : 11/20/2010 11:24 PM : ac4c51eb24aa95b77f705ab159189e24 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe : 2,871,808 : 02/25/2011 02:19 AM : 332feab1435662fc6c672e25beb37be3 [Pos Repl] +-> C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe : 2,871,808 : 02/26/2011 02:14 AM : 3b69712041f3d63605529bd66dc00c48 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe : 2,616,320 : 11/20/2010 11:24 PM : 40d777b7a95e00593eb1568c68514493 [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe : 2,616,320 : 02/25/2011 01:30 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl] +-> C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe : 2,616,320 : 02/26/2011 01:19 AM : 0fb9c74046656d1579a64660ad67b746 [Pos Repl] Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost 127.0.0.1 ad.doubleclick.net 2 out of 2 HOSTS entries shown. Program finished at: 09/06/2013 03:52:55 PMExecution time: 0 hours(s), 5 minute(s), and 17 seconds(s) Roguekiller - no report found. The program only created a folder called RK_Quarantine with a file called RogueKiller.ini in it.
  16. I have been advised by AdvancedSetup to create a post here, because he thinks my computer is showing signs of infection. Here are my DDS logs: ADDITIONAL INFO: I use Prey Antitheft (uses cronservice, bash, curl) , and QQ (QQProtect.sys and QQProtect.exe are from this program) which is a legitimate program that uses a QQProtect.sys to protect account information from being stolen by keyloggers. I use Comodo internet security and MBAM Pro. =========================================================================================== attach.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 8/17/2011 9:50:42 AMSystem Uptime: 9/5/2013 8:19:20 AM (6 hours ago).Motherboard: Hewlett-Packard | | 3577Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 284 GiB total, 97.655 GiB free.D: is FIXED (NTFS) - 14 GiB total, 1.712 GiB free.E: is CDROM ()F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.H: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP402: 8/8/2013 8:10:01 AM - Removed Adobe StoryRP403: 8/8/2013 8:18:10 AM - Removed Skype Click to CallRP404: 8/8/2013 8:20:17 AM - Removed RoxioNow Player.RP405: 8/8/2013 8:26:31 AM - Removed Microsoft Office Standard Edition 2003RP406: 8/8/2013 8:57:27 AM - Removed Facebook Video Calling 1.2.0.287RP407: 8/14/2013 11:21:34 PM - Windows UpdateRP408: 8/22/2013 11:21:17 PM - Windows UpdateRP409: 8/31/2013 2:26:21 PM - Scheduled CheckpointRP410: 9/2/2013 6:27:14 PM - Device Driver Package Install: TAP-Win32 Provider V9 Network adaptersRP411: 9/4/2013 7:42:40 PM - Removed BlueStacks Notification Center.==== Installed Programs ======================.??????? 2.7??QQ2013µTorrentAdobe AIRAdobe Download AssistantAdobe Dreamweaver CS6Adobe Edge AnimateAdobe Flash Builder 4.5Adobe Flash Catalyst CS5.5Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Help ManagerAdobe Photoshop CS5.1Adobe Premiere Pro CS6Adobe Reader XI (11.0.03)Adobe Shockwave Player 11.5Adobe Shockwave Player 12.0Adobe Widget BrowserAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD FuelAMD Media Foundation DecodersAMD Steady Video Plug-In AMD VISION Engine Control CenterAudacity 1.3.13 (Unicode)Autodesk Backburner 2008.1Autodesk Material Library 2012Autodesk Material Library Base Resolution Image Library 2012blBuild Tools - amd64Build Tools - x86Build Tools Language Resources - amd64Build Tools Language Resources - x86Catalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCOMODO Internet SecurityCOMODO Programs ManagerCyberGhost VPNCyberLink YouCamD3DX10Dev-C++ 5 beta 9 release (4.9.9.2)Energy Star Digital LogoEntity Framework Tools for Visual Studio 2013 PreviewESU for Microsoft Windows 7FileZilla Client 3.5.3Google ChromeGoogle DriveGoogle EarthGoogle Talk PluginGoogle Update HelperHewlett-Packard ACLM.NET v1.2.1.1Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)HP AutoHP Client ServicesHP CloudDriveHP Customer Experience EnhancementsHP DocumentationHP On Screen DisplayHP Power ManagerHP Quick LaunchHP SetupHP Setup ManagerHP Software FrameworkHP Support AssistantHP Wireless AssistantHyperCam 2Java 7 Update 25Java Auto UpdaterJava™ 7 (64-bit)Java™ SE Development Kit 7 (64-bit)JavaFX 2.0 (64-bit)join.meJunk Mail filter updateMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4 Multi-Targeting PackMicrosoft .NET Framework 4.5 Multi-Targeting PackMicrosoft .NET Framework 4.5 SDKMicrosoft .NET Framework 4.5.1 PreviewMicrosoft .NET Framework 4.5.1 Preview Multi-Targeting PackMicrosoft .NET Framework 4.5.1 Preview Multi-Targeting Pack (ENU)Microsoft .NET Framework 4.5.1 Preview SDKMicrosoft Application Error ReportingMicrosoft C++ REST SDK for Visual Studio 2013 PreviewMicrosoft Help Viewer 2.1Microsoft Mouse and Keyboard CenterMicrosoft NuGet - Visual Studio Express 2013 Preview for Windows DesktopMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office File Validation Add-InMicrosoft Office Proofing Tools 2013 Preview - Chinese (Simplified)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)Microsoft Office Starter 2010 - EnglishMicrosoft Office Visual Web Developer 2007Microsoft Office Visual Web Developer MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2008 Management ObjectsMicrosoft SQL Server 2012 Command Line Utilities Microsoft SQL Server 2012 Data-Tier App Framework Microsoft SQL Server 2012 Data-Tier App Framework (x64)Microsoft SQL Server 2012 Express LocalDB Microsoft SQL Server 2012 Management Objects Microsoft SQL Server 2012 Management Objects (x64)Microsoft SQL Server 2012 Native Client Microsoft SQL Server 2012 T-SQL Language Service Microsoft SQL Server 2012 Transact-SQL Compiler Service Microsoft SQL Server 2012 Transact-SQL ScriptDom Microsoft SQL Server Compact 4.0 SP1 x64 ENUMicrosoft SQL Server Data Tools - enu (12.0.30529.0)Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30529.0)Microsoft SQL Server Database Publishing Wizard 1.3Microsoft System CLR Types for SQL Server 2012Microsoft System CLR Types for SQL Server 2012 (x64)Microsoft Team Foundation Server 2013 Preview Object Model (x64)Microsoft Team Foundation Server 2013 Preview Object Model Language Pack (x64) - ENUMicrosoft Visual C++ x64 LibrariesMicrosoft Visual C++ x86 LibrariesMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2013 32bit Compilers - ENU ResourcesMicrosoft Visual C++ 2013 Core LibrariesMicrosoft Visual C++ 2013 x64 Additional Runtime - 12.0.20617Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.20617Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.20617Microsoft Visual C++ 2013 x86-x64 CompilersMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.20617Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENUMicrosoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)Microsoft Visual Studio 2013 Express Prerequisites x64 - ENUMicrosoft Visual Studio 2013 Preview PreparationMicrosoft Visual Studio 2013 Preview Shell (Minimum) ResourcesMicrosoft Visual Studio 2013 Preview Team Explorer Language Pack - ENUMicrosoft Visual Studio 2013 Shell (Minimum)Microsoft Visual Studio 2013 Shell (Minimum) Interop AssembliesMicrosoft Visual Studio Express 2013 Preview for Windows DesktopMicrosoft Visual Studio Express 2013 Preview for Windows Desktop - ENUMicrosoft Visual Studio Ultimate 2013 Preview XAML UI Designer CoreMicrosoft Visual Studio Ultimate 2013 Preview XAML UI Designer enu ResourcesMicrosoft Visual Studio Web Authoring ComponentMicrosoft Windows SDK for Visual Studio 2008 Headers and LibrariesMicrosoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enuMicrosoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enuMicrosoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32Microsoft WSE 3.0 RuntimeMicrosoft XNA Framework Redistributable 4.0Microsoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Microsoft_VC90_MFCLOC_x86Microsoft_VC90_MFCLOC_x86_x64MorphVOX JuniorMozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT RedistsMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Notepad++OpenALOpenOffice 4.0.0Oracle VM VirtualBox 4.2.14phPictureMoverPlayReady PC Runtime x86Prerequisites for SSDT Realtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek PCIE Card ReaderREALTEK Wireless LAN DriverRecovery ManagerResource Hacker Version 3.6.0SAMSUNG Mobile Modem Driver SetSamsung Mobile phone USB driver Drive SoftwareSAMSUNG Mobile USB Modem 1.0 SoftwareSAMSUNG Mobile USB Modem SoftwareSecurity Update for 2007 Microsoft Office System (KB2288621)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office system 2007 (KB974234)Skype™ 6.6SQL Server System CLR TypesSteamswMSMSynaptics Pointing Device DriverTeam Explorer for Microsoft Visual Studio 2013 PreviewTeam Fortress 2TeamViewer 8Tencent QQMail PluginTerrariaTI Connect 1.6UnityUnity Web PlayerUpdate for (KB2504637)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 System (KB2539530)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Visual Studio Web Authoring Component (KB945140)VC 9.0 RuntimeVLC media player 2.0.7WampServer 2.4Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Software Development KitWindows Software Development Kit DirectX x64 RemoteWindows Software Development Kit DirectX x86 RemoteWindows Software Development Kit for Windows Store AppsWindows Software Development Kit for Windows Store Apps DirectX x64 RemoteWindows Software Development Kit for Windows Store Apps DirectX x86 RemoteWindows XP Targeting with C++WinPcap 4.1.3WinRAR 4.01 (64-bit)WinSCP 4.3.7Yahoo! Detect.==== Event Viewer Messages From Past Week ========.9/5/2013 8:04:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: lqffzi nmfmfx9/5/2013 8:03:44 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 1269/4/2013 8:43:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.9/4/2013 3:43:50 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.9/4/2013 3:41:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.9/4/2013 3:41:12 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/4/2013 3:39:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.9/4/2013 3:39:54 PM, Error: Service Control Manager [7000] - The HP Wireless Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/4/2013 3:39:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.9/4/2013 3:39:23 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/3/2013 4:27:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.9/3/2013 4:27:51 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/2/2013 6:11:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.9/2/2013 6:11:30 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/2/2013 6:11:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}9/2/2013 2:38:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Client Services service to connect.9/2/2013 2:37:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Cron Service for Prey service to connect.9/2/2013 2:37:31 PM, Error: Service Control Manager [7000] - The Cron Service for Prey service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/2/2013 1:39:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.9/1/2013 11:42:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service..