Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with RunDLL


  • This topic is locked This topic is locked
21 replies to this topic

#1 baux

baux

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 02 September 2014 - 01:51 AM

Hi,

 

Whenever I try to open picture of video files on my computer I get the "this specified module could not be found " error. In addition some other programs such as VMWare when i try to open them will show the error the specified path does not exist, please try again. 

 

DDS is apparently not compatible with windows 8.1 so I am unable to post a log. Sorry I couldn't be more helpful.

 

Any help would be greatly appreciated.

 

Thanks,

Baux



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 02 September 2014 - 05:06 AM

Hi,

"this specified module could not be found"
the specified path does not exist,

Are there any details shown what module can not be found and which path does not exist?

Please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 baux

baux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 02 September 2014 - 09:30 AM

Hi, Thanks for the speedy response. I definitely appreciate it. 

 

The module error shows up with the header RunDLL "There was a problem starting D:\ProgramFiles\windowsPhotoViewer\PhotoViewerdll" the specified module could not be found. 

 

The other error I've been getting shows up as "D:\Program Files (x86)\VMware\VMware PLayer\vmplayer.exe the specified path does not exist. Check this path and try again. "

 

 

Here is the FRST.txt

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Hongbo (administrator) on ELSA on 02-09-2014 09:25:15
Running from D:\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\MSITrigger\VGA Boost\VGA Boost.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-08] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [1047536 2013-11-12] (MSI)
HKU\S-1-5-21-2637659435-3774164901-2528715933-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2637659435-3774164901-2528715933-1001\...\Run: [Spotify Web Helper] => C:\Users\Hongbo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-30] (Spotify Ltd)
HKU\S-1-5-21-2637659435-3774164901-2528715933-1001\...\Run: [Spotify] => C:\Users\Hongbo\AppData\Roaming\Spotify\spotify.exe [6621752 2014-08-30] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{7364C716-1212-4EAE-B0C9-A31D1E797BF8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBFFD40016AC4CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN", "hxxp://google.com/", "hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=b7bac47e-9053-4765-a7cc-9f79fe58160b&searchtype=hp"
CHR DefaultSearchKeyword: Default -> 8AEB9F1D582191B2956146B05AA9A31A021285EDA60718A4A0C79DBA2E86BE00
CHR DefaultSearchURL: Default -> C0D985F540268F50D6AB78EC5F62532F357B1EE3F805E3B766909748C427347E
CHR Profile: C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-30]
CHR Extension: (Entanglement Web App) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-08-30]
CHR Extension: (Google Docs) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-30]
CHR Extension: (Google Drive) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-30]
CHR Extension: (YouTube) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-30]
CHR Extension: (Adblock Plus) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-30]
CHR Extension: (Google Search) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-30]
CHR Extension: (Google Sheets) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-30]
CHR Extension: (Readium) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-08-31]
CHR Extension: (AdBlock) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-30]
CHR Extension: (Poppit!) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-30]
CHR Extension: (Google Wallet) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-30]
CHR Extension: (Gmail) - C:\Users\Hongbo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-30]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-09-09] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-08] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-01-22] (Qualcomm Atheros) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [80592 2013-11-08] (Qualcomm Atheros, Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RTL8187B; C:\Windows\system32\DRIVERS\rtl8187B.sys [459336 2013-06-18] (Realtek Semiconductor Corporation                           )
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 01:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-02 01:04 - 2014-09-02 01:05 - 00000000 ____D () C:\AdwCleaner
2014-09-02 01:04 - 2014-09-02 01:04 - 00000000 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 01:03 - 2014-09-02 01:03 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-02 01:03 - 2014-09-02 01:03 - 00000709 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-02 01:03 - 2014-09-02 01:03 - 00000000 ____D () D:\Program Files\CCleaner
2014-09-02 01:03 - 2014-09-02 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 00:54 - 2014-09-02 00:54 - 00000000 ____D () C:\Windows\ERUNT
2014-09-02 00:53 - 2014-09-02 09:25 - 00000000 ____D () C:\FRST
2014-09-02 00:46 - 2014-09-02 09:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 00:46 - 2014-09-02 00:46 - 00000786 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-02 00:46 - 2014-09-02 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-02 00:45 - 2014-09-02 00:46 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2014-09-02 00:45 - 2014-09-02 00:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 00:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-02 00:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-02 00:35 - 2014-09-02 00:35 - 00000000 ____D () C:\SUPERDelete
2014-09-02 00:34 - 2014-09-02 01:07 - 00000000 ____D () D:\Program Files\SUPERAntiSpyware
2014-09-02 00:30 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-02 00:29 - 2014-01-19 02:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-02 00:23 - 2014-09-02 09:22 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2637659435-3774164901-2528715933-1001
2014-09-02 00:21 - 2014-09-02 00:21 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-02 00:17 - 2014-08-01 19:17 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 00:17 - 2014-08-01 19:17 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-02 00:14 - 2014-09-02 00:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-02 00:14 - 2014-09-02 00:14 - 00000000 ____D () D:\Program Files\Windows Journal
2014-09-02 00:14 - 2014-09-02 00:14 - 00000000 ____D () D:\Program Files\Windows Defender
2014-09-02 00:14 - 2014-09-02 00:14 - 00000000 ____D () D:\Program Files (x86)\Windows Defender
2014-09-02 00:03 - 2014-09-02 00:03 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\PeaZip
2014-09-01 20:44 - 2014-09-01 20:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-01 20:44 - 2014-07-31 23:41 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-01 20:41 - 2014-04-13 22:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-09-01 18:35 - 2014-05-29 22:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-01 18:35 - 2014-03-19 19:48 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\ReInfo.dll
2014-09-01 18:35 - 2014-03-19 18:39 - 00800256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-09-01 18:35 - 2014-03-19 18:36 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReInfo.dll
2014-09-01 18:35 - 2014-03-08 02:47 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2014-09-01 18:35 - 2014-03-08 02:12 - 01816576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-09-01 18:35 - 2014-03-08 02:04 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2014-09-01 18:35 - 2014-03-08 01:40 - 00139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2014-09-01 18:35 - 2014-03-08 01:30 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2014-09-01 18:35 - 2014-03-06 07:51 - 00488280 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-09-01 18:35 - 2014-03-06 06:19 - 00390488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2014-09-01 18:35 - 2014-03-06 01:23 - 02270208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-09-01 18:35 - 2014-03-06 01:23 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2014-09-01 18:35 - 2014-03-04 06:10 - 00355832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-09-01 18:35 - 2014-03-04 02:00 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2014-09-01 18:35 - 2014-03-04 01:32 - 00356864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2014-09-01 18:34 - 2014-03-19 23:19 - 01291200 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-09-01 18:34 - 2014-03-19 22:41 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-01 18:34 - 2014-03-19 22:41 - 00376152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2014-09-01 18:34 - 2014-03-19 22:40 - 01112536 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-01 18:34 - 2014-03-19 19:53 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-09-01 18:34 - 2014-03-19 18:55 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-09-01 18:34 - 2014-03-19 02:13 - 00836096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-01 18:34 - 2014-03-19 00:50 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\w32tm.exe
2014-09-01 18:34 - 2014-03-19 00:31 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2014-09-01 18:34 - 2014-03-19 00:20 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2014-09-01 18:34 - 2014-03-19 00:08 - 01351168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-09-01 18:34 - 2014-03-13 07:35 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wof.sys
2014-09-01 18:34 - 2014-03-12 08:45 - 00387210 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-01 18:34 - 2014-03-11 10:18 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2014-09-01 18:34 - 2014-03-11 09:28 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2014-09-01 18:34 - 2014-03-08 15:38 - 01542768 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-09-01 18:34 - 2014-03-08 10:29 - 00356848 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2014-09-01 18:34 - 2014-03-08 06:34 - 01095488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2014-09-01 18:34 - 2014-03-08 04:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\sxproxy.dll
2014-09-01 18:34 - 2014-03-08 03:33 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2014-09-01 18:34 - 2014-03-08 03:25 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\SetNetworkLocation.dll
2014-09-01 18:34 - 2014-03-08 03:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxproxy.dll
2014-09-01 18:34 - 2014-03-08 02:53 - 01843712 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-09-01 18:34 - 2014-03-08 02:03 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-01 18:34 - 2014-03-08 01:48 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2014-09-01 18:34 - 2014-03-08 01:37 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-01 18:34 - 2014-03-08 01:31 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2014-09-01 18:34 - 2014-03-08 00:41 - 01306624 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2014-09-01 18:34 - 2014-03-08 00:11 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2014-09-01 18:34 - 2014-03-06 09:34 - 02331000 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-09-01 18:34 - 2014-03-06 09:34 - 00113648 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2014-09-01 18:34 - 2014-03-06 06:19 - 00094016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2014-09-01 18:34 - 2014-03-06 05:46 - 01679128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-09-01 18:34 - 2014-03-06 04:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-09-01 18:34 - 2014-03-06 04:24 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-09-01 18:34 - 2014-03-06 04:24 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-09-01 18:34 - 2014-03-06 04:22 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-09-01 18:34 - 2014-03-06 04:22 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-09-01 18:34 - 2014-03-06 04:19 - 00283648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-09-01 18:34 - 2014-03-06 04:19 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-09-01 18:34 - 2014-03-06 04:19 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-09-01 18:34 - 2014-03-06 04:08 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\l2gpstore.dll
