Jump to content

Bitdefender interferes with Malwarebytes


Recommended Posts

Hello. I have recently installed Bitdefender on my PC (comodo & MBAM were having problems). I uninstalled Comodo CIS and got Bitdefender Free AV. After installing BD, some programs wouldn't run correctly. They produce an error about a certain BD module. I emailed BD Support, and they told me that MBAM was interfering with their product. 

 

 

 

 

Hello **,

Thank you for your email! 

After checking the log that you've sent us we concluded that you also have Malwarebytes installed on the PC which is interfering with the Bitdefender process causing it to generate false positives and conflicts in the system.

Therefore please use this uninstall tool to remove Malwarebytes:

http://downloads.malwarebytes.org/file/mbam_clean
 


After that please restart the PC once in order for the changes to take effect in the system. Once Windows loads up please follow the steps below to run a Repair process on Bitdefender:

-go to the Start menu
-click on 'All programs"
-search for the "Bitdefender" folder
-when you open the "Bitdefender" folder please select the "Repair or Uninstall" option
-it will open a small window where you will have two  options: " Repair" or ' Remove"
- choose "Repair" from there and wait for the process to complete and then restart the pc. Normally, it will reinitialize all the services and processes of Bitdefender and you should not encounter any further issues with it.



Please reply to this email and let us know if everything works smoothly or if you need further assistance.

Have a great day!

 

Link to post
Share on other sites

You can just uninstall it to test the theory to see if it is actually an conflict or not, what version of BD are you using? (once testing is done, you can reinstall MBAM).

Here is an example of how to exclude files in Bitdefender 2013, see if your version is similar to these instructions....

Bitdefender Total Security 2013 Exclusions....

Please review the following screen shots and set those in Bitdefender 2013. Then reboot the computer and let us know if that corrects the issue for you. (provided by AdvancedSetup)

Thanks

post-2065-0-76811900-1365305040.jpg

post-2065-0-72586400-1365305047.jpg

post-2065-0-99656800-1365305052.jpg

post-2065-0-02246400-1365305063.jpg

post-2065-0-00103200-1365305086.jpg

Link to post
Share on other sites

I am not aware of any limitations in BD for exclusions on the Free version, maybe someone that uses this version can elaborate on that...

While we wait on that lets get some logs...

DDS – Checktool - FRST

STEP 1

Please run the DDS scanner and send back both logs as attachments to your next reply.

Download DDS from one of the locations below and save it to your Desktop:

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include both of the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.
STEP 2

Please run mbam-check and send back the log as an attachment to your next reply.

  • Download mbam-check.exe from HERE and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post; instead please attach to your next reply the CheckResults.txt log file which should now be located on your desktop.
STEP 3

Please run the FRST tool and send back both logs as attachments to your next reply.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system - that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your next reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your next reply.
Link to post
Share on other sites

I get the following when I try to run DDS (tried both .scr and .com). I am currently using Windows 8.1

 

http://imgur.com/y67WpOw

 

MBAMCheck Logs:

 

mbam-check result log version: 2.0.0.1000
 
Malwarebytes Version: REG_SZ 1.75.0.1300
 
Date Log Created: 03/14/14
Time Log Created: 17:40:05
 
User Account type: Administrator
 
64 bit Operating System
 
Product Name: REG_SZ Windows 8.1
 
Current Build Number: 9200
 
Current Version Number: 6.2
 
Current CSDVersion: 
 
Proxy Status: No proxy is Set
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's Startup Folder Exists.
 
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
TERMService:
==============
Type : 32
State : 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE : 1077
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Compatibility Flag Settings (Any MBAM file listings should be removed):
=======================================================================
 
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
D:\Chaoyi\GTA IV\Grand Theft Auto IV\GTAIV.exeREG_SZ ~ RUNASADMIN
 
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
 
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Service and Driver Status:
==========================
 
MBAMProtector:
==============
Type : 2
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
MBAMService:
==============
Type : 16
State : 4 (The service is running.)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
MBAMScheduler:
==============
Type : 16
State : 4 (The service is running.)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon
 
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
WOW64                         REG_DWORD 1
Type                          REG_DWORD 2
Start                         REG_DWORD 3
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ \??\C:\Windows\system32\drivers\mbam.sys
DisplayName                   REG_SZ MBAMProtector
Group                         REG_SZ FSFilter Anti-Virus
DependOnService               REG_MULTI_SZ FltMgr
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances
DefaultInstance               REG_SZ MBAMProtector Instance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance
Altitude                      REG_SZ 328800
Flags                         REG_DWORD 0
MBAMService Registry Values:
============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService
WOW64                         REG_DWORD 1
Description                   REG_SZ Malwarebytes Anti-Malware service
DelayedAutostart              REG_DWORD 0
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
DisplayName                   REG_SZ MBAMService
DependOnService               REG_MULTI_SZ MBAMProtector
 
ObjectName                    REG_SZ LocalSystem
MBAMScheduler Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
WOW64                         REG_DWORD 1
Description                   REG_SZ Malwarebytes Anti-Malware scheduler
Type                          REG_DWORD 16
Start                         REG_DWORD 2
ErrorControl                  REG_DWORD 1
ImagePath                     REG_EXPAND_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
DisplayName                   REG_SZ MBAMScheduler
ObjectName                    REG_SZ LocalSystem
 
MBAM DLL's and Runtime Files:
=============================
 
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid
(Default):                    REG_SZ vbAccelerator Grid Control
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid
(Default):                    REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}
 
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid
(Default):                    REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}
 
HKEY_CLASSES_ROOT\SSubTimer6.CTimer
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid
(Default):                    REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}
 
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid
(Default):                    REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}
 
 
 
 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID
(Default):                    REG_SZ SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION
(Default):                    REG_SZ 1.0
 
 
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default):                    REG_SZ vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default):                    REG_SZ 2
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
(Default):                    REG_SZ vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
(Default):                    REG_SZ 2
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default):                    REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
(Default):                    REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ _ISubclass
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ __CTimer
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
(Default):                    REG_SZ CTimer
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
(Default):                    REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default):                    REG_SZ __vbalGrid
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default):                    REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version                       REG_SZ 1.1
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
(Default):                    REG_SZ vbalGrid
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
(Default):                    REG_SZ {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
(Default):                    REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}
Version                       REG_SZ 1.1
MBAM Registry Settings and License Info:
========================================
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
advancedheuristics            REG_DWORD 1
downloadprogram               REG_DWORD 1
hidereg                       REG_DWORD 0
detectp2p                     REG_DWORD 0
detectpum                     REG_DWORD 1
detectpup                     REG_DWORD 2
updatewarn                    REG_DWORD 1
updatewarndays                REG_DWORD 2
useproxy                      REG_DWORD 0
useauthentication             REG_DWORD 0
contextmenu                   REG_DWORD 1
reportthreats                 REG_DWORD 1
startwithwindows              REG_DWORD 1
startfsdisabled               REG_DWORD 0
startipdisabled               REG_DWORD 0
silentipmode                  REG_DWORD 0
autoquarantine                REG_DWORD 1
notifyinstallprogram          REG_DWORD 1
trialpromptshown              REG_DWORD 0
autoquarantinenotify          REG_DWORD 1
alwaysscanarchives            REG_DWORD 1
InstallPath                   REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
dbdate                        REG_SZ Fri, 14 Mar 2014 19:19:36 GMT
dbversion                     REG_SZ v2014.03.14.07
programversion                REG_SZ 1.75.0.1300
programbuild                  REG_SZ consumer
ID                            XXXXX-XXXXX This is hidden data.
Key                           XXXX-XXXX-XXXX-XXXX This is hidden data.
SchedulerQueue                REG_MULTI_SZ 1052673, 0, 0, 20, 0 | 30359501, 1082120703
 
 
 
HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
autosavelog                   REG_DWORD 1
openlog                       REG_DWORD 1
defaultscan                   REG_DWORD 0
terminateie                   REG_DWORD 0
Language                      REG_SZ English.lng
selectedrives                 REG_SZ C:\|D:\|
HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
autosavelog                   REG_DWORD 1
openlog                       REG_DWORD 1
defaultscan                   REG_DWORD 0
terminateie                   REG_DWORD 0
HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles               REG_DWORD 1
alwaysscanheuristics          REG_DWORD 1
alwaysscanmemory              REG_DWORD 1
alwaysscanregistry            REG_DWORD 1
alwaysscanstartups            REG_DWORD 1
autosavelog                   REG_DWORD 1
openlog                       REG_DWORD 1
defaultscan                   REG_DWORD 0
terminateie                   REG_DWORD 0
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
Inno Setup: Setup Version     REG_SZ 5.5.3-dev (a)
Inno Setup: App Path          REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
InstallLocation               REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\
Inno Setup: Icon Group        REG_SZ Malwarebytes' Anti-Malware
Inno Setup: User              REG_SZ Chaoyi
Inno Setup: Selected Tasks    REG_DWORD 0
Inno Setup: Deselected Tasks  REG_SZ desktopicon,quicklaunchicon
Inno Setup: Language          REG_SZ English
DisplayName                   REG_SZ Malwarebytes Anti-Malware version 1.75.0.1300
DisplayIcon                   REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
UninstallString               REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
QuietUninstallString          REG_SZ "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT
DisplayVersion                REG_SZ 1.75.0.1300
Publisher                     REG_SZ Malwarebytes Corporation
URLInfoAbout                  REG_SZ http://www.malwarebytes.org
NoModify                      REG_DWORD 1
NoRepair                      REG_DWORD 1
InstallDate                   REG_SZ 20140106
MajorVersion                  REG_DWORD 1
MinorVersion                  REG_DWORD 75
EstimatedSize                 REG_DWORD 19815
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
 