==== End Of File =========================== DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2Run by Chaoyi at 14:14:22 on 2013-09-05Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5739.2579 [GMT -4:00].AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exeC:\Program Files\COMODO\COMODO Programs Manager\CPMService.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Prey\platform\windows\cronsvc.exeC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\svchost.exe -k rpcssC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Program Files\COMODO\COMODO Internet Security\cistray.exeC:\Windows\system32\taskeng.exec:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exec:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\COMODO\COMODO Internet Security\cis.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Chaoyi\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exeC:\Program Files\COMODO\COMODO Internet Security\cavwp.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Steam\steam.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\taskmgr.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exeC:\Program Files (x86)\TeamViewer\Version8\tv_w32.exeC:\Program Files (x86)\TeamViewer\Version8\tv_x64.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\COMODO\COMODO Internet Security\cmdupd.exeC:\Program Files\COMODO\COMODO Internet Security\cavwp.exeC:\Windows\system32\mspaint.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============. mWinlogon: Userinit = userinit.exe,BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dllBHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [Google Update] "C:\Users\Chaoyi\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exemRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TCP: NameServer = 192.168.1.1 71.242.0.12TCP: Interfaces\{E8721538-F1C4-4B17-8865-DC458AB22254} : NameServer = 156.154.70.22,156.154.71.22TCP: Interfaces\{E8721538-F1C4-4B17-8865-DC458AB22254} : DHCPNameServer = 192.168.1.1 71.242.0.12TCP: Interfaces\{E8721538-F1C4-4B17-8865-DC458AB22254}\160747023223 : DHCPNameServer = 68.87.71.230 68.87.73.246TCP: Interfaces\{E8721538-F1C4-4B17-8865-DC458AB22254}\3416464697026427F6E647445637B6 : DHCPNameServer = 68.87.71.226 68.87.73.242TCP: Interfaces\{F8D0A969-58AE-4F21-8BC0-B9611490A39C} : NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F8D0A969-58AE-4F21-8BC0-B9611490A39C} : DHCPNameServer = 192.168.1.1 71.242.0.12Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllFilter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: <No Name>: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - LocalServer32 - <no file>x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>x64-BHO: <No Name>: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - LocalServer32 - <no file>x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hiddenx64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Chaoyi\AppData\Roaming\Mozilla\Firefox\Profiles\lusfwtte.default\FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dllFF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dllFF - plugin: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dllFF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.22\Bin\npSSOAxCtrlForPTLogin.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dllFF - plugin: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dllFF - plugin: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dllFF - plugin: C:\Program Files (x86)\Tencent\Qzone\Ver_247.312\npQQPhotoDrawEx.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Chaoyi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Users\Chaoyi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Users\Chaoyi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Chaoyi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\Chaoyi\AppData\Roaming\Mozilla\plugins\npo1d.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-11-11 77952]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-11-11 37504]R0 cumon;cumon;C:\Windows\System32\drivers\cumon.sys [2013-5-27 205512]R0 Evdd;Evdd;C:\Windows\System32\drivers\evdd.sys [2013-5-27 19568]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-20 56208]R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-4-15 23168]R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-4-15 708632]R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-4-15 48360]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-4 98208]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-5-21 105144]R2 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158936]R2 CPMService;COMODO Programs Manager Service;C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe [2011-9-5 116032]R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2013-5-8 23552]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-6-4 1817088]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-29 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-29 701512]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-6-4 46136]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-3-23 31088]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-29 25928]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-6-4 335464]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-6-4 878184]R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2012-7-31 38992]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-6-4 44672]R3 vdbus;Virtual Disk Bus Enumerator;C:\Windows\System32\drivers\vdbus.sys [2012-8-9 740080]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-5-21 124088]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2013-9-2 2438696]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-8 4153184]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-6-21 106256]S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-6-16 87648]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-19 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== File Associations ===============.FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1".