2014-09-01 18:34 - 2014-03-06 03:41 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\DevPropMgr.dll
2014-09-01 18:34 - 2014-03-06 03:38 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-09-01 18:34 - 2014-03-06 03:10 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\l2gpstore.dll
2014-09-01 18:34 - 2014-03-06 03:00 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2014-09-01 18:34 - 2014-03-06 02:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-09-01 18:34 - 2014-03-06 02:16 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2014-09-01 18:34 - 2014-03-06 02:02 - 00834560 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2014-09-01 18:34 - 2014-03-06 01:51 - 02900992 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-09-01 18:34 - 2014-03-06 01:31 - 02479616 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-09-01 18:34 - 2014-03-06 01:29 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2014-09-01 18:34 - 2014-03-06 01:27 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-09-01 18:34 - 2014-03-06 01:24 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2014-09-01 18:34 - 2014-03-06 01:21 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2014-09-01 18:34 - 2014-03-06 01:13 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-09-01 18:34 - 2014-03-06 01:11 - 02030080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-09-01 18:34 - 2014-03-06 01:06 - 00386560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2014-09-01 18:34 - 2014-03-06 01:04 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2014-09-01 18:34 - 2014-03-06 01:01 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2014-09-01 18:34 - 2014-03-06 00:51 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2014-09-01 18:34 - 2014-03-06 00:47 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2014-09-01 18:34 - 2014-03-06 00:42 - 00280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2014-09-01 18:34 - 2014-03-04 07:25 - 02373784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-01 18:34 - 2014-03-04 07:14 - 00360512 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-09-01 18:34 - 2014-03-04 06:16 - 02088160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-09-01 18:34 - 2014-03-04 03:11 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2014-09-01 18:34 - 2014-03-04 02:26 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AdmTmpl.dll
2014-09-01 18:34 - 2014-03-04 02:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-09-01 18:34 - 2014-03-04 02:13 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-09-01 18:34 - 2014-03-04 02:08 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2014-09-01 18:34 - 2014-03-04 01:56 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2014-09-01 18:34 - 2014-03-04 01:50 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-09-01 18:34 - 2014-03-04 01:42 - 00494592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-09-01 18:34 - 2014-03-04 01:39 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2014-09-01 18:34 - 2014-03-04 01:15 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.dll
2014-09-01 18:34 - 2014-03-04 01:05 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.dll
2014-09-01 18:34 - 2014-03-04 01:03 - 00669696 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2014-09-01 18:34 - 2014-03-04 01:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2014-09-01 18:34 - 2014-03-04 00:54 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2014-09-01 18:34 - 2014-03-04 00:52 - 00605184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2014-09-01 18:34 - 2013-12-23 18:28 - 00262656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2014-09-01 18:34 - 2013-12-23 18:26 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2014-09-01 18:30 - 2014-08-22 19:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-01 18:30 - 2014-08-06 21:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-01 18:30 - 2014-08-01 22:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-01 18:30 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-01 18:30 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-01 18:30 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-01 18:30 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-01 18:30 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-01 18:30 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-01 18:30 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-01 18:30 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-01 18:30 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-01 18:30 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-01 18:30 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-01 18:30 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-01 18:30 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-01 18:30 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-01 18:30 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-01 18:30 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-01 18:30 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-01 18:30 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-01 18:30 - 2014-07-25 06:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-01 18:30 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-01 18:30 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-01 18:30 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-01 18:30 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-01 18:30 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-01 18:30 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-01 18:30 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-01 18:30 - 2014-07-25 06:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-01 18:30 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-01 18:30 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-01 18:30 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-01 18:30 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-01 18:30 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-01 18:30 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-01 18:30 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-01 18:30 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-01 18:30 - 2014-06-19 20:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-01 18:30 - 2014-06-19 18:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-01 18:30 - 2014-06-16 17:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-01 18:30 - 2014-06-16 17:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-01 18:30 - 2014-06-12 20:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-09-01 18:30 - 2014-06-12 20:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-01 18:30 - 2014-06-12 19:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-09-01 18:30 - 2014-06-06 06:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-09-01 18:30 - 2014-05-09 22:46 - 02151424 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-01 18:30 - 2014-05-09 22:22 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-01 18:30 - 2014-05-08 18:06 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-09-01 18:30 - 2014-03-23 21:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-09-01 18:30 - 2014-03-23 21:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-09-01 18:30 - 2014-03-23 21:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-09-01 18:30 - 2014-03-13 02:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-09-01 18:30 - 2014-03-13 01:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-09-01 18:30 - 2014-03-06 07:53 - 02141912 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-09-01 18:30 - 2014-03-06 07:51 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-09-01 18:30 - 2014-03-06 07:39 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-01 18:30 - 2014-03-06 06:13 - 01779800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-09-01 18:30 - 2014-03-06 01:09 - 01764864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-09-01 18:29 - 2014-07-15 13:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-09-01 18:29 - 2014-07-15 03:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-09-01 18:29 - 2014-07-15 03:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-09-01 18:29 - 2014-07-15 03:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-09-01 18:29 - 2014-07-09 23:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-09-01 18:29 - 2014-07-09 23:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-09-01 18:29 - 2014-07-09 22:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-09-01 18:29 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-01 18:29 - 2014-06-09 17:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-01 18:29 - 2014-05-31 01:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-09-01 18:29 - 2014-05-29 07:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-09-01 18:29 - 2014-05-29 02:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-09-01 18:29 - 2014-05-29 01:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-09-01 18:29 - 2014-05-29 01:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-09-01 18:29 - 2014-05-29 00:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-09-01 18:29 - 2014-05-29 00:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-01 18:29 - 2014-05-13 02:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-09-01 18:29 - 2014-05-13 00:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-01 18:29 - 2014-05-12 23:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-09-01 18:29 - 2014-05-12 23:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-09-01 18:29 - 2014-05-12 22:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-01 18:29 - 2014-05-12 22:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-09-01 18:29 - 2014-05-04 23:02 - 03360256 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-01 18:29 - 2014-05-03 06:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-09-01 18:29 - 2014-05-03 04:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-09-01 18:29 - 2014-05-03 00:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-09-01 18:29 - 2014-05-03 00:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-09-01 18:29 - 2014-05-03 00:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-09-01 18:29 - 2014-05-03 00:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-09-01 18:29 - 2014-05-02 23:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-09-01 18:29 - 2014-05-02 23:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-09-01 18:29 - 2014-05-02 23:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-09-01 18:29 - 2014-05-02 18:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-09-01 18:29 - 2014-05-01 08:31 - 00055328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