Scheduler Queue:
================
 
Scheduled Item: Update Schedule Options: | Realtime | Silent
Start Time: Realtime Repeating Every: 20 Recover if missed by: 0
 
 
 
Context Menu Entries:
=====================
 
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
(Default):                    REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 
 
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
(Default):                    REG_SZ IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
(Default):                    REG_SZ {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
Version                       REG_SZ 1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
(Default):                    REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
ThreadingModel                REG_SZ Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
(Default):                    REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
(Default):                    REG_SZ MBAMExt.MBAMShlExt
 
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
(Default):                    REG_SZ MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
(Default):                    REG_SZ 0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
(Default):                    REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
 
 
MBAM Drivers:
=============
 
C:\WINDOWS\system32\drivers\mbam.sys File Size: 25928     BYTES FileVersion: 1.60.2.0
 
 
Required Dependencies:
======================
 
BFE:
==============
Type : 32
State : 4 (The service is running.)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
ErrorControl                  REG_DWORD 1
Group                         REG_SZ NetworkProvider
ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Start                         REG_DWORD 2
Type                          REG_DWORD 32
Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
DependOnService               REG_MULTI_SZ RpcSs
WfpLwfs
 
ObjectName                    REG_SZ NT AUTHORITY\LocalService
ServiceSidType                REG_DWORD 3
RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege
 
FailureActions                REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDllUnloadOnStop        REG_DWORD 1
ServiceMain                   REG_SZ BfeServiceMain
ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
 
fltmgr:
==============
Type : 2
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded              REG_DWORD 1
DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
ErrorControl                  REG_DWORD 3
Group                         REG_SZ FSFilter Infrastructure
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
Start                         REG_DWORD 0
Tag                           REG_DWORD 1
Type                          REG_DWORD 2
Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 358752    BYTES FileVersion: 6.3.9600.16384
C:\WINDOWS\SysWOW64\mscomctl.ocx File Size: 1070152   BYTES FileVersion: 6.1.98.34
C:\WINDOWS\SysWOW64\olepro32.dll File Size: 80384     BYTES FileVersion: 6.3.9600.16384
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files (x86)\Malwarebytes' Anti-Malware
7z.dll                         File Size:    914432 BYTES FileVersion: 9.20.0.0
changes.txt                   File Size:       200 BYTES
license.rtf                   File Size:     17916 BYTES
mbam.chm                       File Size:    474148 BYTES
mbam.dll                       File Size:    527944 BYTES FileVersion: 1.70.0.0
mbam.exe                       File Size:    887432 BYTES FileVersion: 1.75.0.1
mbamcore.dll                   File Size:   1127496 BYTES FileVersion: 1.70.0.0
mbamext.dll                   File Size:     95304 BYTES FileVersion: 1.70.0.0
mbamgui.exe                   File Size:    532040 BYTES FileVersion: 1.70.0.0
mbamnet.dll                   File Size:   2191944 BYTES FileVersion: 1.70.0.0
mbampt.exe                     File Size:     40008 BYTES FileVersion: 1.70.0.0
mbamscheduler.exe             File Size:    418376 BYTES FileVersion: 1.70.0.0
mbamservice.exe               File Size:    701512 BYTES FileVersion: 1.70.0.0
mbamtoast.dll                 File Size:     74312 BYTES FileVersion: 1.70.0.0
ssubtmr6.dll                   File Size:     46416 BYTES FileVersion: 1.1.0.3
unins000.dat                   File Size:     15834 BYTES
unins000.exe                   File Size:    712264 BYTES FileVersion: 51.52.0.0
unins000.msg                   File Size:     11277 BYTES
vbalsgrid6.ocx                 File Size:    496976 BYTES FileVersion: 2.0.0.40
 
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon
chameleon.chm                 File Size:    186068 BYTES
firefox.com                   File Size:    218184 BYTES
firefox.exe                   File Size:    218184 BYTES
firefox.pif                   File Size:    218184 BYTES
firefox.scr                   File Size:    218184 BYTES
iexplore.exe                   File Size:    218184 BYTES
mbam-chameleon.com             File Size:    218184 BYTES
mbam-chameleon.exe             File Size:    218184 BYTES
mbam-chameleon.pif             File Size:    218184 BYTES
mbam-chameleon.scr             File Size:    218184 BYTES
mbam-killer.exe               File Size:    896072 BYTES
rundll32.exe                   File Size:    218184 BYTES
svchost.exe                   File Size:    218184 BYTES
winlogon.exe                   File Size:    218184 BYTES
 
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages
arabic.lng                     File Size:     21894 BYTES
belarusian.lng                 File Size:     26884 BYTES
bosnian.lng                   File Size:     27108 BYTES
bulgarian.lng                 File Size:     27574 BYTES
catalan.lng                   File Size:     28252 BYTES
chineseSI.lng                 File Size:     11024 BYTES
chineseTR.lng                 File Size:     11952 BYTES
croatian.lng                   File Size:     26670 BYTES
czech.lng                     File Size:     24874 BYTES
danish.lng                     File Size:     26582 BYTES
dutch.lng                     File Size:     28342 BYTES
english.lng                   File Size:     24542 BYTES
estonian.lng                   File Size:     25146 BYTES
finnish.lng                   File Size:     25950 BYTES
french.lng                     File Size:     29830 BYTES
german.lng                     File Size:     29894 BYTES
greek.lng                     File Size:     29300 BYTES
hebrew.lng                     File Size:     19362 BYTES
hungarian.lng                 File Size:     28666 BYTES
indonesian.lng                 File Size:     26854 BYTES
italian.lng                   File Size:     28194 BYTES
japanese.lng                   File Size:     16266 BYTES
korean.lng                     File Size:     14188 BYTES
latvian.lng                   File Size:     27100 BYTES
lithuanian.lng                 File Size:     27838 BYTES
norwegian.lng                 File Size:     25116 BYTES
polish.lng                     File Size:     26644 BYTES
portugueseBR.lng               File Size:     28654 BYTES
portuguesePT.lng               File Size:     29062 BYTES
romanian.lng                   File Size:     28290 BYTES
russian.lng                   File Size:     27302 BYTES
serbian.lng                   File Size:     26804 BYTES
slovak.lng                     File Size:     25644 BYTES
slovenian.lng                 File Size:     24852 BYTES
spanish.lng                   File Size:     30060 BYTES
swedish.lng                   File Size:     25992 BYTES
thai.lng                       File Size:     26092 BYTES
turkish.lng                   File Size:     25876 BYTES
vietnamese.lng                 File Size:     29528 BYTES
 
C:\Users\Chaoyi\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware
 
C:\Users\Chaoyi\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
mbam-log-2014-01-11 (11-26-23).txt File Size:      1894 BYTES
mbam-log-2014-01-23 (17-12-18).txt File Size:      1896 BYTES
mbam-log-2014-02-24 (15-37-02).txt File Size:      1878 BYTES
mbam-log-2014-02-24 (16-51-19).txt File Size:      1880 BYTES
mbam-log-2014-02-24 (17-31-15).txt File Size:      1866 BYTES
 