=============== Created Last 30 ================.2013-09-04 23:29:11 -------- d-----w- C:\ProgramData\BlueStacksSetup2013-09-03 20:06:16 5191704 ----a-w- C:\Windows\System32\GooglePinyin2.ime2013-09-03 20:06:16 3460120 ----a-w- C:\Windows\SysWow64\GooglePinyin2.ime2013-09-03 00:42:27 -------- d-----w- C:\Users\Chaoyi\AppData\Roaming\OpenOffice2013-09-03 00:15:11 -------- d-----w- C:\Users\Chaoyi\AppData\Local\Tencent2013-09-03 00:13:36 -------- d-----w- C:\Program Files (x86)\QQMailPlugin2013-09-03 00:10:20 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent2013-09-03 00:09:59 -------- d-----w- C:\Program Files (x86)\Tencent2013-09-03 00:02:27 -------- d-----w- C:\ProgramData\Tencent2013-09-03 00:02:08 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll2013-09-03 00:02:06 -------- d-----w- C:\Users\Chaoyi\AppData\Roaming\Tencent2013-09-02 22:26:44 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys2013-09-02 22:26:40 -------- d-----w- C:\Program Files\CyberGhost VPN2013-08-21 23:27:20 -------- d-----w- C:\Windows\PCHEALTH2013-08-21 23:27:20 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client2013-08-15 02:37:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-08-15 02:37:58 2048 ----a-w- C:\Windows\System32\tzres.dll2013-08-15 02:35:57 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys2013-08-15 02:35:57 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys.==================== Find3M ====================.2013-09-05 18:04:18 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-12 16:30:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-12 16:30:41 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-07-08 20:59:52 708632 ----a-w- C:\Windows\System32\drivers\cmdguard.sys2013-06-27 17:07:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-27 17:06:53 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll2013-06-27 17:06:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-06-21 20:01:34 238352 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys2013-06-21 20:00:16 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll2013-06-21 20:00:16 146704 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys2013-06-21 20:00:16 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys2013-06-21 20:00:16 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys2013-06-21 20:00:16 106256 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys2013-06-18 15:16:09 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys2013-06-18 15:16:07 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys2013-06-18 15:15:49 43216 ----a-w- C:\Windows\System32\cmdcsr.dll2013-06-18 15:15:47 348584 ----a-w- C:\Windows\SysWow64\guard32.dll2013-06-18 15:15:46 437688 ----a-w- C:\Windows\System32\guard64.dll2013-06-18 15:15:38 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll2013-06-18 15:15:38 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll2013-06-18 15:15:35 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll2013-06-18 15:15:34 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll2013-06-16 23:20:18 967248 ----a-w- C:\Windows\System32\msvcr120.dll2013-06-15 23:12:58 78440 ----a-w- C:\Windows\System32\VSD3DRefDebug.dll2013-06-15 23:12:46 759408 ----a-w- C:\Windows\System32\d3d11ref.dll2013-06-15 23:12:46 748648 ----a-w- C:\Windows\System32\d3d11sdklayers.dll2013-06-15 23:12:46 622192 ----a-w- C:\Windows\System32\d3d10sdklayers.dll2013-06-15 23:12:46 491624 ----a-w- C:\Windows\System32\d3dref9.dll2013-06-15 23:12:46 486504 ----a-w- C:\Windows\System32\d2d1debug2.dll2013-06-15 23:12:46 458864 ----a-w- C:\Windows\System32\d3d10ref.dll2013-06-15 23:12:46 246384 ----a-w- C:\Windows\System32\dxcpl.exe2013-06-15 23:12:46 141416 ----a-w- C:\Windows\System32\dxgidebug.dll2013-06-15 23:12:46 1227376 ----a-w- C:\Windows\System32\d3d11_2sdklayers.dll2013-06-15 22:19:24 60528 ----a-w- C:\Windows\SysWow64\VSD3DRefDebug.dll2013-06-15 22:19:14 627824 ----a-w- C:\Windows\SysWow64\d3d11ref.dll2013-06-15 22:19:14 475752 ----a-w- C:\Windows\SysWow64\d3d10sdklayers.dll2013-06-15 22:19:14 383080 ----a-w- C:\Windows\SysWow64\d3dref9.dll2013-06-15 22:19:14 365160 ----a-w- C:\Windows\SysWow64\d3d10ref.dll2013-06-15 22:19:14 353896 ----a-w- C:\Windows\SysWow64\d2d1debug2.dll2013-06-15 22:19:14 110696 ----a-w- C:\Windows\SysWow64\dxgidebug.dll2013-06-15 22:19:12 945264 ----a-w- C:\Windows\SysWow64\d3d11_2sdklayers.dll2013-06-15 22:19:12 596080 ----a-w- C:\Windows\SysWow64\d3d11sdklayers.dll2013-06-15 22:19:12 234096 ----a-w- C:\Windows\SysWow64\dxcpl.exe2013-06-15 19:49:36 6179552 ----a-w- C:\Windows\System32\dxcapturereplay.dll2013-06-15 19:47:10 76288 ----a-w- C:\Windows\System32\vsd3dwarpdebug.dll2013-06-15 19:42:54 149216 ----a-w- C:\Windows\System32\dxtoolsmonitor.dll2013-06-15 19:08:24 4490976 ----a-w- C:\Windows\SysWow64\dxcapturereplay.dll2013-06-15 19:06:34 57344 ----a-w- C:\Windows\SysWow64\vsd3dwarpdebug.dll2013-06-15 19:03:22 109280 ----a-w- C:\Windows\SysWow64\dxtoolsmonitor.dll.============= FINISH: 14:17:08.28 ===============