2014-09-01 18:29 - 2014-05-01 00:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-09-01 18:29 - 2014-04-30 01:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-09-01 18:29 - 2014-04-30 01:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-09-01 18:29 - 2014-04-30 01:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-09-01 18:29 - 2014-04-30 01:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-09-01 18:29 - 2014-04-30 00:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-09-01 18:29 - 2014-04-29 23:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-09-01 18:29 - 2014-04-29 23:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-09-01 18:29 - 2014-04-29 23:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-09-01 18:29 - 2014-04-29 23:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-09-01 18:29 - 2014-04-29 23:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-09-01 18:29 - 2014-04-29 23:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-09-01 18:29 - 2014-04-29 22:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-09-01 18:29 - 2014-04-29 22:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-09-01 18:29 - 2014-04-29 22:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-09-01 18:29 - 2014-04-29 22:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-09-01 18:29 - 2014-04-29 22:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-09-01 18:29 - 2014-04-29 22:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-09-01 18:29 - 2014-04-28 17:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-09-01 18:29 - 2014-04-26 17:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-09-01 18:29 - 2014-04-26 15:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-09-01 18:29 - 2014-04-26 13:41 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2014-09-01 18:29 - 2014-04-26 13:22 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2014-09-01 18:29 - 2014-04-26 13:04 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2014-09-01 18:29 - 2014-04-26 12:36 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2014-09-01 18:29 - 2014-04-26 11:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-09-01 18:29 - 2014-04-14 04:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-09-01 18:29 - 2014-04-14 03:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-09-01 18:29 - 2014-04-14 00:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-09-01 18:29 - 2014-04-11 03:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-09-01 18:29 - 2014-04-11 01:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-01 18:29 - 2014-04-11 00:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-09-01 18:29 - 2014-04-11 00:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-01 18:29 - 2014-04-10 22:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-09-01 18:29 - 2014-04-10 22:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-01 18:29 - 2014-04-10 22:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-01 18:29 - 2014-04-10 22:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-01 18:29 - 2014-04-10 22:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-01 18:29 - 2014-04-10 21:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-01 18:29 - 2014-04-10 21:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-01 18:29 - 2014-04-10 21:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-01 18:29 - 2014-04-09 01:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-01 18:29 - 2014-04-09 00:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-09-01 18:29 - 2014-03-08 15:40 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-09-01 18:29 - 2014-03-08 01:41 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-09-01 18:29 - 2014-03-08 01:25 - 00264192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-09-01 18:29 - 2014-03-08 01:04 - 00717312 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-09-01 18:29 - 2014-03-08 00:58 - 00567296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-09-01 18:28 - 2014-08-06 17:38 - 00697856 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-01 18:28 - 2014-08-02 00:44 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 18:28 - 2014-06-28 02:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-09-01 18:28 - 2014-04-18 09:57 - 00032600 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-09-01 18:28 - 2014-04-18 09:44 - 01466856 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-09-01 18:28 - 2014-04-18 08:29 - 01200288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-09-01 18:28 - 2014-04-18 04:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll
2014-09-01 18:28 - 2014-04-18 03:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-09-01 18:28 - 2014-04-18 03:21 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-09-01 18:28 - 2014-04-18 03:09 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-09-01 18:28 - 2014-04-18 02:51 - 00836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-09-01 18:28 - 2014-04-18 02:49 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-09-01 18:28 - 2014-04-14 04:20 - 00324888 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2014-09-01 18:28 - 2014-04-14 03:01 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2014-09-01 18:28 - 2014-04-10 23:51 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-09-01 18:28 - 2014-04-10 23:23 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-09-01 18:28 - 2014-04-10 22:30 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-09-01 18:28 - 2014-04-09 06:53 - 00337240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-09-01 18:28 - 2014-04-09 01:39 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-09-01 18:28 - 2014-04-09 00:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-09-01 18:28 - 2014-04-08 22:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2014-09-01 18:28 - 2014-04-08 17:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-09-01 18:28 - 2014-04-08 17:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-09-01 18:28 - 2014-04-08 13:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-09-01 18:28 - 2014-04-08 13:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-09-01 18:28 - 2014-04-07 21:01 - 00589656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-09-01 18:28 - 2014-04-06 11:34 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-09-01 18:28 - 2014-04-06 11:34 - 00275800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-09-01 18:28 - 2014-04-06 11:32 - 00125496 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-09-01 18:28 - 2014-04-06 11:31 - 21268952 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-01 18:28 - 2014-04-06 11:30 - 00201920 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2014-09-01 18:28 - 2014-04-06 11:24 - 00360792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2014-09-01 18:28 - 2014-04-06 11:20 - 01403856 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-09-01 18:28 - 2014-04-06 11:20 - 01379064 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-09-01 18:28 - 2014-04-06 11:20 - 00881616 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-09-01 18:28 - 2014-04-06 11:20 - 00765408 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-09-01 18:28 - 2014-04-06 11:20 - 00609448 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-09-01 18:28 - 2014-04-06 11:20 - 00491744 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-09-01 18:28 - 2014-04-06 11:20 - 00467496 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-09-01 18:28 - 2014-04-06 11:20 - 00463256 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-09-01 18:28 - 2014-04-06 11:20 - 00364640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-09-01 18:28 - 2014-04-06 11:20 - 00244880 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-09-01 18:28 - 2014-04-06 11:20 - 00028408 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-09-01 18:28 - 2014-04-06 10:23 - 00098584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-09-01 18:28 - 2014-04-06 10:22 - 18755672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-01 18:28 - 2014-04-06 10:22 - 00178184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2014-09-01 18:28 - 2014-04-06 10:16 - 01209616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-09-01 18:28 - 2014-04-06 10:16 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-09-01 18:28 - 2014-04-06 10:16 - 00669856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-09-01 18:28 - 2014-04-06 10:16 - 00518544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-09-01 18:28 - 2014-04-06 10:16 - 00406504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-09-01 18:28 - 2014-04-06 10:16 - 00387896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-09-01 18:28 - 2014-04-06 10:16 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-09-01 18:28 - 2014-04-06 10:16 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-09-01 18:28 - 2014-04-06 07:58 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-09-01 18:28 - 2014-04-06 07:51 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-09-01 18:28 - 2014-04-06 07:33 - 00335872 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2014-09-01 18:28 - 2014-04-06 07:24 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-09-01 18:28 - 2014-04-06 07:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-09-01 18:28 - 2014-04-06 06:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2014-09-01 18:28 - 2014-04-06 06:20 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-09-01 18:28 - 2014-04-06 06:01 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-09-01 18:28 - 2014-04-06 05:52 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-09-01 18:28 - 2014-04-06 05:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-09-01 18:28 - 2014-04-06 05:37 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-09-01 18:28 - 2014-04-06 05:36 - 00888320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-09-01 18:28 - 2014-04-06 05:05 - 01222656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2014-09-01 18:28 - 2014-04-06 04:59 - 00982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-09-01 18:28 - 2014-04-03 03:12 - 00307304 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-09-01 18:28 - 2014-04-03 03:12 - 00130144 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2014-09-01 18:28 - 2014-04-02 23:03 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-09-01 18:28 - 2014-04-02 23:03 - 00111528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2014-09-01 18:28 - 2014-04-02 21:53 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-01 18:28 - 2014-04-02 21:51 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-09-01 18:28 - 2014-04-02 21:23 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2014-09-01 18:28 - 2014-04-02 21:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
2014-09-01 18:28 - 2014-04-01 01:23 - 00384856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-09-01 18:28 - 2014-03-31 00:42 - 07425368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-01 18:28 - 2014-03-30 19:01 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-09-01 18:28 - 2014-03-30 18:43 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-09-01 18:28 - 2014-03-30 17:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-09-01 18:28 - 2014-03-30 17:49 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-09-01 18:28 - 2014-03-30 17:35 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-09-01 18:28 - 2014-03-28 10:58 - 00407016 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2014-09-01 18:28 - 2014-03-27 01:16 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-09-01 18:28 - 2014-03-27 00:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-09-01 18:28 - 2014-03-26 23:59 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-09-01 18:28 - 2014-03-26 23:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-09-01 18:28 - 2014-03-26 23:19 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-09-01 18:28 - 2014-03-26 22:46 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-09-01 18:28 - 2014-03-26 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-09-01 18:28 - 2014-03-26 22:10 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-09-01 18:28 - 2014-03-20 23:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll
2014-09-01 18:28 - 2014-03-19 22:48 - 00263424 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-09-01 18:28 - 2014-03-19 19:44 - 06645248 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-01 18:28 - 2014-03-19 18:33 - 05774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-01 18:28 - 2014-03-19 03:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2014-09-01 18:28 - 2014-03-19 03:07 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-09-01 18:28 - 2014-03-19 02:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-01 18:28 - 2014-03-19 02:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2014-09-01 18:28 - 2014-03-19 01:36 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-01 18:28 - 2014-03-19 00:56 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-01 18:28 - 2014-03-19 00:45 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-09-01 18:28 - 2014-03-19 00:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-09-01 18:28 - 2014-03-19 00:07 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-09-01 18:28 - 2014-03-19 00:02 - 01527296 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-09-01 18:28 - 2014-03-19 00:00 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-09-01 18:28 - 2014-03-18 23:51 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-09-01 18:28 - 2014-03-18 23:31 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-09-01 18:28 - 2014-03-18 23:18 - 02688000 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-09-01 18:28 - 2014-03-18 03:19 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-09-01 18:28 - 2014-03-18 00:00 - 07173120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2014-09-01 18:28 - 2014-03-17 23:52 - 05104640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-09-01 18:28 - 2014-03-17 00:09 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-09-01 18:28 - 2014-03-16 23:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-09-01 18:28 - 2014-03-16 22:01 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-09-01 18:28 - 2014-03-16 21:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-09-01 18:28 - 2014-03-14 01:26 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2014-09-01 18:28 - 2014-03-14 01:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2014-09-01 18:28 - 2014-03-11 08:02 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-09-01 18:28 - 2014-03-08 15:47 - 00180056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-01 18:28 - 2014-03-06 07:42 - 00310616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-09-01 18:28 - 2014-03-06 04:19 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.Search.UriHandler.dll