C:\Users\Chaoyi\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware
rules.ref                     File Size:   7345016 BYTES
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration
build.conf                     File Size:       140 BYTES
config.conf                   File Size:      4076 BYTES
custom.conf                   File Size:        20 BYTES
database.conf                 File Size:       432 BYTES
html.conf                     File Size:      2904 BYTES
local.conf                     File Size:       812 BYTES
manifest.conf                 File Size:      1752 BYTES
messaging.conf                 File Size:      1430 BYTES
news.conf                     File Size:       265 BYTES
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs
protection-log-2014-01-06.txt File Size:      2158 BYTES
protection-log-2014-01-07.txt File Size:      2158 BYTES
protection-log-2014-01-09.txt File Size:       996 BYTES
protection-log-2014-01-10.txt File Size:      3616 BYTES
protection-log-2014-01-11.txt File Size:     11728 BYTES
protection-log-2014-01-12.txt File Size:      1506 BYTES
protection-log-2014-01-13.txt File Size:     25406 BYTES
protection-log-2014-01-14.txt File Size:       996 BYTES
protection-log-2014-01-15.txt File Size:       652 BYTES
protection-log-2014-01-16.txt File Size:       996 BYTES
protection-log-2014-01-17.txt File Size:       690 BYTES
protection-log-2014-01-18.txt File Size:      2406 BYTES
protection-log-2014-01-19.txt File Size:      2402 BYTES
protection-log-2014-01-20.txt File Size:      6218 BYTES
protection-log-2014-01-21.txt File Size:      1456 BYTES
protection-log-2014-01-22.txt File Size:      2994 BYTES
protection-log-2014-01-23.txt File Size:     22526 BYTES
protection-log-2014-01-24.txt File Size:     34482 BYTES
protection-log-2014-01-25.txt File Size:      4208 BYTES
protection-log-2014-01-26.txt File Size:       996 BYTES
protection-log-2014-01-27.txt File Size:      2152 BYTES
protection-log-2014-01-29.txt File Size:       996 BYTES
protection-log-2014-01-31.txt File Size:       996 BYTES
protection-log-2014-02-03.txt File Size:      1236 BYTES
protection-log-2014-02-07.txt File Size:      4332 BYTES
protection-log-2014-02-08.txt File Size:      2646 BYTES
protection-log-2014-02-09.txt File Size:       472 BYTES
protection-log-2014-02-10.txt File Size:       996 BYTES
protection-log-2014-02-11.txt File Size:      2166 BYTES
protection-log-2014-02-14.txt File Size:      1704 BYTES
protection-log-2014-02-16.txt File Size:      4164 BYTES
protection-log-2014-02-18.txt File Size:       912 BYTES
protection-log-2014-02-21.txt File Size:      1998 BYTES
protection-log-2014-02-23.txt File Size:      6726 BYTES
protection-log-2014-02-24.txt File Size:     11732 BYTES
protection-log-2014-02-25.txt File Size:     12072 BYTES
protection-log-2014-02-26.txt File Size:     13174 BYTES
protection-log-2014-02-27.txt File Size:     11000 BYTES
protection-log-2014-02-28.txt File Size:     13234 BYTES
protection-log-2014-03-01.txt File Size:     26510 BYTES
protection-log-2014-03-02.txt File Size:     12226 BYTES
protection-log-2014-03-03.txt File Size:     26804 BYTES
protection-log-2014-03-04.txt File Size:     10338 BYTES
protection-log-2014-03-05.txt File Size:      8648 BYTES
protection-log-2014-03-06.txt File Size:     13174 BYTES
protection-log-2014-03-07.txt File Size:     15480 BYTES
protection-log-2014-03-08.txt File Size:     18610 BYTES
protection-log-2014-03-09.txt File Size:     15622 BYTES
protection-log-2014-03-10.txt File Size:     14074 BYTES
protection-log-2014-03-11.txt File Size:     11770 BYTES
protection-log-2014-03-12.txt File Size:      8568 BYTES
protection-log-2014-03-13.txt File Size:     10742 BYTES
protection-log-2014-03-14.txt File Size:      3446 BYTES
 
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine
 
===============================================================
END OF FILE
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Chaoyi (administrator) on ONYX on 14-03-2014 17:43:35
Running from C:\Users\Chaoyi\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) D:\Programs\Netbeans 8.0\NetBeans 8.0 Beta\bin\netbeans64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() D:\Chaoyi\hexchat\hexchat.exe
(Don HO don.h@free.fr) C:\Users\Chaoyi\Downloads\npp.6.5.3.bin\notepad++.exe
(Google) C:\Users\Chaoyi\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\NOTEPAD.EXE
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-29] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2003096260-2618070249-4292722047-1002\...\Run: [Google Update] - C:\Users\Chaoyi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-02] (Google Inc.)
 
Continues on next post (too long)
 

 

Addition.txt

Link to post
Share on other sites

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programs\Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.242.0.12

 

Chrome: 

=======

 

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()

CHR Plugin: (Google Talk Plugin) - C:\Users\Chaoyi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Java Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Users\Chaoyi\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Chaoyi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Chaoyi\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

CHR Plugin: (Microsoft Office 2010) - D:\Programs\Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - D:\Programs\Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Extension: (Tank Hero: Laser Wars (Web)) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkkneogpiampdcpgceflcjjmghppmmn [2014-01-01]

CHR Extension: (Google Docs) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-01]

CHR Extension: (Google Drive) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-01]

CHR Extension: (Last.fm free music player) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbncpldmanoknoahidbgmkgobgmhnafh [2014-01-01]

CHR Extension: (Web Developer) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-01-01]

CHR Extension: (WOT) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-01-01]

CHR Extension: (YouTube) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-01]

CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2014-01-01]

CHR Extension: (Google Search) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-01]

CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2014-01-01]

CHR Extension: (Nitrous.IO) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efdcneeepllhjlbejkfnaolelbpdacai [2014-01-01]

CHR Extension: (Ratchet & Clank Future 2) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn [2014-02-17]

CHR Extension: (PanicButton) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-01-01]

CHR Extension: (HTTPS Everywhere) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-02-07]

CHR Extension: (AdBlock) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-01]

CHR Extension: (Cut the Rope) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2014-01-01]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-01-01]

CHR Extension: (Grey Minimalist) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hibnimblojplfbdgeebipbioedefogoi [2014-01-01]

CHR Extension: (Google Keep) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-01-01]

CHR Extension: (Google Voice (by Google)) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-01-01]

CHR Extension: (Cloud9) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp [2014-01-01]

CHR Extension: (Google Wallet) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-01]

CHR Extension: (Instagram for Chrome) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-01-01]

CHR Extension: (Gmail) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-01]

CHR Extension: (Secure Shell) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnhechapfaindjhompbnflcldabbghjo [2014-01-01]

CHR Extension: (Canvas Rider) - C:\Users\Chaoyi\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2014-01-01]

 

==================== Services (Whitelisted) =================

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)

R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6254152 2013-10-20] (COMODO)

S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [164056 2013-09-24] (COMODO)

R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)

S3 wampapache; D:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation)

S3 wampmysqld; D:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)

U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)

R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-09-24] (COMODO)

R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [715824 2013-11-14] (COMODO)

R1 cmdhlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38072 2013-09-24] (COMODO)

R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)

S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)

S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)

S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)

R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [118400 2013-09-24] (COMODO)

R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-16] (Microsoft Corporation)

S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)

S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)

S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-16] (Microsoft Corporation)

S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)

S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)

S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2013-08-22] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-14 17:43 - 2014-03-14 17:44 - 00018539 _____ () C:\Users\Chaoyi\Downloads\FRST.txt

2014-03-14 17:42 - 2014-03-14 17:43 - 00000000 ____D () C:\FRST

2014-03-14 17:41 - 2014-03-14 17:41 - 02157056 _____ (Farbar) C:\Users\Chaoyi\Downloads\FRST64.exe

2014-03-14 17:40 - 2014-03-14 17:40 - 00036923 _____ () C:\Users\Chaoyi\Desktop\CheckResults.txt

2014-03-14 17:38 - 2014-03-14 17:38 - 00688992 _____ (Swearware) C:\Users\Chaoyi\Downloads\dds.com

2014-03-14 17:38 - 2014-03-14 17:38 - 00353352 _____ (Malwarebytes Corporation) C:\Users\Chaoyi\Downloads\mbam-check-2.0.0.1000.exe

2014-03-14 17:37 - 2014-03-14 17:37 - 00688992 _____ (Swearware) C:\Users\Chaoyi\Downloads\dds.scr

2014-03-13 17:41 - 2008-11-03 06:44 - 00061440 _____ () C:\Users\Chaoyi\Downloads\mod-spamhaus-0.7.tar

2014-03-13 17:41 - 2008-11-03 06:43 - 00000000 ____D () C:\Users\Chaoyi\Downloads\mod-spamhaus

2014-03-13 17:39 - 2014-03-13 17:40 - 00017375 _____ () C:\Users\Chaoyi\Downloads\mod-spamhaus-0.7.tar.gz

2014-03-12 17:31 - 2014-03-12 17:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-12 17:31 - 2014-03-12 17:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-12 16:36 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-03-12 16:36 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-03-12 16:36 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-03-12 16:36 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-03-12 16:36 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-03-12 16:36 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-03-12 16:36 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-03-12 16:36 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-03-12 16:36 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-03-12 16:36 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-03-12 16:36 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-03-12 16:36 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-03-12 16:36 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-03-12 16:36 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-03-12 16:36 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-03-12 16:36 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-03-12 16:36 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-03-12 16:36 - 2014-01-31 12:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2014-03-12 16:36 - 2014-01-31 09:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2014-03-12 16:36 - 2014-01-29 04:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-03-12 16:36 - 2014-01-27 11:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2014-03-12 16:36 - 2014-01-27 11:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2014-03-12 16:36 - 2013-12-21 10:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe

2014-03-12 16:36 - 2013-12-20 06:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2014-03-12 16:36 - 2013-12-20 06:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2014-03-12 16:35 - 2014-02-10 23:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-03-12 16:35 - 2014-02-10 22:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll

2014-03-12 16:35 - 2014-02-10 22:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll

2014-03-12 16:35 - 2014-01-31 12:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys

2014-03-12 16:35 - 2014-01-31 12:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2014-03-12 16:35 - 2014-01-31 05:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll

2014-03-12 16:35 - 2014-01-29 05:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll

2014-03-12 16:35 - 2014-01-29 04:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2014-03-12 16:35 - 2014-01-29 04:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2014-03-12 16:35 - 2014-01-29 04:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2014-03-12 16:35 - 2014-01-29 03:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2014-03-12 16:35 - 2014-01-29 03:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2014-03-12 16:35 - 2014-01-29 03:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2014-03-12 16:35 - 2014-01-29 02:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll

2014-03-12 16:35 - 2014-01-28 20:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll

2014-03-12 16:35 - 2014-01-27 15:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll

2014-03-12 16:35 - 2014-01-27 15:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll

2014-03-12 16:35 - 2014-01-27 15:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE

2014-03-12 16:35 - 2014-01-27 14:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll

2014-03-12 16:35 - 2014-01-27 14:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll

2014-03-12 16:35 - 2014-01-27 14:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll

2014-03-12 16:35 - 2014-01-27 14:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE

2014-03-12 16:35 - 2014-01-27 14:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll

2014-03-12 16:35 - 2014-01-27 13:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll

2014-03-12 16:35 - 2014-01-27 13:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll

2014-03-12 16:35 - 2014-01-27 13:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll

2014-03-12 16:35 - 2014-01-27 07:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2014-03-12 16:35 - 2014-01-17 19:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2014-03-12 16:35 - 2014-01-17 17:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2014-03-12 16:35 - 2013-12-21 04:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll

2014-03-12 16:35 - 2013-10-30 20:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

2014-03-12 16:35 - 2013-10-30 20:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

2014-03-12 16:35 - 2013-10-30 20:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

2014-03-12 15:46 - 2014-03-12 15:46 - 00000000 ____D () C:\Users\Chaoyi\pip

2014-03-12 15:43 - 2014-03-12 15:43 - 00840846 _____ () C:\Users\Chaoyi\setuptools-3.1.zip

2014-03-12 15:42 - 2014-03-12 15:42 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\.distlib

2014-03-09 09:52 - 2014-03-12 15:42 - 00000000 ____D () C:\Python27

2014-03-07 17:51 - 2014-03-07 17:51 - 04822473 _____ (Tim Kosse) C:\Users\Chaoyi\Downloads\FileZilla_3.7.4.1_win32-setup.exe

2014-03-07 14:25 - 2014-03-07 14:25 - 06468040 _____ () C:\Users\Chaoyi\Downloads\The_New_Bitdefender_SPT.exe

2014-03-07 14:25 - 2014-03-07 14:25 - 00000000 ____D () C:\ProgramData\Dumps

2014-03-06 16:54 - 2014-03-06 16:54 - 00201226 _____ () C:\ProgramData\1394137572.bdinstall.bin

2014-03-06 16:50 - 2014-03-06 16:51 - 00002842 _____ () C:\WINDOWS\system32\lic2.xml16654

2014-03-06 16:50 - 2009-07-15 02:21 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll

2014-03-06 16:49 - 2013-04-17 15:59 - 00718840 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys

2014-03-06 16:49 - 2013-04-17 15:59 - 00593144 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys

2014-03-06 16:49 - 2012-11-02 15:17 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys

2014-03-06 16:48 - 2014-03-06 16:50 - 00000000 ____D () C:\Program Files\Bitdefender

2014-03-06 16:48 - 2013-05-28 13:12 - 00382536 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys

2014-03-06 16:48 - 2013-04-22 14:21 - 00148696 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys

2014-03-06 16:26 - 2014-03-06 16:48 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\QuickScan

2014-03-06 16:26 - 2014-03-06 16:26 - 10447328 _____ () C:\Users\Chaoyi\Downloads\Antivirus_Free_Edition_x64.exe

2014-03-06 16:25 - 2014-03-06 16:25 - 00162208 _____ () C:\Users\Chaoyi\Downloads\Antivirus_Free_Edition.exe

2014-03-04 19:33 - 2014-03-04 19:33 - 00060150 _____ () C:\Users\Chaoyi\Downloads\polr-0.15-RC1.zip

2014-03-04 19:00 - 2014-03-04 19:00 - 44275037 _____ (Igor Pavlov) C:\Users\Chaoyi\Downloads\DevKit-mingw64-64-4.7.2-20130224-1432-sfx.exe

2014-03-04 18:52 - 2014-03-04 18:52 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Sublime Text 2

2014-03-04 18:50 - 2014-03-04 18:50 - 06513608 _____ ( ) C:\Users\Chaoyi\Downloads\Sublime Text 2.0.2 x64 Setup.exe

2014-03-03 10:53 - 2014-03-03 10:53 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Composer

2014-03-03 10:53 - 2014-03-03 10:53 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Composer

2014-03-03 09:28 - 2014-03-03 09:28 - 00000000 ____D () C:\Users\Chaoyi\Desktop\ircii

2014-03-03 09:21 - 2014-03-03 09:21 - 00002713 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-03-03 09:21 - 2014-03-03 09:21 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-03 09:21 - 2014-03-03 09:21 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Skype

2014-03-01 09:40 - 2014-03-01 09:40 - 00000000 ____D () C:\Users\Chaoyi\Downloads\eclipse-standard-luna-M5-win32-x86_64

2014-03-01 09:32 - 2014-03-01 09:34 - 212358569 _____ () C:\Users\Chaoyi\Downloads\eclipse-standard-luna-M5-win32-x86_64.zip

2014-03-01 09:24 - 2014-03-01 09:24 - 02433949 _____ () C:\Users\Chaoyi\Downloads\External_Python (1).zip

2014-03-01 08:57 - 2014-03-12 21:40 - 00020282 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat

2014-03-01 08:57 - 2014-03-01 08:57 - 05509039 _____ ( ) C:\Users\Chaoyi\Downloads\BluelineFull.exe

2014-03-01 08:57 - 2014-03-01 08:57 - 00000000 ___HD () C:\VTRoot

2014-02-28 21:34 - 2014-02-28 21:34 - 02433949 _____ () C:\Users\Chaoyi\Downloads\External_Python.zip

2014-02-26 22:35 - 2014-03-01 10:08 - 00000718 _____ () C:\Users\Public\Desktop\Cygwin64 Terminal.lnk

2014-02-26 21:09 - 2014-02-28 19:38 - 00000968 _____ () C:\Users\Chaoyi\Downloads\setup.log

2014-02-26 21:09 - 2014-02-28 19:38 - 00000242 _____ () C:\Users\Chaoyi\Downloads\setup.log.full

2014-02-26 21:08 - 2014-02-26 21:08 - 00778752 _____ () C:\Users\Chaoyi\Downloads\setup-x86_64.exe

2014-02-23 21:24 - 2014-02-23 21:24 - 00000000 ____D () C:\Users\Jun\AppData\Roaming\Malwarebytes

2014-02-18 16:37 - 2014-02-18 16:37 - 00003633 _____ () C:\Users\Chaoyi\Downloads\LCPDFR 1.0 Taser Data Files (1).zip

2014-02-17 20:53 - 2014-02-17 20:53 - 00514013 _____ () C:\Users\Chaoyi\Downloads\NhYC.txt

2014-02-17 17:58 - 2014-02-17 17:58 - 04714971 _____ () C:\Users\Chaoyi\Downloads\dfsetup217.zip

2014-02-17 16:59 - 2014-02-17 16:59 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe

2014-02-17 16:59 - 2014-02-17 16:59 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe

2014-02-17 16:59 - 2014-02-17 16:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe

2014-02-17 16:59 - 2014-02-17 16:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll

2014-02-17 16:56 - 2010-06-02 05:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll

2014-02-17 16:56 - 2010-06-02 05:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll

2014-02-17 16:56 - 2010-05-26 12:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll

2014-02-17 16:56 - 2010-05-26 12:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll

 

(still too long, posting in another post)
Link to post
Share on other sites

2014-02-17 16:56 - 2010-05-26 12:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll

2014-02-17 16:56 - 2010-02-04 11:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll

2014-02-17 16:56 - 2010-02-04 11:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll

2014-02-17 16:56 - 2010-02-04 11:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll

2014-02-17 16:56 - 2010-02-04 11:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll

2014-02-17 16:56 - 2010-02-04 11:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll

2014-02-17 16:56 - 2010-02-04 11:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll

2014-02-17 16:56 - 2010-02-04 11:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll

2014-02-17 16:56 - 2010-02-04 11:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll

2014-02-17 16:56 - 2009-09-04 18:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll

2014-02-17 16:56 - 2009-09-04 18:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll

2014-02-17 16:56 - 2009-09-04 18:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll

2014-02-17 16:56 - 2009-09-04 18:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll

2014-02-17 16:56 - 2009-09-04 18:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll

2014-02-17 16:56 - 2009-09-04 18:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll

2014-02-17 16:56 - 2009-09-04 18:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll

2014-02-17 16:56 - 2009-09-04 18:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll

2014-02-17 16:56 - 2009-09-04 18:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll

2014-02-17 16:56 - 2009-09-04 18:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll

2014-02-17 16:56 - 2009-09-04 18:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll

2014-02-17 16:56 - 2009-09-04 18:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll

2014-02-17 16:56 - 2009-09-04 18:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll

2014-02-17 16:56 - 2009-09-04 18:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll

2014-02-17 16:56 - 2009-03-16 15:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll

2014-02-17 16:56 - 2009-03-16 15:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll

2014-02-17 16:56 - 2009-03-16 15:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll

2014-02-17 16:56 - 2009-03-16 15:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll

2014-02-17 16:56 - 2009-03-16 15:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll

2014-02-17 16:56 - 2009-03-16 15:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll

2014-02-17 16:56 - 2009-03-09 16:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll

2014-02-17 16:56 - 2009-03-09 16:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll

2014-02-17 16:56 - 2009-03-09 16:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll

2014-02-17 16:56 - 2009-03-09 16:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll

2014-02-17 16:56 - 2008-10-27 11:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll

2014-02-17 16:56 - 2008-10-27 11:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll

2014-02-17 16:56 - 2008-10-27 11:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll

2014-02-17 16:56 - 2008-10-27 11:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll

2014-02-17 16:56 - 2008-10-27 11:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll

2014-02-17 16:56 - 2008-10-27 11:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll

2014-02-17 16:56 - 2008-10-27 11:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll

2014-02-17 16:56 - 2008-10-27 11:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll

2014-02-17 16:56 - 2008-10-10 05:52 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll

2014-02-17 16:56 - 2008-10-10 05:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll

2014-02-17 16:56 - 2008-10-10 05:52 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll

2014-02-17 16:56 - 2008-10-10 05:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll

2014-02-17 16:56 - 2008-10-10 05:52 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll

2014-02-17 16:56 - 2008-10-10 05:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll

2014-02-17 16:56 - 2008-07-31 11:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll

2014-02-17 16:56 - 2008-07-31 11:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll

2014-02-17 16:56 - 2008-07-31 11:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll

2014-02-17 16:56 - 2008-07-31 11:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll

2014-02-17 16:56 - 2008-07-31 11:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll

2014-02-17 16:56 - 2008-07-31 11:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll

2014-02-17 16:56 - 2008-07-10 12:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll

2014-02-17 16:56 - 2008-07-10 12:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll

2014-02-17 16:56 - 2008-07-10 12:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll

2014-02-17 16:56 - 2008-07-10 12:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll

2014-02-17 16:56 - 2008-07-10 12:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll

2014-02-17 16:56 - 2008-07-10 12:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll

2014-02-17 16:55 - 2014-02-17 16:56 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx

2014-02-17 16:54 - 2014-02-17 16:54 - 00292184 _____ (Microsoft Corporation) C:\Users\Chaoyi\Downloads\dxwebsetup.exe

2014-02-17 16:53 - 2014-02-17 16:54 - 01005302 _____ () C:\Users\Chaoyi\Downloads\d3dx9_24.zip

2014-02-17 16:29 - 2014-03-11 20:57 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Deployment

2014-02-16 21:43 - 2014-02-16 21:43 - 00000549 _____ () C:\Users\Chaoyi\Downloads\OpenWithNotepad.zip

2014-02-16 21:04 - 2014-02-16 21:04 - 00000000 ____D () C:\Program Files\Classic Shell

2014-02-16 21:02 - 2014-02-16 21:02 - 05631168 _____ (IvoSoft) C:\Users\Chaoyi\Downloads\ClassicShellSetup_4_0_4.exe

2014-02-16 17:51 - 2014-02-16 17:51 - 00001453 _____ () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-02-16 17:51 - 2014-02-16 17:51 - 00000020 ___SH () C:\Users\Jun\ntuser.ini

2014-02-16 14:35 - 2014-02-16 14:35 - 00000000 __SHD () C:\Recovery

2014-02-16 14:35 - 2014-02-16 12:02 - 00000000 ___DC () C:\WINDOWS\Panther

2014-02-16 14:34 - 2014-02-16 14:34 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll

2014-02-16 14:34 - 2014-02-16 14:34 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-02-16 14:34 - 2014-02-16 14:34 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-02-16 14:34 - 2014-02-16 14:34 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe

2014-02-16 14:33 - 2014-02-16 14:33 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe

2014-02-16 14:33 - 2014-02-16 14:33 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe

2014-02-16 14:32 - 2014-02-16 14:32 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2014-02-16 14:32 - 2014-02-16 14:32 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2014-02-16 14:32 - 2014-02-16 14:32 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-02-16 14:32 - 2014-02-16 14:32 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-02-16 14:32 - 2014-02-16 14:32 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe

2014-02-16 14:32 - 2014-02-16 14:32 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-02-16 14:32 - 2014-02-16 14:32 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe

2014-02-16 14:32 - 2014-02-16 14:32 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-02-16 14:32 - 2014-02-16 14:32 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-02-16 14:30 - 2014-02-16 14:30 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms

2014-02-16 14:30 - 2014-02-16 14:30 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms

2014-02-16 14:29 - 2014-02-16 14:29 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2014-02-16 14:29 - 2014-02-16 14:29 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2014-02-16 14:29 - 2014-02-16 14:29 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2014-02-16 14:29 - 2014-02-16 14:29 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2014-02-16 14:29 - 2014-02-16 14:29 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys

2014-02-16 14:29 - 2014-02-16 14:29 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

2014-02-16 14:29 - 2014-02-16 14:29 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys

2014-02-16 14:28 - 2014-02-16 14:28 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2014-02-16 14:28 - 2014-02-16 14:28 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2014-02-16 14:27 - 2014-02-16 14:27 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe

2014-02-16 14:27 - 2014-02-16 14:27 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2014-02-16 14:27 - 2014-02-16 14:27 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2014-02-16 14:27 - 2014-02-16 14:27 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe

2014-02-16 14:27 - 2014-02-16 14:27 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2014-02-16 14:27 - 2014-02-16 14:27 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2014-02-16 14:27 - 2014-02-16 14:27 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2014-02-16 14:27 - 2014-02-16 14:27 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2014-02-16 14:27 - 2014-02-16 14:27 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys

2014-02-16 14:27 - 2014-02-16 14:27 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

2014-02-16 14:27 - 2014-02-16 14:27 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys

2014-02-16 14:27 - 2014-02-16 14:27 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll

2014-02-16 14:26 - 2014-02-16 14:26 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff

2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files\Reference Assemblies

2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files\MSBuild

2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies

2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files (x86)\MSBuild

2014-02-16 14:25 - 2012-07-23 13:35 - 00079528 ____R (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amd_sata.sys

2014-02-16 14:25 - 2012-07-23 13:35 - 00026280 ____R (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amd_xata.sys

2014-02-16 14:24 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll

2014-02-16 14:24 - 2013-08-03 00:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2014-02-16 14:24 - 2013-08-03 00:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2014-02-16 14:24 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll

2014-02-16 14:24 - 2013-08-03 00:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2014-02-16 14:24 - 2013-08-03 00:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

2014-02-16 12:04 - 2014-03-14 15:15 - 00000000 __RDO () C:\Users\Chaoyi\SkyDrive

2014-02-16 12:02 - 2014-02-16 12:02 - 00001453 _____ () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-02-16 12:02 - 2014-02-16 12:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-02-16 12:02 - 2014-02-16 12:02 - 00000020 ___SH () C:\Users\Chaoyi\ntuser.ini

2014-02-16 11:57 - 2014-03-14 16:33 - 01743547 _____ () C:\WINDOWS\WindowsUpdate.log

2014-02-16 11:56 - 2014-02-16 11:56 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat

2014-02-16 11:45 - 2014-02-16 11:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help

2014-02-16 11:45 - 2014-02-16 11:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help

2014-02-16 11:42 - 2014-02-16 11:42 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate

2014-02-16 11:40 - 2014-03-12 15:46 - 00000000 ____D () C:\Users\Chaoyi

2014-02-16 11:40 - 2014-02-16 17:51 - 00000000 ____D () C:\Users\Jun

2014-02-16 11:40 - 2014-02-16 11:56 - 00036198 _____ () C:\WINDOWS\diagwrn.xml

2014-02-16 11:40 - 2014-02-16 11:56 - 00036198 _____ () C:\WINDOWS\diagerr.xml

2014-02-16 11:40 - 2014-02-16 11:41 - 00000000 ___RD () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-02-16 11:40 - 2014-02-16 11:41 - 00000000 ___RD () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-02-16 11:40 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-02-16 11:40 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-02-16 11:40 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-02-16 11:40 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-02-16 11:40 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-02-16 11:40 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM

2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\Realtek

2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies

2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\ASUS

2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\AMD

2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 _____ () C:\WINDOWS\ativpsrm.bin

2014-02-16 10:34 - 2014-02-16 11:56 - 00006670 _____ () C:\WINDOWS\comsetup.log

2014-02-14 13:55 - 2014-02-14 13:57 - 11990847 _____ () C:\Users\Chaoyi\Downloads\sa-mp-0.3z-R1-install.exe

 

==================== One Month Modified Files and Folders =======

 

2014-03-14 17:44 - 2014-03-14 17:43 - 00018539 _____ () C:\Users\Chaoyi\Downloads\FRST.txt

2014-03-14 17:43 - 2014-03-14 17:42 - 00000000 ____D () C:\FRST

2014-03-14 17:41 - 2014-03-14 17:41 - 02157056 _____ (Farbar) C:\Users\Chaoyi\Downloads\FRST64.exe

2014-03-14 17:40 - 2014-03-14 17:40 - 00036923 _____ () C:\Users\Chaoyi\Desktop\CheckResults.txt