  17. Hello AdvancedSetup! Thanks for your prompt reply. QQProtect.sys and it's dependencies are not malware, and it's a very popular program that's used in China. (if that's the issue) I'll create a post and request some help on this. Thanks.
  18. Apologize for the very late reply. School just started, very very busy. attach.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 8/17/2011 9:50:42 AMSystem Uptime: 9/5/2013 8:19:20 AM (6 hours ago).Motherboard: Hewlett-Packard | | 3577Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 284 GiB total, 97.655 GiB free.D: is FIXED (NTFS) - 14 GiB total, 1.712 GiB free.E: is CDROM ()F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.H: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP402: 8/8/2013 8:10:01 AM - Removed Adobe StoryRP403: 8/8/2013 8:18:10 AM - Removed Skype Click to CallRP404: 8/8/2013 8:20:17 AM - Removed RoxioNow Player.RP405: 8/8/2013 8:26:31 AM - Removed Microsoft Office Standard Edition 2003RP406: 8/8/2013 8:57:27 AM - Removed Facebook Video Calling 1.2.0.287RP407: 8/14/2013 11:21:34 PM - Windows UpdateRP408: 8/22/2013 11:21:17 PM - Windows UpdateRP409: 8/31/2013 2:26:21 PM - Scheduled CheckpointRP410: 9/2/2013 6:27:14 PM - Device Driver Package Install: TAP-Win32 Provider V9 Network adaptersRP411: 9/4/2013 7:42:40 PM - Removed BlueStacks Notification Center.==== Installed Programs ======================.??????? 2.7??QQ2013µTorrentAdobe AIRAdobe Download AssistantAdobe Dreamweaver CS6Adobe Edge AnimateAdobe Flash Builder 4.5Adobe Flash Catalyst CS5.5Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Help ManagerAdobe Photoshop CS5.1Adobe Premiere Pro CS6Adobe Reader XI (11.0.03)Adobe Shockwave Player 11.5Adobe Shockwave Player 12.0Adobe Widget BrowserAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD FuelAMD Media Foundation DecodersAMD Steady Video Plug-In AMD VISION Engine Control CenterAudacity 1.3.13 (Unicode)Autodesk Backburner 2008.1Autodesk Material Library 2012Autodesk Material Library Base Resolution Image Library 2012blBuild Tools - amd64Build Tools - x86Build Tools Language Resources - amd64Build Tools Language Resources - x86Catalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCOMODO Internet SecurityCOMODO Programs ManagerCyberGhost VPNCyberLink YouCamD3DX10Dev-C++ 5 beta 9 release (4.9.9.2)Energy Star Digital LogoEntity Framework Tools for Visual Studio 2013 PreviewESU for Microsoft Windows 7FileZilla Client 3.5.3Google ChromeGoogle DriveGoogle EarthGoogle Talk PluginGoogle Update HelperHewlett-Packard ACLM.NET v1.2.1.1Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)HP AutoHP Client ServicesHP CloudDriveHP Customer Experience EnhancementsHP DocumentationHP On Screen DisplayHP Power ManagerHP Quick LaunchHP SetupHP Setup ManagerHP Software FrameworkHP Support AssistantHP Wireless AssistantHyperCam 2Java 7 Update 25Java Auto UpdaterJava 7 (64-bit)Java SE Development Kit 7 (64-bit)JavaFX 2.0 (64-bit)join.meJunk Mail filter updateMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4 Multi-Targeting PackMicrosoft .NET Framework 4.5 Multi-Targeting PackMicrosoft .NET Framework 4.5 SDKMicrosoft .NET Framework 4.5.1 PreviewMicrosoft .NET Framework 4.5.1 Preview Multi-Targeting PackMicrosoft .NET Framework 4.5.1 Preview Multi-Targeting Pack (ENU)Microsoft .NET Framework 4.5.1 Preview SDKMicrosoft Application Error ReportingMicrosoft C++ REST SDK for Visual Studio 2013 PreviewMicrosoft Help Viewer 2.1Microsoft Mouse and Keyboard CenterMicrosoft NuGet - Visual Studio Express 2013 Preview for Windows DesktopMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office File Validation Add-InMicrosoft Office Proofing Tools 2013 Preview - Chinese (Simplified)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)Microsoft Office Starter 2010 - EnglishMicrosoft Office Visual Web Developer 2007Microsoft Office Visual Web Developer MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2008 Management ObjectsMicrosoft SQL Server 2012 Command Line Utilities Microsoft SQL Server 2012 Data-Tier App Framework Microsoft SQL Server 2012 Data-Tier App Framework (x64)Microsoft SQL Server 2012 Express LocalDB Microsoft SQL Server 2012 Management Objects Microsoft SQL Server 2012 Management Objects (x64)Microsoft SQL Server 2012 Native Client Microsoft SQL Server 2012 T-SQL Language Service Microsoft SQL Server 2012 Transact-SQL Compiler Service Microsoft SQL Server 2012 Transact-SQL ScriptDom Microsoft SQL Server Compact 4.0 SP1 x64 ENUMicrosoft SQL Server Data Tools - enu (12.0.30529.0)Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30529.0)Microsoft SQL Server Database Publishing Wizard 1.3Microsoft System CLR Types for SQL Server 2012Microsoft System CLR Types for SQL Server 2012 (x64)Microsoft Team Foundation Server 2013 Preview Object Model (x64)Microsoft Team Foundation Server 2013 Preview Object Model Language Pack (x64) - ENUMicrosoft Visual C++ x64 LibrariesMicrosoft Visual C++ x86 LibrariesMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2013 32bit Compilers - ENU ResourcesMicrosoft Visual C++ 2013 Core LibrariesMicrosoft Visual C++ 2013 x64 Additional Runtime - 12.0.20617Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.20617Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.20617Microsoft Visual C++ 2013 x86-x64 CompilersMicrosoft Visual C++ 2013 x86 Additional Runtime - 