2014-09-01 18:28 - 2014-03-06 03:20 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-09-01 18:28 - 2014-01-27 13:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-01 18:26 - 2014-06-05 09:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-09-01 18:26 - 2014-06-05 08:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-09-01 18:26 - 2014-06-01 21:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-09-01 18:26 - 2014-05-31 05:07 - 00467800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-09-01 18:26 - 2014-05-31 05:07 - 00440664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-09-01 18:26 - 2014-05-31 05:07 - 00419672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-01 18:26 - 2014-05-31 05:07 - 00089944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-09-01 18:26 - 2014-05-31 05:07 - 00027480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-09-01 18:26 - 2014-05-31 01:30 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-09-01 18:26 - 2014-05-31 01:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-09-01 18:26 - 2014-05-31 01:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-09-01 18:26 - 2014-05-30 23:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-09-01 18:26 - 2014-05-30 23:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-09-01 18:26 - 2014-05-30 23:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-09-01 18:26 - 2014-05-29 01:21 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2014-09-01 18:26 - 2014-05-27 10:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-01 18:26 - 2014-05-27 04:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-09-01 18:26 - 2014-05-27 04:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-09-01 18:26 - 2014-05-19 01:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe
2014-09-01 18:26 - 2014-05-19 01:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2014-09-01 18:26 - 2014-05-19 00:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-09-01 18:26 - 2014-05-16 23:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-09-01 18:26 - 2014-05-16 23:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-01 18:26 - 2014-04-29 23:43 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-09-01 18:26 - 2014-04-29 23:30 - 00668160 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2014-09-01 18:26 - 2014-04-29 23:26 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-09-01 18:26 - 2014-04-29 22:52 - 00590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2014-09-01 18:26 - 2014-04-29 22:47 - 01509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-09-01 18:26 - 2014-03-31 00:35 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-01 18:25 - 2014-08-01 22:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-09-01 18:25 - 2014-07-11 23:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-09-01 18:25 - 2014-06-06 08:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-01 18:25 - 2014-06-06 07:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-01 18:25 - 2014-06-04 04:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-01 18:25 - 2014-06-04 00:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-01 18:25 - 2014-06-04 00:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-01 18:25 - 2014-06-03 23:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-01 18:25 - 2014-06-03 23:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-01 18:25 - 2014-06-03 21:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-01 18:25 - 2014-06-03 21:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-01 18:25 - 2014-05-31 05:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-01 18:25 - 2014-05-31 05:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-09-01 18:25 - 2014-05-30 22:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-01 18:25 - 2014-05-30 22:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-01 18:25 - 2014-05-30 22:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-01 18:25 - 2014-05-30 22:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-01 18:25 - 2014-05-30 22:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-01 18:25 - 2014-05-30 22:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-01 18:25 - 2014-05-30 21:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-01 18:25 - 2014-05-30 21:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-01 18:25 - 2014-05-30 21:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-01 18:25 - 2014-05-30 21:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-09-01 18:25 - 2014-05-30 21:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-01 18:25 - 2014-05-30 21:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-09-01 18:25 - 2014-05-30 21:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-01 18:25 - 2014-05-01 00:24 - 02834944 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2014-09-01 10:13 - 2014-09-01 10:13 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Apps\2.0
2014-09-01 09:41 - 2014-09-01 09:41 - 00000894 _____ () C:\Users\Hongbo\Desktop\µTorrent.lnk
2014-09-01 09:40 - 2014-09-02 01:03 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\uTorrent
2014-09-01 09:11 - 2014-09-01 09:11 - 00000000 ____D () D:\Program Files (x86)\Google
2014-08-31 17:07 - 2014-08-31 17:07 - 00000946 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 3.0.lnk
2014-08-31 17:07 - 2014-08-31 17:07 - 00000000 ____D () D:\Program Files\Adobe Digital Editions 3.0
2014-08-31 17:07 - 2014-08-31 17:07 - 00000000 ____D () C:\Users\Hongbo\Documents\My Digital Editions
2014-08-31 17:07 - 2014-08-31 17:07 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Adobe_Systems_Incorporate
2014-08-31 17:05 - 2014-08-31 17:05 - 00000000 ____D () D:\Program Files\Reference Assemblies
2014-08-31 17:05 - 2014-08-31 17:05 - 00000000 ____D () D:\Program Files\MSBuild
2014-08-31 17:05 - 2014-08-31 17:05 - 00000000 ____D () D:\Program Files (x86)\Reference Assemblies
2014-08-31 17:05 - 2014-08-31 17:05 - 00000000 ____D () D:\Program Files (x86)\MSBuild
2014-08-31 17:03 - 2013-08-02 23:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2014-08-31 17:03 - 2013-08-02 23:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-08-31 17:03 - 2013-08-02 23:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2014-08-31 17:03 - 2013-08-02 23:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-08-31 17:02 - 2014-08-31 17:02 - 02959376 _____ (Microsoft Corporation) C:\Users\Hongbo\Downloads\dotnetfx35setup.exe
2014-08-31 16:56 - 2014-08-31 16:56 - 06144272 _____ (Adobe Systems Incorporated) C:\Users\Hongbo\Downloads\ADE_3.0_Installer.exe
2014-08-31 16:48 - 2014-08-31 16:52 - 52190170 _____ () C:\Users\Hongbo\Downloads\The Count of Monte Cristo_ Illustrated by Alexandre Dumas.epub
2014-08-31 16:12 - 2014-09-02 01:40 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\VMware
2014-08-31 16:12 - 2014-09-02 01:40 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\VMware
2014-08-31 16:07 - 2014-06-12 18:23 - 00359128 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-08-31 16:07 - 2014-06-12 18:23 - 00064728 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-08-31 16:07 - 2014-06-12 18:21 - 00033496 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2014-08-31 16:07 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-08-31 16:07 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-08-31 16:07 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-08-31 16:06 - 2014-09-02 01:07 - 00000000 ____D () C:\ProgramData\VMware
2014-08-31 16:06 - 2014-08-31 16:06 - 00835482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-31 16:06 - 2014-08-31 16:06 - 00002136 _____ () C:\Users\Public\Desktop\VMware Player.lnk
2014-08-31 16:06 - 2014-08-31 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-08-31 16:06 - 2014-08-31 16:06 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-08-31 16:06 - 2014-06-12 18:22 - 00931032 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-08-31 16:06 - 2014-06-12 18:22 - 00437976 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-08-31 16:06 - 2014-06-12 18:22 - 00031448 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-08-31 16:06 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-08-31 16:05 - 2014-08-31 16:06 - 00000000 ____D () C:\VMImages
2014-08-31 16:05 - 2014-08-18 04:12 - 98900000 _____ (VMware, Inc.) C:\Users\Hongbo\Desktop\VMware-player-6.0.3-1895310.exe
2014-08-31 16:01 - 2014-08-31 16:01 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Blizzard
2014-08-31 15:57 - 2014-08-31 15:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-08-31 15:46 - 2014-08-31 15:46 - 00000000 ____D () C:\Users\Hongbo\Documents\Diablo III
2014-08-30 22:13 - 2014-08-30 22:13 - 00000707 _____ () C:\Users\Hongbo\Desktop\Hearthstone.lnk
2014-08-30 22:13 - 2014-08-30 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-08-30 19:57 - 2014-08-30 19:57 - 00000672 _____ () C:\Users\Hongbo\Desktop\Diablo III.lnk
2014-08-30 19:57 - 2014-08-30 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-08-30 19:50 - 2014-09-01 10:51 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Spotify
2014-08-30 19:50 - 2014-08-30 19:50 - 00001852 _____ () C:\Users\Hongbo\Desktop\Spotify.lnk
2014-08-30 19:50 - 2014-08-30 19:50 - 00001838 _____ () C:\Users\Hongbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-08-30 19:50 - 2014-08-30 19:50 - 00000523 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-08-30 19:50 - 2014-08-30 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-30 19:49 - 2014-09-01 11:14 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Spotify
2014-08-30 19:17 - 2014-08-30 19:17 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Macromedia
2014-08-30 19:17 - 2014-08-30 19:17 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\LolClient
2014-08-30 11:36 - 2014-08-30 11:36 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-30 11:34 - 2014-08-30 11:34 - 00000000 ____D () C:\ProgramData\Riot Games
2014-08-30 11:33 - 2014-08-30 11:33 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-08-30 11:33 - 2014-08-30 11:33 - 00000000 ____D () C:\Riot Games
2014-08-30 11:33 - 2014-08-30 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-08-30 11:33 - 2008-07-31 12:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-08-30 11:33 - 2008-07-31 12:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-08-30 11:33 - 2008-07-12 10:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-08-30 11:33 - 2008-07-12 10:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-08-30 11:33 - 2008-07-12 10:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-08-30 11:32 - 2014-08-30 20:49 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\PMB Files
2014-08-30 11:32 - 2014-08-30 20:49 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-30 11:32 - 2014-08-30 11:32 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Riot Games
2014-08-30 11:29 - 2014-08-30 11:32 - 24743106 _____ () C:\Users\Hongbo\Downloads\vlc-2.1.5-win32.exe
2014-08-30 11:27 - 2014-09-02 01:03 - 00000000 ____D () C:\Windows\Panther
2014-08-30 11:27 - 2014-08-31 15:48 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\NVIDIA Corporation
2014-08-30 11:27 - 2014-08-30 11:27 - 00002153 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-08-30 11:27 - 2014-08-30 11:27 - 00001367 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-08-30 11:27 - 2014-08-30 11:27 - 00001102 _____ () C:\Users\Hongbo\Desktop\MSI Afterburner.lnk