2014-03-14 17:38 - 2014-03-14 17:38 - 00688992 _____ (Swearware) C:\Users\Chaoyi\Downloads\dds.com

2014-03-14 17:38 - 2014-03-14 17:38 - 00353352 _____ (Malwarebytes Corporation) C:\Users\Chaoyi\Downloads\mbam-check-2.0.0.1000.exe

2014-03-14 17:37 - 2014-03-14 17:37 - 00688992 _____ (Swearware) C:\Users\Chaoyi\Downloads\dds.scr

2014-03-14 17:37 - 2014-01-01 12:53 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Skype

2014-03-14 17:34 - 2014-01-01 01:18 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-14 17:22 - 2014-01-02 19:23 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2003096260-2618070249-4292722047-1002UA.job

2014-03-14 17:19 - 2014-01-01 13:13 - 00000000 ____D () C:\Users\Chaoyi\.VirtualBox

2014-03-14 17:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-03-14 16:53 - 2014-01-01 13:19 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\.minecraft

2014-03-14 16:33 - 2014-02-16 11:57 - 01743547 _____ () C:\WINDOWS\WindowsUpdate.log

2014-03-14 15:56 - 2014-01-03 19:01 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\ClassicShell

2014-03-14 15:39 - 2013-12-30 19:54 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2003096260-2618070249-4292722047-1002

2014-03-14 15:34 - 2014-01-01 01:19 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-03-14 15:34 - 2014-01-01 01:18 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-14 15:22 - 2014-01-02 19:23 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2003096260-2618070249-4292722047-1002Core.job

2014-03-14 15:15 - 2014-02-16 12:04 - 00000000 __RDO () C:\Users\Chaoyi\SkyDrive

2014-03-13 19:07 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-03-13 18:22 - 2014-01-02 22:00 - 00000600 _____ () C:\Users\Chaoyi\AppData\Roaming\winscp.rnd

2014-03-13 17:40 - 2014-03-13 17:39 - 00017375 _____ () C:\Users\Chaoyi\Downloads\mod-spamhaus-0.7.tar.gz

2014-03-13 15:58 - 2014-01-10 17:19 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\FileZilla

2014-03-12 21:46 - 2013-11-14 03:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-03-12 21:42 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-03-12 21:42 - 2013-08-22 10:44 - 00476560 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-03-12 21:41 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2014-03-12 21:40 - 2014-03-01 08:57 - 00020282 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat

2014-03-12 21:38 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-12 21:38 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-12 21:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-03-12 21:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-03-12 17:34 - 2014-02-03 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-03-12 17:31 - 2014-03-12 17:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-12 17:31 - 2014-03-12 17:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-12 15:46 - 2014-03-12 15:46 - 00000000 ____D () C:\Users\Chaoyi\pip

2014-03-12 15:46 - 2014-02-16 11:40 - 00000000 ____D () C:\Users\Chaoyi

2014-03-12 15:43 - 2014-03-12 15:43 - 00840846 _____ () C:\Users\Chaoyi\setuptools-3.1.zip

2014-03-12 15:42 - 2014-03-12 15:42 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\.distlib

2014-03-12 15:42 - 2014-03-09 09:52 - 00000000 ____D () C:\Python27

2014-03-11 21:41 - 2014-01-02 22:37 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\vlc

2014-03-11 21:41 - 2014-01-01 23:43 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\GitHub

2014-03-11 21:39 - 2014-01-01 23:43 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\GitHub

2014-03-11 21:32 - 2014-01-03 14:37 - 00000000 ____D () C:\Users\Chaoyi\.idlerc

2014-03-11 20:57 - 2014-02-17 16:29 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Deployment

2014-03-11 16:43 - 2014-01-01 21:06 - 00000000 ____D () C:\Users\Chaoyi\node_modules

2014-03-11 16:43 - 2014-01-01 21:06 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\npm-cache

2014-03-11 15:17 - 2014-01-25 08:48 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Mozilla

2014-03-10 23:08 - 2014-01-04 05:19 - 00000000 ____D () C:\Users\Jun\AppData\Roaming\ClassicShell

2014-03-10 22:43 - 2013-12-31 18:29 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2003096260-2618070249-4292722047-1003

2014-03-10 17:41 - 2013-08-22 10:46 - 00328269 _____ () C:\WINDOWS\setupact.log

2014-03-08 08:16 - 2014-01-01 13:47 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat

2014-03-07 17:51 - 2014-03-07 17:51 - 04822473 _____ (Tim Kosse) C:\Users\Chaoyi\Downloads\FileZilla_3.7.4.1_win32-setup.exe

2014-03-07 14:25 - 2014-03-07 14:25 - 06468040 _____ () C:\Users\Chaoyi\Downloads\The_New_Bitdefender_SPT.exe

2014-03-07 14:25 - 2014-03-07 14:25 - 00000000 ____D () C:\ProgramData\Dumps

2014-03-06 16:54 - 2014-03-06 16:54 - 00201226 _____ () C:\ProgramData\1394137572.bdinstall.bin

2014-03-06 16:51 - 2014-03-06 16:50 - 00002842 _____ () C:\WINDOWS\system32\lic2.xml16654

2014-03-06 16:50 - 2014-03-06 16:48 - 00000000 ____D () C:\Program Files\Bitdefender

2014-03-06 16:48 - 2014-03-06 16:26 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\QuickScan

2014-03-06 16:26 - 2014-03-06 16:26 - 10447328 _____ () C:\Users\Chaoyi\Downloads\Antivirus_Free_Edition_x64.exe

2014-03-06 16:25 - 2014-03-06 16:25 - 00162208 _____ () C:\Users\Chaoyi\Downloads\Antivirus_Free_Edition.exe

2014-03-04 19:33 - 2014-03-04 19:33 - 00060150 _____ () C:\Users\Chaoyi\Downloads\polr-0.15-RC1.zip

2014-03-04 19:00 - 2014-03-04 19:00 - 44275037 _____ (Igor Pavlov) C:\Users\Chaoyi\Downloads\DevKit-mingw64-64-4.7.2-20130224-1432-sfx.exe

2014-03-04 18:53 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-03-04 18:53 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-04 18:52 - 2014-03-04 18:52 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Sublime Text 2

2014-03-04 18:50 - 2014-03-04 18:50 - 06513608 _____ ( ) C:\Users\Chaoyi\Downloads\Sublime Text 2.0.2 x64 Setup.exe

2014-03-03 15:25 - 2014-01-08 18:29 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\TS3Client

2014-03-03 10:53 - 2014-03-03 10:53 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Composer

2014-03-03 10:53 - 2014-03-03 10:53 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Composer

2014-03-03 09:28 - 2014-03-03 09:28 - 00000000 ____D () C:\Users\Chaoyi\Desktop\ircii

2014-03-03 09:21 - 2014-03-03 09:21 - 00002713 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-03-03 09:21 - 2014-03-03 09:21 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-03-03 09:21 - 2014-03-03 09:21 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Skype

2014-03-03 09:21 - 2014-01-01 12:53 - 00000000 ____D () C:\ProgramData\Skype

2014-03-01 10:08 - 2014-02-26 22:35 - 00000718 _____ () C:\Users\Public\Desktop\Cygwin64 Terminal.lnk

2014-03-01 09:40 - 2014-03-01 09:40 - 00000000 ____D () C:\Users\Chaoyi\Downloads\eclipse-standard-luna-M5-win32-x86_64

2014-03-01 09:34 - 2014-03-01 09:32 - 212358569 _____ () C:\Users\Chaoyi\Downloads\eclipse-standard-luna-M5-win32-x86_64.zip

2014-03-01 09:24 - 2014-03-01 09:24 - 02433949 _____ () C:\Users\Chaoyi\Downloads\External_Python (1).zip

2014-03-01 08:57 - 2014-03-01 08:57 - 05509039 _____ ( ) C:\Users\Chaoyi\Downloads\BluelineFull.exe

2014-03-01 08:57 - 2014-03-01 08:57 - 00000000 ___HD () C:\VTRoot

2014-03-01 02:05 - 2014-03-12 16:36 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-03-01 00:58 - 2014-03-12 16:36 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-03-01 00:30 - 2014-03-12 16:36 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-03-01 00:17 - 2014-03-12 16:36 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-02-28 23:54 - 2014-03-12 16:36 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-02-28 23:47 - 2014-03-12 16:36 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-02-28 23:42 - 2014-03-12 16:36 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-02-28 23:18 - 2014-03-12 16:36 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-02-28 23:14 - 2014-03-12 16:36 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-02-28 23:10 - 2014-03-12 16:36 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-02-28 23:03 - 2014-03-12 16:36 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-02-28 22:57 - 2014-03-12 16:36 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-02-28 22:38 - 2014-03-12 16:36 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-02-28 22:32 - 2014-03-12 16:36 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-02-28 22:27 - 2014-03-12 16:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-02-28 22:25 - 2014-03-12 16:36 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-02-28 22:25 - 2014-03-12 16:36 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-02-28 21:34 - 2014-02-28 21:34 - 02433949 _____ () C:\Users\Chaoyi\Downloads\External_Python.zip

2014-02-28 19:38 - 2014-02-26 21:09 - 00000968 _____ () C:\Users\Chaoyi\Downloads\setup.log