12.0.20617Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.20617Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.20617Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENUMicrosoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)Microsoft Visual Studio 2013 Express Prerequisites x64 - ENUMicrosoft Visual Studio 2013 Preview PreparationMicrosoft Visual Studio 2013 Preview Shell (Minimum) ResourcesMicrosoft Visual Studio 2013 Preview Team Explorer Language Pack - ENUMicrosoft Visual Studio 2013 Shell (Minimum)Microsoft Visual Studio 2013 Shell (Minimum) Interop AssembliesMicrosoft Visual Studio Express 2013 Preview for Windows DesktopMicrosoft Visual Studio Express 2013 Preview for Windows Desktop - ENUMicrosoft Visual Studio Ultimate 2013 Preview XAML UI Designer CoreMicrosoft Visual Studio Ultimate 2013 Preview XAML UI Designer enu ResourcesMicrosoft Visual Studio Web Authoring ComponentMicrosoft Windows SDK for Visual Studio 2008 Headers and LibrariesMicrosoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enuMicrosoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enuMicrosoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32Microsoft WSE 3.0 RuntimeMicrosoft XNA Framework Redistributable 4.0Microsoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Microsoft_VC90_MFCLOC_x86Microsoft_VC90_MFCLOC_x86_x64MorphVOX JuniorMozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT RedistsMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Notepad++OpenALOpenOffice 4.0.0Oracle VM VirtualBox 4.2.14phPictureMoverPlayReady PC Runtime x86Prerequisites for SSDT Realtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek PCIE Card ReaderREALTEK Wireless LAN DriverRecovery ManagerResource Hacker Version 3.6.0SAMSUNG Mobile Modem Driver SetSamsung Mobile phone USB driver Drive SoftwareSAMSUNG Mobile USB Modem 1.0 SoftwareSAMSUNG Mobile USB Modem SoftwareSecurity Update for 2007 Microsoft Office System (KB2288621)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office system 2007 (KB974234)Skype™ 6.6SQL Server System CLR TypesSteamswMSMSynaptics Pointing Device DriverTeam Explorer for Microsoft Visual Studio 2013 PreviewTeam Fortress 2TeamViewer 8Tencent QQMail PluginTerrariaTI Connect 1.6UnityUnity Web PlayerUpdate for (KB2504637)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 System (KB2539530)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Visual Studio Web Authoring Component (KB945140)VC 9.0 RuntimeVLC media player 2.0.7WampServer 2.4Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Software Development KitWindows Software Development Kit DirectX x64 RemoteWindows Software Development Kit DirectX x86 RemoteWindows Software Development Kit for Windows Store AppsWindows Software Development Kit for Windows Store Apps DirectX x64 RemoteWindows Software Development Kit for Windows Store Apps DirectX x86 RemoteWindows XP Targeting with C++WinPcap 4.1.3WinRAR 4.01 (64-bit)WinSCP 4.3.7Yahoo! Detect.==== Event Viewer Messages From Past Week ========.9/5/2013 8:04:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: lqffzi nmfmfx9/5/2013 8:03:44 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 1269/4/2013 8:43:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.9/4/2013 3:43:50 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.9/4/2013 3:41:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.9/4/2013 3:41:12 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/4/2013 3:39:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.9/4/2013 3:39:54 PM, Error: Service Control Manager [7000] - The HP Wireless Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/4/2013 3:39:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.9/4/2013 3:39:23 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/3/2013 4:27:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.9/3/2013 4:27:51 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/2/2013 6:11:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.9/2/2013 6:11:30 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/2/2013 6:11:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}9/2/2013 2:38:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Client Services service to connect.9/2/2013 2:37:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Cron Service for Prey service to connect.9/2/2013 2:37:31 PM, Error: Service Control Manager [7000] - The Cron Service for Prey service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/2/2013 1:39:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.9/1/2013 11:42:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service..==== End Of File =========================== DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2Run by Chaoyi at 14:14:22 on 2013-09-05Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5739.2579 [GMT -4:00].AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exeC:\Program Files\COMODO\COMODO Programs Manager\CPMService.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Prey\platform\windows\cronsvc.exeC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\svchost.exe -k rpcssC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Program Files\COMODO\COMODO Internet Security\cistray.exeC:\Windows\system32\taskeng.exec:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exec:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\COMODO\COMODO Internet Security\cis.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Chaoyi\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exeC:\Program Files\COMODO\COMODO Internet Security\cavwp.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Steam\steam.