2014-08-30 11:27 - 2014-08-30 11:27 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-08-30 11:27 - 2014-08-30 11:27 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-08-30 11:27 - 2014-08-30 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-08-30 11:27 - 2014-08-08 19:22 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-08-30 11:27 - 2014-08-08 19:22 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-08-30 11:27 - 2014-08-08 19:22 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-08-30 11:27 - 2014-08-08 19:22 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-08-30 11:27 - 2014-07-02 12:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-08-30 11:27 - 2010-05-26 13:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-08-30 11:27 - 2010-05-26 13:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-08-30 11:27 - 2010-05-26 13:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-08-30 11:27 - 2010-05-26 13:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-08-30 11:27 - 2010-05-26 13:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-08-30 11:27 - 2010-05-26 13:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-08-30 11:26 - 2014-07-02 15:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 02814656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00835032 _____ () C:\Windows\system32\nvmcumd.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-08-30 11:26 - 2014-07-02 15:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-08-30 11:26 - 2014-03-31 11:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-08-30 11:26 - 2014-03-31 11:42 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-08-30 11:26 - 2014-03-31 11:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-08-30 11:18 - 2014-09-02 00:48 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Battle.net
2014-08-30 11:18 - 2014-08-30 11:19 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Battle.net
2014-08-30 11:18 - 2014-08-30 11:18 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\NVIDIA
2014-08-30 11:18 - 2014-08-30 11:18 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Blizzard Entertainment
2014-08-30 11:18 - 2014-08-30 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-30 11:18 - 2014-08-30 11:18 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-30 11:15 - 2014-08-30 11:15 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-30 11:00 - 2014-08-30 11:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-08-30 10:56 - 2014-08-30 10:56 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Creative
2014-08-30 10:55 - 2014-08-30 10:55 - 00002083 _____ () C:\Users\Public\Desktop\Super-Charger.lnk
2014-08-30 10:55 - 2014-08-30 10:55 - 00000000 ___HD () C:\SuperChargerProfile
2014-08-30 10:55 - 2014-08-30 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-08-30 10:54 - 2014-08-30 10:54 - 00000159 ___RH () C:\Windows\ctfile.rfc
2014-08-30 10:54 - 2014-08-30 10:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-08-30 10:54 - 2014-08-30 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-08-30 10:54 - 2014-08-30 10:54 - 00000000 ____D () C:\ProgramData\Intel
2014-08-30 10:54 - 2014-08-30 10:54 - 00000000 ____D () C:\ProgramData\Creative
2014-08-30 10:54 - 2013-09-16 14:20 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2014-08-30 10:54 - 2013-09-16 14:20 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2014-08-30 10:54 - 2013-09-16 14:20 - 00016344 ____R (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2014-08-30 10:54 - 2013-08-29 13:18 - 00040576 _____ (Creative Technology Ltd.) C:\Windows\system32\MBCfg64.dll
2014-08-30 10:54 - 2013-08-29 13:18 - 00036992 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBCfg32.dll
2014-08-30 10:54 - 2013-07-03 17:20 - 00002835 _____ () C:\Windows\MBCfg_SP_APOIM.ini
2014-08-30 10:54 - 2013-07-03 17:20 - 00002783 _____ () C:\Windows\MBCfg_APOIM.ini
2014-08-30 10:54 - 2013-07-03 17:20 - 00002747 _____ () C:\Windows\MBCfg_HP_APOIM.ini
2014-08-30 10:54 - 2013-04-23 12:54 - 00332928 _____ (Creative Technology Ltd.) C:\Windows\system32\ChezSC64.DLL
2014-08-30 10:54 - 2013-04-23 12:54 - 00288896 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\ChezSC32.DLL
2014-08-30 10:54 - 2013-04-23 12:54 - 00148096 _____ (Creative Technology Ltd.) C:\Windows\system32\MBCfg64.exe
2014-08-30 10:54 - 2013-04-23 12:53 - 00138880 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBCfg32.exe
2014-08-30 10:54 - 2013-04-23 12:53 - 00015488 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\ResDefA.exe
2014-08-30 10:54 - 2013-01-08 12:11 - 00008570 _____ () C:\Windows\system32\MBCfg64.ini
2014-08-30 10:54 - 2013-01-08 12:11 - 00005856 _____ () C:\Windows\system32\MBCfgUninstall64.ini
2014-08-30 10:54 - 2013-01-08 12:10 - 00008570 _____ () C:\Windows\SysWOW64\MBCfg32.ini
2014-08-30 10:54 - 2013-01-08 12:10 - 00005856 _____ () C:\Windows\SysWOW64\MBCfgUninstall32.ini
2014-08-30 10:54 - 2012-11-01 13:23 - 00089600 _____ () C:\Windows\system32\CmdRtr64.DLL
2014-08-30 10:54 - 2012-11-01 13:22 - 00074240 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-08-30 10:54 - 2012-11-01 13:21 - 00325120 _____ () C:\Windows\system32\APOMgr64.DLL
2014-08-30 10:54 - 2012-11-01 13:19 - 00246272 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-08-30 10:54 - 2000-05-11 03:00 - 00090112 _____ (Creative Technology Ltd.) C:\Windows\Updreg.EXE
2014-08-30 10:53 - 2014-08-30 11:51 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\NVIDIA
2014-08-30 10:53 - 2014-08-30 10:54 - 00000179 _____ () C:\SBCsetup.log
2014-08-30 10:51 - 2014-09-02 01:10 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-30 10:51 - 2014-08-30 10:51 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-08-30 10:51 - 2014-08-30 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-30 10:51 - 2013-11-13 05:10 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-08-30 10:51 - 2009-11-17 18:12 - 00032344 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2014-08-30 10:50 - 2014-09-02 01:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-30 10:50 - 2014-08-30 11:51 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-08-30 10:50 - 2014-08-30 10:51 - 00002341 _____ () C:\RHDSetup.log
2014-08-30 10:50 - 2014-08-30 10:51 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Google
2014-08-30 10:50 - 2014-07-02 15:48 - 00075040 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-08-30 10:50 - 2014-07-02 15:48 - 00061912 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-08-30 10:50 - 2014-07-02 13:55 - 06783776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-08-30 10:50 - 2014-07-02 13:55 - 03522392 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-08-30 10:50 - 2014-07-02 13:55 - 00935368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-08-30 10:50 - 2014-07-02 13:55 - 00386520 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-08-30 10:50 - 2014-07-02 13:55 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-08-30 10:50 - 2014-07-02 05:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin
2014-08-30 10:50 - 2014-03-04 08:05 - 02558808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-08-30 10:50 - 2013-12-10 07:20 - 03771352 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-08-30 10:50 - 2013-12-09 21:17 - 00693385 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-08-30 10:50 - 2013-12-09 03:15 - 01998104 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2014-08-30 10:50 - 2013-12-09 03:15 - 01727256 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2014-08-30 10:50 - 2013-12-06 04:29 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2014-08-30 10:50 - 2013-12-05 07:21 - 00153304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-08-30 10:50 - 2013-12-04 03:27 - 01958616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-08-30 10:50 - 2013-11-26 04:26 - 00618200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-08-30 10:50 - 2013-11-25 04:20 - 02080472 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-08-30 10:50 - 2013-11-25 02:59 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-08-30 10:50 - 2013-11-25 02:59 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-08-30 10:50 - 2013-11-14 02:49 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-08-30 10:50 - 2013-11-13 05:52 - 01013504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-08-30 10:50 - 2013-11-13 05:07 - 02036992 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-08-30 10:50 - 2013-10-28 04:29 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-08-30 10:50 - 2013-10-15 14:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-08-30 10:50 - 2013-10-10 23:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-08-30 10:50 - 2013-08-05 05:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-08-30 10:50 - 2012-03-07 22:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-08-30 10:50 - 2011-12-20 02:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-08-30 10:50 - 2011-11-22 03:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-08-30 10:50 - 2010-11-07 18:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-08-30 10:50 - 2010-11-07 18:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-08-30 10:50 - 2010-11-07 18:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-08-30 10:50 - 2010-11-07 18:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-08-30 10:50 - 2010-11-07 18:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-08-30 10:50 - 2010-11-07 18:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-08-30 10:50 - 2010-11-03 05:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-08-30 10:50 - 2010-09-26 20:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-08-30 10:50 - 2009-11-23 20:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-08-30 10:50 - 2009-11-23 20:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-08-30 10:50 - 2009-11-23 20:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-08-30 10:50 - 2009-11-23 20:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-08-30 10:49 - 2014-08-30 10:49 - 00002799 _____ () C:\Users\Public\Desktop\Killer Network Manager.lnk
2014-08-30 10:49 - 2014-08-30 10:49 - 00000000 __SHD () C:\Users\Hongbo\AppData\Local\EmieUserList
2014-08-30 10:49 - 2014-08-30 10:49 - 00000000 __SHD () C:\Users\Hongbo\AppData\Local\EmieSiteList
2014-08-30 10:49 - 2014-08-30 10:49 - 00000000 ____D () C:\ProgramData\Qualcomm
2014-08-30 10:49 - 2014-08-30 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
2014-08-30 10:49 - 2014-08-30 10:49 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-08-30 10:49 - 2013-08-05 13:50 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-08-30 10:48 - 2014-08-30 10:48 - 00000000 ____D () C:\Intel
2014-08-30 10:45 - 2014-08-30 10:45 - 00000000 ____D () C:\MSI
2014-08-30 10:43 - 2014-09-02 09:17 - 00000000 __RDO () C:\Users\Hongbo\OneDrive
2014-08-30 10:41 - 2014-09-01 10:48 - 00000000 ____D () C:\Users\Hongbo
2014-08-30 10:41 - 2014-09-01 09:11 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-30 10:41 - 2014-08-31 20:52 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Packages
2014-08-30 10:41 - 2014-08-30 10:41 - 00001446 _____ () C:\Users\Hongbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-30 10:41 - 2014-08-30 10:41 - 00000020 ___SH () C:\Users\Hongbo\ntuser.ini
2014-08-30 10:41 - 2014-08-30 10:41 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Adobe
2014-08-30 10:41 - 2014-08-30 10:41 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\VirtualStore
2014-08-30 10:41 - 2014-03-18 05:35 - 00000000 ___RD () C:\Users\Hongbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-08-30 10:41 - 2014-03-18 05:35 - 00000000 ___RD () C:\Users\Hongbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-30 10:41 - 2014-03-18 05:15 - 00000369 _____ () C:\Users\Hongbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-08-30 10:41 - 2014-03-18 05:15 - 00000369 _____ () C:\Users\Hongbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-08-30 10:41 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Hongbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-30 10:41 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-30 10:31 - 2014-08-30 10:31 - 00000000 ____D () C:\Windows\CSC
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-02 09:25 - 2014-09-02 00:53 - 00000000 ____D () C:\FRST
2014-09-02 09:22 - 2014-09-02 00:23 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2637659435-3774164901-2528715933-1001
2014-09-02 09:18 - 2014-09-02 00:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 09:17 - 2014-08-30 10:43 - 00000000 __RDO () C:\Users\Hongbo\OneDrive