2014-02-28 19:38 - 2014-02-26 21:09 - 00000242 _____ () C:\Users\Chaoyi\Downloads\setup.log.full

2014-02-26 21:08 - 2014-02-26 21:08 - 00778752 _____ () C:\Users\Chaoyi\Downloads\setup-x86_64.exe

2014-02-23 21:24 - 2014-02-23 21:24 - 00000000 ____D () C:\Users\Jun\AppData\Roaming\Malwarebytes

2014-02-23 18:32 - 2013-12-30 19:42 - 00000000 ____D () C:\Users\Chaoyi\AppData\Local\Packages

2014-02-21 20:48 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-02-18 16:37 - 2014-02-18 16:37 - 00003633 _____ () C:\Users\Chaoyi\Downloads\LCPDFR 1.0 Taser Data Files (1).zip

2014-02-17 20:53 - 2014-02-17 20:53 - 00514013 _____ () C:\Users\Chaoyi\Downloads\NhYC.txt

2014-02-17 17:58 - 2014-02-17 17:58 - 04714971 _____ () C:\Users\Chaoyi\Downloads\dfsetup217.zip

2014-02-17 16:59 - 2014-02-17 16:59 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe

2014-02-17 16:59 - 2014-02-17 16:59 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe

2014-02-17 16:59 - 2014-02-17 16:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe

2014-02-17 16:59 - 2014-02-17 16:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll

2014-02-17 16:59 - 2014-02-17 16:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll

2014-02-17 16:56 - 2014-02-17 16:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx

2014-02-17 16:54 - 2014-02-17 16:54 - 00292184 _____ (Microsoft Corporation) C:\Users\Chaoyi\Downloads\dxwebsetup.exe

2014-02-17 16:54 - 2014-02-17 16:53 - 01005302 _____ () C:\Users\Chaoyi\Downloads\d3dx9_24.zip

2014-02-16 21:43 - 2014-02-16 21:43 - 00000549 _____ () C:\Users\Chaoyi\Downloads\OpenWithNotepad.zip

2014-02-16 21:04 - 2014-02-16 21:04 - 00000000 ____D () C:\Program Files\Classic Shell

2014-02-16 21:03 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\restore

2014-02-16 21:02 - 2014-02-16 21:02 - 05631168 _____ (IvoSoft) C:\Users\Chaoyi\Downloads\ClassicShellSetup_4_0_4.exe

2014-02-16 17:52 - 2013-12-31 18:23 - 00000000 ____D () C:\Users\Jun\AppData\Local\Packages

2014-02-16 17:51 - 2014-02-16 17:51 - 00001453 _____ () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-02-16 17:51 - 2014-02-16 17:51 - 00000020 ___SH () C:\Users\Jun\ntuser.ini

2014-02-16 17:51 - 2014-02-16 11:40 - 00000000 ____D () C:\Users\Jun

2014-02-16 17:51 - 2013-12-31 18:23 - 00000000 ___RD () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-16 17:51 - 2013-12-31 18:23 - 00000000 ___RD () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-02-16 14:35 - 2014-02-16 14:35 - 00000000 __SHD () C:\Recovery

2014-02-16 14:34 - 2014-02-16 14:34 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll

2014-02-16 14:34 - 2014-02-16 14:34 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-02-16 14:34 - 2014-02-16 14:34 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-02-16 14:34 - 2014-02-16 14:34 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll

2014-02-16 14:34 - 2013-08-22 11:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template

2014-02-16 14:33 - 2014-02-16 14:33 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe

2014-02-16 14:33 - 2014-02-16 14:33 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll

2014-02-16 14:33 - 2014-02-16 14:33 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe

2014-02-16 14:33 - 2014-02-16 14:33 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe

2014-02-16 14:32 - 2014-02-16 14:32 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2014-02-16 14:32 - 2014-02-16 14:32 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2014-02-16 14:32 - 2014-02-16 14:32 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-02-16 14:32 - 2014-02-16 14:32 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-02-16 14:32 - 2014-02-16 14:32 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe

2014-02-16 14:32 - 2014-02-16 14:32 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-02-16 14:32 - 2014-02-16 14:32 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe

2014-02-16 14:32 - 2014-02-16 14:32 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-02-16 14:32 - 2014-02-16 14:32 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2014-02-16 14:32 - 2014-02-16 14:32 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll

2014-02-16 14:31 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-02-16 14:30 - 2014-02-16 14:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-02-16 14:30 - 2014-02-16 14:30 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll

2014-02-16 14:30 - 2014-02-16 14:30 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms

2014-02-16 14:30 - 2014-02-16 14:30 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms

2014-02-16 14:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

2014-02-16 14:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager

2014-02-16 14:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera

2014-02-16 14:29 - 2014-02-16 14:29 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2014-02-16 14:29 - 2014-02-16 14:29 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2014-02-16 14:29 - 2014-02-16 14:29 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2014-02-16 14:29 - 2014-02-16 14:29 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2014-02-16 14:29 - 2014-02-16 14:29 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys

2014-02-16 14:29 - 2014-02-16 14:29 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

2014-02-16 14:29 - 2014-02-16 14:29 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll

2014-02-16 14:29 - 2014-02-16 14:29 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys

2014-02-16 14:28 - 2014-02-16 14:28 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2014-02-16 14:28 - 2014-02-16 14:28 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2014-02-16 14:27 - 2014-02-16 14:27 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe

2014-02-16 14:27 - 2014-02-16 14:27 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2014-02-16 14:27 - 2014-02-16 14:27 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2014-02-16 14:27 - 2014-02-16 14:27 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe

2014-02-16 14:27 - 2014-02-16 14:27 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2014-02-16 14:27 - 2014-02-16 14:27 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2014-02-16 14:27 - 2014-02-16 14:27 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2014-02-16 14:27 - 2014-02-16 14:27 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2014-02-16 14:27 - 2014-02-16 14:27 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys

2014-02-16 14:27 - 2014-02-16 14:27 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

2014-02-16 14:27 - 2014-02-16 14:27 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys

2014-02-16 14:27 - 2014-02-16 14:27 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll

2014-02-16 14:27 - 2014-02-16 14:27 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll

2014-02-16 14:26 - 2014-02-16 14:26 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff

2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files\Reference Assemblies

2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files\MSBuild

2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies

2014-02-16 14:25 - 2014-02-16 14:25 - 00000000 ____D () C:\Program Files (x86)\MSBuild

2014-02-16 12:02 - 2014-02-16 14:35 - 00000000 ___DC () C:\WINDOWS\Panther

2014-02-16 12:02 - 2014-02-16 12:02 - 00001453 _____ () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-02-16 12:02 - 2014-02-16 12:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2014-02-16 12:02 - 2014-02-16 12:02 - 00000020 ___SH () C:\Users\Chaoyi\ntuser.ini

2014-02-16 12:02 - 2013-12-30 19:43 - 00000000 ___RD () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-16 12:02 - 2013-12-30 19:43 - 00000000 ___RD () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-02-16 11:56 - 2014-02-16 11:56 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat

2014-02-16 11:56 - 2014-02-16 11:40 - 00036198 _____ () C:\WINDOWS\diagwrn.xml

2014-02-16 11:56 - 2014-02-16 11:40 - 00036198 _____ () C:\WINDOWS\diagerr.xml

2014-02-16 11:56 - 2014-02-16 10:34 - 00006670 _____ () C:\WINDOWS\comsetup.log

2014-02-16 11:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Registration

2014-02-16 11:52 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media

2014-02-16 11:52 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries

2014-02-16 11:49 - 2014-01-13 20:18 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.0.0-p353-x64

2014-02-16 11:49 - 2014-01-08 18:28 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

2014-02-16 11:49 - 2014-01-05 14:35 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2

2014-02-16 11:49 - 2014-01-01 23:43 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc

2014-02-16 11:49 - 2013-12-30 20:41 - 00000000 ____D () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js

2014-02-16 11:49 - 2013-11-14 03:17 - 00000000 ____D () C:\WINDOWS\ShellNew

2014-02-16 11:49 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep

2014-02-16 11:49 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2014-02-16 11:49 - 2012-11-29 13:48 - 00000000 ____D () C:\WINDOWS\nl

2014-02-16 11:49 - 2012-11-29 13:47 - 00000000 ____D () C:\WINDOWS\it

2014-02-16 11:49 - 2012-11-29 13:47 - 00000000 ____D () C:\WINDOWS\fr

2014-02-16 11:49 - 2012-11-29 13:47 - 00000000 ____D () C:\WINDOWS\es

2014-02-16 11:49 - 2012-11-29 13:47 - 00000000 ____D () C:\WINDOWS\el

2014-02-16 11:49 - 2012-11-29 13:47 - 00000000 ____D () C:\WINDOWS\de

2014-02-16 11:49 - 2012-11-29 13:46 - 00000000 ____D () C:\WINDOWS\en

2014-02-16 11:49 - 2012-11-29 11:39 - 00000000 ____D () C:\WINDOWS\en-GB

2014-02-16 11:49 - 2012-11-29 11:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\OEM

2014-02-16 11:45 - 2014-02-16 11:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help

2014-02-16 11:45 - 2014-02-16 11:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help