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\taskmgr.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exeC:\Program Files (x86)\TeamViewer\Version8\tv_w32.exeC:\Program Files (x86)\TeamViewer\Version8\tv_x64.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\COMODO\COMODO Internet Security\cmdupd.exeC:\Program Files\COMODO\COMODO Internet Security\cavwp.exeC:\Windows\system32\mspaint.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [Google Update] "C:\Users\Chaoyi\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exemRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTCP: NameServer = 192.168.1.1 71.242.0.12TCP: Interfaces\{E8721538-F1C4-4B17-8865-DC458AB22254} : NameServer = 156.154.70.22,156.154.71.22TCP: Interfaces\{E8721538-F1C4-4B17-8865-DC458AB22254} : DHCPNameServer = 192.168.1.1 71.242.0.12TCP: Interfaces\{E8721538-F1C4-4B17-8865-DC458AB22254}\160747023223 : DHCPNameServer = 68.87.71.230 68.87.73.246TCP: Interfaces\{E8721538-F1C4-4B17-8865-DC458AB22254}\3416464697026427F6E647445637B6 : DHCPNameServer = 68.87.71.226 68.87.73.242TCP: Interfaces\{F8D0A969-58AE-4F21-8BC0-B9611490A39C} : NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{F8D0A969-58AE-4F21-8BC0-B9611490A39C} : DHCPNameServer = 192.168.1.1 71.242.0.12Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllFilter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: <No Name>: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - LocalServer32 - <no file>x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: <No Name>: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - LocalServer32 - <no file>x64-BHO: <No Name>: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - LocalServer32 - <no file>x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hiddenx64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exex64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Chaoyi\AppData\Roaming\Mozilla\Firefox\Profiles\lusfwtte.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dllFF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dllFF - plugin: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dllFF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.22\Bin\npSSOAxCtrlForPTLogin.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dllFF - plugin: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dllFF - plugin: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dllFF - plugin: C:\Program Files (x86)\Tencent\Qzone\Ver_247.312\npQQPhotoDrawEx.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\Chaoyi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Users\Chaoyi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllFF - plugin: C:\Users\Chaoyi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Chaoyi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\Chaoyi\AppData\Roaming\Mozilla\plugins\npo1d.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-11-11 77952]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-11-11 37504]R0 cumon;cumon;C:\Windows\System32\drivers\cumon.sys [2013-5-27 205512]R0 Evdd;Evdd;C:\Windows\System32\drivers\evdd.sys [2013-5-27 19568]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-20 56208]R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-4-15 23168]R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-4-15 708632]R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-4-15 48360]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-4 98208]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-5-21 105144]R2 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158936]R2 CPMService;COMODO Programs Manager Service;C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe [2011-9-5 116032]R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2013-5-8 23552]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-6-4 1817088]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-29 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-29 701512]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-6-4 46136]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-3-23 31088]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-29 25928]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-6-4 335464]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-6-4 878184]R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2012-7-31 38992]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-6-4 44672]R3 vdbus;Virtual Disk Bus Enumerator;C:\Windows\System32\drivers\vdbus.sys [2012-8-9 740080]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-5-21 124088]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2013-9-2 2438696]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-8 4153184]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-6-21 106256]S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-6-16 87648]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-19 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== File Associations ===============.FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1".