2014-09-02 01:40 - 2014-08-31 16:12 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\VMware
2014-09-02 01:40 - 2014-08-31 16:12 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\VMware
2014-09-02 01:14 - 2014-03-18 05:04 - 00867740 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-02 01:10 - 2014-08-30 10:51 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 01:07 - 2014-09-02 00:34 - 00000000 ____D () D:\Program Files\SUPERAntiSpyware
2014-09-02 01:07 - 2014-08-31 16:06 - 00000000 ____D () C:\ProgramData\VMware
2014-09-02 01:07 - 2014-08-30 10:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-02 01:07 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 01:05 - 2014-09-02 01:04 - 00000000 ____D () C:\AdwCleaner
2014-09-02 01:04 - 2014-09-02 01:04 - 00000000 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 01:03 - 2014-09-02 01:03 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-02 01:03 - 2014-09-02 01:03 - 00000709 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-02 01:03 - 2014-09-02 01:03 - 00000000 ____D () D:\Program Files\CCleaner
2014-09-02 01:03 - 2014-09-02 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-02 01:03 - 2014-09-01 09:40 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\uTorrent
2014-09-02 01:03 - 2014-08-30 11:27 - 00000000 ____D () C:\Windows\Panther
2014-09-02 00:54 - 2014-09-02 00:54 - 00000000 ____D () C:\Windows\ERUNT
2014-09-02 00:48 - 2014-08-30 11:18 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Battle.net
2014-09-02 00:46 - 2014-09-02 00:46 - 00000786 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-02 00:46 - 2014-09-02 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-02 00:46 - 2014-09-02 00:45 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2014-09-02 00:45 - 2014-09-02 00:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-02 00:43 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-02 00:35 - 2014-09-02 00:35 - 00000000 ____D () C:\SUPERDelete
2014-09-02 00:29 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-02 00:21 - 2014-09-02 00:21 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-02 00:15 - 2013-08-22 09:44 - 00337808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 00:14 - 2014-09-02 00:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-02 00:14 - 2014-09-02 00:14 - 00000000 ____D () D:\Program Files\Windows Journal
2014-09-02 00:14 - 2014-09-02 00:14 - 00000000 ____D () D:\Program Files\Windows Defender
2014-09-02 00:14 - 2014-09-02 00:14 - 00000000 ____D () D:\Program Files (x86)\Windows Defender
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\setup
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager
2014-09-02 00:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera
2014-09-02 00:14 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-09-02 00:03 - 2014-09-02 00:03 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\PeaZip
2014-09-01 20:46 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-01 20:44 - 2014-09-01 20:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-01 11:14 - 2014-08-30 19:49 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Spotify
2014-09-01 10:51 - 2014-08-30 19:50 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Spotify
2014-09-01 10:48 - 2014-08-30 10:41 - 00000000 ____D () C:\Users\Hongbo
2014-09-01 10:13 - 2014-09-01 10:13 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Apps\2.0
2014-09-01 09:41 - 2014-09-01 09:41 - 00000894 _____ () C:\Users\Hongbo\Desktop\µTorrent.lnk
2014-09-01 09:11 - 2014-09-01 09:11 - 00000000 ____D () D:\Program Files (x86)\Google
2014-09-01 09:11 - 2014-08-30 10:41 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-31 20:57 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-08-31 20:52 - 2014-08-30 10:41 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Packages
2014-08-31 17:07 - 2014-08-31 17:07 - 00000946 _____ () C:\Users\Public\Desktop\Adobe Digital Editions 3.0.lnk
2014-08-31 17:07 - 2014-08-31 17:07 - 00000000 ____D () D:\Program Files\Adobe Digital Editions 3.0
2014-08-31 17:07 - 2014-08-31 17:07 - 00000000 ____D () C:\Users\Hongbo\Documents\My Digital Editions
2014-08-31 17:07 - 2014-08-31 17:07 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Adobe_Systems_Incorporate
2014-08-31 17:05 - 2014-08-31 17:05 - 00000000 ____D () D:\Program Files\Reference Assemblies
2014-08-31 17:05 - 2014-08-31 17:05 - 00000000 ____D () D:\Program Files\MSBuild
2014-08-31 17:05 - 2014-08-31 17:05 - 00000000 ____D () D:\Program Files (x86)\Reference Assemblies
2014-08-31 17:05 - 2014-08-31 17:05 - 00000000 ____D () D:\Program Files (x86)\MSBuild
2014-08-31 17:02 - 2014-08-31 17:02 - 02959376 _____ (Microsoft Corporation) C:\Users\Hongbo\Downloads\dotnetfx35setup.exe
2014-08-31 16:56 - 2014-08-31 16:56 - 06144272 _____ (Adobe Systems Incorporated) C:\Users\Hongbo\Downloads\ADE_3.0_Installer.exe
2014-08-31 16:52 - 2014-08-31 16:48 - 52190170 _____ () C:\Users\Hongbo\Downloads\The Count of Monte Cristo_ Illustrated by Alexandre Dumas.epub
2014-08-31 16:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-31 16:06 - 2014-08-31 16:06 - 00835482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-31 16:06 - 2014-08-31 16:06 - 00002136 _____ () C:\Users\Public\Desktop\VMware Player.lnk
2014-08-31 16:06 - 2014-08-31 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-08-31 16:06 - 2014-08-31 16:06 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-08-31 16:06 - 2014-08-31 16:05 - 00000000 ____D () C:\VMImages
2014-08-31 16:01 - 2014-08-31 16:01 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Blizzard
2014-08-31 15:57 - 2014-08-31 15:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-08-31 15:48 - 2014-08-30 11:27 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\NVIDIA Corporation
2014-08-31 15:46 - 2014-08-31 15:46 - 00000000 ____D () C:\Users\Hongbo\Documents\Diablo III
2014-08-30 22:13 - 2014-08-30 22:13 - 00000707 _____ () C:\Users\Hongbo\Desktop\Hearthstone.lnk
2014-08-30 22:13 - 2014-08-30 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-08-30 20:49 - 2014-08-30 11:32 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\PMB Files
2014-08-30 20:49 - 2014-08-30 11:32 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-30 19:57 - 2014-08-30 19:57 - 00000672 _____ () C:\Users\Hongbo\Desktop\Diablo III.lnk
2014-08-30 19:57 - 2014-08-30 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-08-30 19:50 - 2014-08-30 19:50 - 00001852 _____ () C:\Users\Hongbo\Desktop\Spotify.lnk
2014-08-30 19:50 - 2014-08-30 19:50 - 00001838 _____ () C:\Users\Hongbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-08-30 19:50 - 2014-08-30 19:50 - 00000523 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-08-30 19:50 - 2014-08-30 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-30 19:17 - 2014-08-30 19:17 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Macromedia
2014-08-30 19:17 - 2014-08-30 19:17 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\LolClient
2014-08-30 11:51 - 2014-08-30 10:53 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\NVIDIA
2014-08-30 11:51 - 2014-08-30 10:50 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-08-30 11:36 - 2014-08-30 11:36 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-30 11:34 - 2014-08-30 11:34 - 00000000 ____D () C:\ProgramData\Riot Games
2014-08-30 11:33 - 2014-08-30 11:33 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-08-30 11:33 - 2014-08-30 11:33 - 00000000 ____D () C:\Riot Games
2014-08-30 11:33 - 2014-08-30 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-08-30 11:32 - 2014-08-30 11:32 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Riot Games
2014-08-30 11:32 - 2014-08-30 11:29 - 24743106 _____ () C:\Users\Hongbo\Downloads\vlc-2.1.5-win32.exe
2014-08-30 11:27 - 2014-08-30 11:27 - 00002153 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-08-30 11:27 - 2014-08-30 11:27 - 00001367 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-08-30 11:27 - 2014-08-30 11:27 - 00001102 _____ () C:\Users\Hongbo\Desktop\MSI Afterburner.lnk
2014-08-30 11:27 - 2014-08-30 11:27 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-08-30 11:27 - 2014-08-30 11:27 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-08-30 11:27 - 2014-08-30 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-08-30 11:27 - 2013-08-22 10:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-08-30 11:19 - 2014-08-30 11:18 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Battle.net
2014-08-30 11:18 - 2014-08-30 11:18 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\NVIDIA
2014-08-30 11:18 - 2014-08-30 11:18 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Blizzard Entertainment
2014-08-30 11:18 - 2014-08-30 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-08-30 11:18 - 2014-08-30 11:18 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-08-30 11:15 - 2014-08-30 11:15 - 00000000 ____D () C:\ProgramData\Battle.net
2014-08-30 11:00 - 2014-08-30 11:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-08-30 10:56 - 2014-08-30 10:56 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Creative
2014-08-30 10:55 - 2014-08-30 10:55 - 00002083 _____ () C:\Users\Public\Desktop\Super-Charger.lnk
2014-08-30 10:55 - 2014-08-30 10:55 - 00000000 ___HD () C:\SuperChargerProfile
2014-08-30 10:55 - 2014-08-30 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-08-30 10:54 - 2014-08-30 10:54 - 00000159 ___RH () C:\Windows\ctfile.rfc
2014-08-30 10:54 - 2014-08-30 10:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-08-30 10:54 - 2014-08-30 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2014-08-30 10:54 - 2014-08-30 10:54 - 00000000 ____D () C:\ProgramData\Intel
2014-08-30 10:54 - 2014-08-30 10:54 - 00000000 ____D () C:\ProgramData\Creative
2014-08-30 10:54 - 2014-08-30 10:53 - 00000179 _____ () C:\SBCsetup.log
2014-08-30 10:54 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-30 10:53 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\restore
2014-08-30 10:51 - 2014-08-30 10:51 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-08-30 10:51 - 2014-08-30 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-30 10:51 - 2014-08-30 10:50 - 00002341 _____ () C:\RHDSetup.log
2014-08-30 10:51 - 2014-08-30 10:50 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\Google
2014-08-30 10:50 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Help
2014-08-30 10:49 - 2014-08-30 10:49 - 00002799 _____ () C:\Users\Public\Desktop\Killer Network Manager.lnk
2014-08-30 10:49 - 2014-08-30 10:49 - 00000000 __SHD () C:\Users\Hongbo\AppData\Local\EmieUserList
2014-08-30 10:49 - 2014-08-30 10:49 - 00000000 __SHD () C:\Users\Hongbo\AppData\Local\EmieSiteList
2014-08-30 10:49 - 2014-08-30 10:49 - 00000000 ____D () C:\ProgramData\Qualcomm
2014-08-30 10:49 - 2014-08-30 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
2014-08-30 10:49 - 2014-08-30 10:49 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-08-30 10:48 - 2014-08-30 10:48 - 00000000 ____D () C:\Intel
2014-08-30 10:45 - 2014-08-30 10:45 - 00000000 ____D () C:\MSI
2014-08-30 10:41 - 2014-08-30 10:41 - 00001446 _____ () C:\Users\Hongbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-30 10:41 - 2014-08-30 10:41 - 00000020 ___SH () C:\Users\Hongbo\ntuser.ini
2014-08-30 10:41 - 2014-08-30 10:41 - 00000000 ____D () C:\Users\Hongbo\AppData\Roaming\Adobe
2014-08-30 10:41 - 2014-08-30 10:41 - 00000000 ____D () C:\Users\Hongbo\AppData\Local\VirtualStore
2014-08-30 10:31 - 2014-08-30 10:31 - 00000000 ____D () C:\Windows\CSC
2014-08-30 10:28 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\Recovery
2014-08-22 19:42 - 2014-09-01 18:30 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-18 04:12 - 2014-08-31 16:05 - 98900000 _____ (VMware, Inc.) C:\Users\Hongbo\Desktop\VMware-player-6.0.3-1895310.exe
2014-08-08 19:22 - 2014-08-30 11:27 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-08-08 19:22 - 2014-08-30 11:27 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-08-08 19:22 - 2014-08-30 11:27 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-08-08 19:22 - 2014-08-30 11:27 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-08-06 21:12 - 2014-09-01 18:30 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-06 17:38 - 2014-09-01 18:28 - 00697856 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
 