2014-02-16 11:45 - 2013-08-22 11:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log

2014-02-16 11:45 - 2012-07-26 01:37 - 00000000 ____D () C:\Users\Default.migrated

2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm

2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN

2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep

2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr

2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts

2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\system32\winrm

2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\system32\WCN

2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\system32\slmgr

2014-02-16 11:44 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts

2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI

2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz

2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME

2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns

2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform

2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\spool

2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MUI

2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\IME

2014-02-16 11:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions

2014-02-16 11:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI

2014-02-16 11:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe

2014-02-16 11:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism

2014-02-16 11:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe

2014-02-16 11:44 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism

2014-02-16 11:44 - 2012-11-29 11:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer

2014-02-16 11:43 - 2013-11-14 03:17 - 00000000 ____D () C:\Program Files\Windows Journal

2014-02-16 11:43 - 2013-08-22 11:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker

2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar

2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar

2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME

2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Help

2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System

2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-02-16 11:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer

2014-02-16 11:43 - 2012-11-29 14:02 - 00000000 ____D () C:\ProgramData\PRICache

2014-02-16 11:42 - 2014-02-16 11:42 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate

2014-02-16 11:42 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery

2014-02-16 11:42 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy

2014-02-16 11:41 - 2014-02-16 11:40 - 00000000 ___RD () C:\Users\Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-02-16 11:41 - 2014-02-16 11:40 - 00000000 ___RD () C:\Users\Chaoyi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM

2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\Realtek

2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies

2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\ASUS

2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 ____D () C:\Program Files\AMD

2014-02-16 11:37 - 2014-02-16 11:37 - 00000000 _____ () C:\WINDOWS\ativpsrm.bin

2014-02-16 11:37 - 2014-01-19 09:32 - 00000000 ____D () C:\AMD

2014-02-16 11:36 - 2013-11-14 03:20 - 00000808 _____ () C:\WINDOWS\PFRO.log

2014-02-16 11:36 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default

2014-02-16 11:19 - 2013-01-18 01:32 - 01916949 _____ () C:\WINDOWS\WindowsUpdate (1).log

2014-02-16 10:03 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent

2014-02-15 08:30 - 2014-01-01 03:07 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-02-15 08:29 - 2014-01-01 03:07 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-02-14 19:27 - 2014-01-01 13:50 - 00000000 ____D () C:\Users\Chaoyi\VirtualBox VMs

2014-02-14 13:57 - 2014-02-14 13:55 - 11990847 _____ () C:\Users\Chaoyi\Downloads\sa-mp-0.3z-R1-install.exe

2014-02-12 16:29 - 2014-01-01 01:18 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-12 16:29 - 2014-01-01 01:18 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys

[2014-03-12 16:35] - [2014-01-31 12:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02

 

 

 

LastRegBack: 2014-03-13 18:49

 

==================== End Of Log ============================

Link to post
Share on other sites

I tried BitDefender Free for a brief moment in time.  

 

  1. In the free product, the only way you can add exclusions is when a file is actually tagged as PUP / Malicious.  There are no other settings that allow for setting exclusions, like setting exclusions for other AV / AM / AS software.
  2. It gave me fits as well, marking things I knew were perfectly fine as not being so, so I reverted to using MSE along with MBAM, MBAR, MBAE and WinPatrol as my methods of safety, plus browser extensions like WoT (all browsers), NoScript (firefox), and Ghostery (all browsers).
Link to post
Share on other sites

  • Root Admin
  • In the free product, the only way you can add exclusions is when a file is actually tagged as PUP / Malicious.  There are no other settings that allow for setting exclusions, like setting exclusions for other AV / AM / AS software.

That alone is reason enough for me to not use Bitdefender. It can and will potentially delete valid files and you have no say so over it.

You can try the MBAM clean removal and reinstall procedure and see if that helps or not.

MBAM Clean Removal Process

Link to post
Share on other sites

When I was using it, I never saw any listings in the logs themselves (TBH, never actually looked now that I think about it), but the fact that I could not manually assign exclusions for things like all the NirSoft apps and Sysinternals Apps I had until BD scanned the relevant directories and informed me of PUPs (mostly hacktools, which a lot of NirSoft tools are hack tools - but ones that I know and use), much less for any other AV/AS/AE/AM software, turned me off to using it within a few days.

Link to post
Share on other sites

  • Root Admin

Well the logs show you still appear to have Comodo installed or at least part of it which itself could cause issues.

You also have the following errors in the Event Logs which could be due to conflict from one of the AV products maybe.

I'd recommend a clean removal of all the security products and using a manual removal tool if needed.

List of Uninstaller Tools

https://forums.malwarebytes.org/index.php?showtopic=127580

System errors:=============Error: (03/14/2014 03:18:59 PM) (Source: DCOM) (User: NT AUTHORITY)Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailableError: (03/13/2014 07:04:07 PM) (Source: Service Control Manager) (User: )Description: The Windows Store Service (WSService) service failed to start due to the following error: %%1053Error: (03/13/2014 07:04:07 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Store Service (WSService) service to connect.Error: (03/13/2014 07:03:34 PM) (Source: Service Control Manager) (User: )Description: The Windows Store Service (WSService) service failed to start due to the following error: %%1053Error: (03/13/2014 07:03:34 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Store Service (WSService) service to connect.Error: (03/13/2014 07:00:40 PM) (Source: Service Control Manager) (User: )Description: The COMODO Internet Security Helper Service service terminated unexpectedly.  It has done this 1 time(s).Error: (03/13/2014 06:50:29 PM) (Source: Service Control Manager) (User: )Description: The Windows Store Service (WSService) service failed to start due to the following error: %%1053Error: (03/13/2014 06:50:29 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Store Service (WSService) service to connect.Error: (03/13/2014 06:49:58 PM) (Source: Service Control Manager) (User: )Description: The Windows Store Service (WSService) service failed to start due to the following error: %%1053Error: (03/13/2014 06:49:58 PM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Store Service (WSService) service to connect.Microsoft Office Sessions:=========================Error: (03/13/2014 03:50:50 PM) (Source: Application Error)(User: )Description: gta_sa.exe0.0.0.0437101caunknown0.0.0.000000000c0000005043107c815cc01cf3ef337b5f0aeD:\Chaoyi\gtasa\GTA\gta_sa.exeunknownc704e76e-aae8-11e3-be8b-60a44c23bf3bError: (03/11/2014 03:43:41 PM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewallError: (03/11/2014 03:16:58 PM) (Source: Microsoft-Windows-RestartManager)(User: ONYX)Description: 5C:\Program Files (x86)\Google\Chrome\Application\chrome.exeGoogle Chrome0251741400Error: (03/10/2014 09:11:45 PM) (Source: Application Hang)(User: )Description: Skype.exe6.14.0.104193c01cf3c99382db3ef4294967295C:\Program Files (x86)\Skype\Phone\Skype.exe1854272d-a8ba-11e3-be8a-60a44c23bf3bError: (03/10/2014 04:04:55 PM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewallError: (03/09/2014 10:28:47 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ONYX)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141Error: (03/09/2014 06:36:59 PM) (Source: Application Error)(User: )Description: SoundRec.exe6.3.9600.163845216317etwinapi.appcore.dll6.3.9600.163845215d806c000027b0000000000056960156401cf3be79d718e77C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_6.3.9600.16384_x64__8wekyb3d8bbwe\SoundRec.exeC:\WINDOWS\SYSTEM32\twinapi.appcore.dll536312b8-a7db-11e3-be8a-60a44c23bf3bMicrosoft.WindowsSoundRecorder_6.3.9600.16384_x64__8wekyb3d8bbweAppError: (03/08/2014 09:06:57 AM) (Source: Application Error)(User: )Description: LaunchGTAIV.exe0.1.0.300000000unknown0.0.0.000000000c00000fd751904f8124c01cf3acf48feff06D:\Chaoyi\GTA IV\Grand Theft Auto IV - Backup\LaunchGTAIV.exeunknown86fe7dd9-a6c2-11e3-be8a-60a44c23bf3bError: (03/08/2014 09:05:04 AM) (Source: Application Error)(User: )Description: LaunchGTAIV.exe0.1.0.300000000unknown0.0.0.000000000c00000fd751904f810e401cf3acf049c01afD:\Chaoyi\GTA IV\Grand Theft Auto IV - Backup\LaunchGTAIV.exeunknown432efc9d-a6c2-11e3-be8a-60a44c23bf3bError: (03/08/2014 09:01:24 AM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewall
Link to post
Share on other sites

  • Root Admin

I use Bitdefender free and malwarebytes on windows 7 64 bit PC's and not 1 issue for the last 2 + years so its the comodo firewall that is your issue not the Bitdefender or malwarebytes as I use those w/windows firewall and all work perfect..hope this helps u

 

The user has Windows 8.1 which is a lot different than Windows 7 that you have.

Link to post
Share on other sites

  • Root Admin

Wow! I have been using Bitdefender for awhile (until I shortly tried ESET) but I never had any issues like that whatsoever. And if It does delete files you can restore them.

 

But why would you even want to have to deal with that.  Just a cheap ploy or something for users that don't know better.  Up to you but I find that sort of software usless.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.