=============== Created Last 30 ================.2013-09-04 23:29:11 -------- d-----w- C:\ProgramData\BlueStacksSetup2013-09-03 20:06:16 5191704 ----a-w- C:\Windows\System32\GooglePinyin2.ime2013-09-03 20:06:16 3460120 ----a-w- C:\Windows\SysWow64\GooglePinyin2.ime2013-09-03 00:42:27 -------- d-----w- C:\Users\Chaoyi\AppData\Roaming\OpenOffice2013-09-03 00:15:11 -------- d-----w- C:\Users\Chaoyi\AppData\Local\Tencent2013-09-03 00:13:36 -------- d-----w- C:\Program Files (x86)\QQMailPlugin2013-09-03 00:10:20 -------- d-----w- C:\Program Files (x86)\Common Files\Tencent2013-09-03 00:09:59 -------- d-----w- C:\Program Files (x86)\Tencent2013-09-03 00:02:27 -------- d-----w- C:\ProgramData\Tencent2013-09-03 00:02:08 18760 ----a-w- C:\Windows\SysWow64\QQVistaHelper.dll2013-09-03 00:02:06 -------- d-----w- C:\Users\Chaoyi\AppData\Roaming\Tencent2013-09-02 22:26:44 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys2013-09-02 22:26:40 -------- d-----w- C:\Program Files\CyberGhost VPN2013-08-21 23:27:20 -------- d-----w- C:\Windows\PCHEALTH2013-08-21 23:27:20 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client2013-08-15 02:37:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-08-15 02:37:58 2048 ----a-w- C:\Windows\System32\tzres.dll2013-08-15 02:35:57 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys2013-08-15 02:35:57 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys.==================== Find3M ====================.2013-09-05 18:04:18 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-07-12 16:30:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-07-12 16:30:41 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-07-08 20:59:52 708632 ----a-w- C:\Windows\System32\drivers\cmdguard.sys2013-06-27 17:07:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-06-27 17:06:53 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll2013-06-27 17:06:53 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-06-21 20:01:34 238352 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys2013-06-21 20:00:16 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll2013-06-21 20:00:16 146704 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys2013-06-21 20:00:16 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys2013-06-21 20:00:16 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys2013-06-21 20:00:16 106256 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys2013-06-18 15:16:09 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys2013-06-18 15:16:07 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys2013-06-18 15:15:49 43216 ----a-w- C:\Windows\System32\cmdcsr.dll2013-06-18 15:15:47 348584 ----a-w- C:\Windows\SysWow64\guard32.dll2013-06-18 15:15:46 437688 ----a-w- C:\Windows\System32\guard64.dll2013-06-18 15:15:38 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll2013-06-18 15:15:38 344792 ----a-w- C:\Windows\System32\cmdvrt64.dll2013-06-18 15:15:35 278232 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll2013-06-18 15:15:34 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll2013-06-16 23:20:18 967248 ----a-w- C:\Windows\System32\msvcr120.dll2013-06-15 23:12:58 78440 ----a-w- C:\Windows\System32\VSD3DRefDebug.dll2013-06-15 23:12:46 759408 ----a-w- C:\Windows\System32\d3d11ref.dll2013-06-15 23:12:46 748648 ----a-w- C:\Windows\System32\d3d11sdklayers.dll2013-06-15 23:12:46 622192 ----a-w- C:\Windows\System32\d3d10sdklayers.dll2013-06-15 23:12:46 491624 ----a-w- C:\Windows\System32\d3dref9.dll2013-06-15 23:12:46 486504 ----a-w- C:\Windows\System32\d2d1debug2.dll2013-06-15 23:12:46 458864 ----a-w- C:\Windows\System32\d3d10ref.dll2013-06-15 23:12:46 246384 ----a-w- C:\Windows\System32\dxcpl.exe2013-06-15 23:12:46 141416 ----a-w- C:\Windows\System32\dxgidebug.dll2013-06-15 23:12:46 1227376 ----a-w- C:\Windows\System32\d3d11_2sdklayers.dll2013-06-15 22:19:24 60528 ----a-w- C:\Windows\SysWow64\VSD3DRefDebug.dll2013-06-15 22:19:14 627824 ----a-w- C:\Windows\SysWow64\d3d11ref.dll2013-06-15 22:19:14 475752 ----a-w- C:\Windows\SysWow64\d3d10sdklayers.dll2013-06-15 22:19:14 383080 ----a-w- C:\Windows\SysWow64\d3dref9.dll2013-06-15 22:19:14 365160 ----a-w- C:\Windows\SysWow64\d3d10ref.dll2013-06-15 22:19:14 353896 ----a-w- C:\Windows\SysWow64\d2d1debug2.dll2013-06-15 22:19:14 110696 ----a-w- C:\Windows\SysWow64\dxgidebug.dll2013-06-15 22:19:12 945264 ----a-w- C:\Windows\SysWow64\d3d11_2sdklayers.dll2013-06-15 22:19:12 596080 ----a-w- C:\Windows\SysWow64\d3d11sdklayers.dll2013-06-15 22:19:12 234096 ----a-w- C:\Windows\SysWow64\dxcpl.exe2013-06-15 19:49:36 6179552 ----a-w- C:\Windows\System32\dxcapturereplay.dll2013-06-15 19:47:10 76288 ----a-w- C:\Windows\System32\vsd3dwarpdebug.dll2013-06-15 19:42:54 149216 ----a-w- C:\Windows\System32\dxtoolsmonitor.dll2013-06-15 19:08:24 4490976 ----a-w- C:\Windows\SysWow64\dxcapturereplay.dll2013-06-15 19:06:34 57344 ----a-w- C:\Windows\SysWow64\vsd3dwarpdebug.dll2013-06-15 19:03:22 109280 ----a-w- C:\Windows\SysWow64\dxtoolsmonitor.dll.============= FINISH: 14:17:08.28 ===============
  19. Hello, sorry for not replying in time. I was too busy interning for a company, and couldn't find the time to reply. I'll post a DDS log ASAP. I've contacted Comodo about this problem, they were able to help me a little, because last month, the fighting between the two programs got out of hand and MBAM corrupted their data, causing it to completely lock up my internet, and CIS would not start no matter what, and displayed error messages.(could not be uninstalled/reinstalled). Their "GeekBuddy" technicians helped fix that issue, but internet is still blocked until couple of minutes after startup. cistray.exe starts up normally, but cis.exe is only started after mbam completetly loads and updates.
  20. MBAM Pro isn't compatible with Comodo 6.0 . It causes Comodo to have a very delayed start (internet is blocked until comodo's firewall starts) and caused comodo's data to corrupt many times. Please fix this problem.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.