Some content of TEMP:
====================
C:\Users\Hongbo\AppData\Local\Temp\optprosetup.exe
C:\Users\Hongbo\AppData\Local\Temp\{B019253F-1350-45A1-BCE1-162282479232}.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-30 10:27
 
==================== End Of Log ============================


#4 baux

baux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 02 September 2014 - 09:31 AM

Here is the Additional.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Hongbo at 2014-09-02 09:25:35
Running from D:\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.33394 - BitTorrent Inc.)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.160.1244 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.39.1040 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.39.1040 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.39.1040 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.1.39.1040 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.022 - MSI)
tools-windows (x32 Version: 9.6.2.1895310 - VMware, Inc.) Hidden
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)
VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
30-08-2014 15:53:46 Installed Sound Blaster Cinema
31-08-2014 20:48:47 Installed DirectX
02-09-2014 05:20:54 Removed File Association Helper
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {049EF88B-B6C9-4A8E-A1A5-565793C4DE10} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0DFADE1A-713E-4673-9E8B-9938AF031D4D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5B0E752B-F407-4081-BFE1-5AAFA0BF4777} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {71317277-126B-4C52-9F88-D96CBE8C765C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {845AFB5D-C5F8-4211-9416-B1C87D000F18} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-31] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A08CAA66-1D00-479E-86EE-B42E4D42C208} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {C5511CAF-1880-42F4-A0FC-ADC8F1633642} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EF24DA3B-36F2-4A0F-B2A3-72D603EEFB16} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-30 10:50 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-30 10:54 - 2012-11-01 13:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-08-30 10:54 - 2012-11-01 13:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-01-22 17:15 - 2014-01-22 17:15 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-06-12 18:22 - 2014-06-12 18:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-08-30 10:54 - 2013-09-16 14:20 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-08-30 10:51 - 2014-08-27 23:54 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\libglesv2.dll
2014-08-30 10:51 - 2014-08-27 23:53 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\libegl.dll
2014-08-30 10:51 - 2014-08-27 23:54 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\pdf.dll
2014-08-30 10:51 - 2014-08-27 23:54 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll
2014-08-30 10:51 - 2014-08-27 23:53 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Hongbo\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20439654.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20439654.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "FAHConsole"
HKLM\...\StartupApproved\Run32: => "UpdReg"
HKLM\...\StartupApproved\Run32: => "Sound Blaster Cinema"
HKLM\...\StartupApproved\Run32: => "Super-Charger"
HKCU\...\StartupApproved\Run: => "Optimizer Pro"
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/02/2014 09:23:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fb8
 
Start Time: 01cfc6b8ad70257e
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: a36cb2c0-32ac-11e4-825f-448a5b8842d1
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 01:43:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fd4
 
Start Time: 01cfc6786eb427f4
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 622f883d-326c-11e4-825f-448a5b8842d1
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 01:28:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: dbc
 
Start Time: 01cfc67656457b27
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 49e9369c-326a-11e4-825f-448a5b8842d1
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 01:13:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: fe8
 
Start Time: 01cfc67444d42288
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 3a097679-3268-11e4-825f-448a5b8842d1
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 01:01:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b8c
 
Start Time: 01cfc672a887ea95
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 9c0559b6-3266-11e4-825e-448a5b8842d1
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 00:56:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c58
 
Start Time: 01cfc671f13aeed5
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: e5e02362-3265-11e4-825e-448a5b8842d1
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 00:37:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20573 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e84
 
Start Time: 01cfc66f4b522232
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 3ec98e0a-3263-11e4-825a-448a5b8842d1
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 00:33:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: xxxx.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x418
Faulting application start time: 0xxxxx.exe0
Faulting application path: xxxx.exe1
Faulting module path: xxxx.exe2
Report Id: xxxx.exe3
Faulting package full name: xxxx.exe4
Faulting package-relative application ID: xxxx.exe5
 
Error: (09/02/2014 00:33:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: xxxx.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x89c
Faulting application start time: 0xxxxx.exe0
Faulting application path: xxxx.exe1
Faulting module path: xxxx.exe2
Report Id: xxxx.exe3
Faulting package full name: xxxx.exe4
Faulting package-relative application ID: xxxx.exe5
 
Error: (09/02/2014 00:32:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: xxxx.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x364
Faulting application start time: 0xxxxx.exe0
Faulting application path: xxxx.exe1
Faulting module path: xxxx.exe2
Report Id: xxxx.exe3
Faulting package full name: xxxx.exe4
Faulting package-relative application ID: xxxx.exe5
 
 
System errors:
=============
Error: (09/02/2014 01:10:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WMPNetworkSvc service failed to start due to the following error: 
%%2
 
Error: (09/02/2014 01:07:54 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (09/02/2014 00:53:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WMPNetworkSvc service failed to start due to the following error: 
%%2
 
Error: (09/02/2014 00:51:14 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (09/02/2014 00:48:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WMPNetworkSvc service failed to start due to the following error: 
%%2
 
Error: (09/02/2014 00:46:38 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (09/02/2014 00:46:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WMPNetworkSvc service failed to start due to the following error: 
%%2
 
Error: (09/02/2014 00:43:56 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (09/02/2014 00:42:28 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
Error: (09/02/2014 00:20:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0841: Security Update for Windows 8.1 for x64-based Systems (KB2962140).
 
 
Microsoft Office Sessions:
=========================
Error: (09/02/2014 09:23:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20573fb801cfc6b8ad70257e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exea36cb2c0-32ac-11e4-825f-448a5b8842d1microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 01:43:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20573fd401cfc6786eb427f44294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe622f883d-326c-11e4-825f-448a5b8842d1microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 01:28:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20573dbc01cfc67656457b274294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe49e9369c-326a-11e4-825f-448a5b8842d1microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 01:13:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20573fe801cfc67444d422884294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe3a097679-3268-11e4-825f-448a5b8842d1microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 01:01:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.205731b8c01cfc672a887ea954294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe9c0559b6-3266-11e4-825e-448a5b8842d1microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 00:56:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20573c5801cfc671f13aeed54294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exee5e02362-3265-11e4-825e-448a5b8842d1microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 00:37:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20573e8401cfc66f4b5222324294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbwe\LiveComm.exe3ec98e0a-3263-11e4-825a-448a5b8842d1microsoft.windowscommunicationsapps_17.5.9600.20573_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (09/02/2014 00:33:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: xxxx.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd41801cfc66f79279093C:\Program Files (x86)\xxxx\xxxx.exeC:\Program Files (x86)\xxxx\MSVCR100.dllb6dcfc59-3262-11e4-825a-448a5b8842d1
 
Error: (09/02/2014 00:33:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: xxxx.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd89c01cfc66f6df374a7C:\Program Files (x86)\Malwarebytes Anti-Malware\xxxx.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllaba7ee65-3262-11e4-825a-448a5b8842d1
 
Error: (09/02/2014 00:32:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: xxxx.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd36401cfc66f4befb3bbC:\Program Files (x86)\Malwarebytes Anti-Malware\xxxx.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll89a484e6-3262-11e4-825a-448a5b8842d1
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 34%
Total physical RAM: 8135.93 MB
Available physical RAM: 5315.74 MB
Total Pagefile: 8135.93 MB
Available Pagefile: 4622.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.54 GB) (Free:190.23 GB) NTFS
Drive d: (1TB) (Fixed) (Total:931.51 GB) (Free:909.22 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 513BABC3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 51BCF809)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 02 September 2014 - 10:00 AM

Hi,

this isn't related to malware.

It looks like the problems have their origin in the fact that the software installations seem to be spread over two partitions (C: and D:).
See the error messages:

"There was a problem starting D:\ProgramFiles\windowsPhotoViewer\PhotoViewerdll"
"D:\Program Files (x86)\VMware\VMware PLayer\vmplayer.exe the specified path does not exist. Check this path and try again. "


And compare that to this line in the log:

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe


So my guess is that these errors occur because the files are looked for on the wrong partition.
Can you confirm that the files

C:\ProgramFiles\windowsPhotoViewer\PhotoViewer.dll"
C:\Program Files (x86)\VMware\VMware PLayer\vmplayer.exe

do exist? (On partition C: instead D:)

Edited by aharonov, 02 September 2014 - 10:02 AM.


#6 baux

baux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 02 September 2014 - 10:02 AM

Yes, these do exist. What should I do moving forward?



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 02 September 2014 - 10:04 AM

Do you know why this happend? I mean that software installations are spread over 2 partitions.

#8 baux

baux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 02 September 2014 - 10:11 AM

I think the photo viewer program came with the windows installation but the photos/videos were downloaded to the separate drive to save space. 



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 02 September 2014 - 10:29 AM

It doesn't matter where the data (photos/videos) are stored. The problem is the software itself.
Let's read out something:


Please download this attached Attached File  fixlist.txt   123bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#10 baux

baux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 02 September 2014 - 10:34 AM

Here is the log
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Hongbo at 2014-09-02 10:30:05 Run:1
Running from D:\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
REG: reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s
REG: reg query "HKCU\Environment" /s
*****************
 
 
========= reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
    FP_NO_HOST_CHECK    REG_SZ    NO
    USERNAME    REG_SZ    SYSTEM
    Path    REG_EXPAND_SZ    C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT
    ComSpec    REG_EXPAND_SZ    %SystemRoot%\system32\cmd.exe
    TMP    REG_EXPAND_SZ    %SystemRoot%\TEMP
    OS    REG_SZ    Windows_NT
    windir    REG_EXPAND_SZ    %SystemRoot%
    PROCESSOR_ARCHITECTURE    REG_SZ    AMD64
    TEMP    REG_EXPAND_SZ    %SystemRoot%\TEMP
    PATHEXT    REG_SZ    .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PSModulePath    REG_EXPAND_SZ    %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
    NUMBER_OF_PROCESSORS    REG_SZ    4
    PROCESSOR_LEVEL    REG_SZ    6
    PROCESSOR_IDENTIFIER    REG_SZ    Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
    PROCESSOR_REVISION    REG_SZ    3c03
 
 
 
========= End of Reg: =========
 
 
========= reg query "HKCU\Environment" /s =========
 
 
HKEY_CURRENT_USER\Environment
    TMP    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Temp
    TEMP    REG_EXPAND_SZ    %USERPROFILE%\AppData\Local\Temp
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog ====


#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 02 September 2014 - 10:43 AM

One more.


Please download this attached Attached File  fixlist.txt   133bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#12 baux

baux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 02 September 2014 - 10:52 AM

Here is the log
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Hongbo at 2014-09-02 10:47:59 Run:2
Running from D:\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
REG: reg query "HKLM/Software/microsoft/windows/currentversion"
REG: reg query "HKLM/Software/microsoft/windows nt/currentversion"
 
*****************
 
 
========= reg query "HKLM/Software/microsoft/windows/currentversion" =========
 
ERROR: Invalid key name.
Type "REG QUERY /?" for usage.
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM/Software/microsoft/windows nt/currentversion" =========
 
ERROR: Invalid key name.
Type "REG QUERY /?" for usage.
 
 
========= End of Reg: =========
 
 
==== End of Fixlog ====


#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 02 September 2014 - 10:56 AM

Sorry, I made a mistake. Take this one:


Please download this attached Attached File  fixlist.txt   133bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#14 baux

baux
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 02 September 2014 - 10:58 AM

Okay here is the log.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Hongbo at 2014-09-02 10:54:15 Run:3
Running from D:\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
REG: reg query "HKLM\Software\microsoft\windows\currentversion"
REG: reg query "HKLM\Software\microsoft\windows nt\currentversion"
 
*****************
 
 
========= reg query "HKLM\Software\microsoft\windows\currentversion" =========
 
 
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion
    ProgramFilesDir    REG_SZ    D:\Program Files
    CommonFilesDir    REG_SZ    C:\Program Files\Common Files
    ProgramFilesDir (x86)    REG_SZ    D:\Program Files (x86)
    CommonFilesDir (x86)    REG_SZ    C:\Program Files (x86)\Common Files
    CommonW6432Dir    REG_SZ    C:\Program Files\Common Files
    ProgramW6432Dir    REG_SZ    D:\Program Files
    MediaPathUnexpanded    REG_EXPAND_SZ    %SystemRoot%\Media
    DevicePath    REG_EXPAND_SZ    %SystemRoot%\inf
    ProgramFilesPath    REG_EXPAND_SZ    D:\ProgramFiles
    SM_GamesName    REG_SZ    Games
    SM_ConfigureProgramsName    REG_SZ    Set Program Access and Defaults
 
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\AccountPicture
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\AdvertisingInfo
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\App Management
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\App Paths
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\AppHost
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Applets
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\AppModel
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\AppReadiness
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Appx
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Audio
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Authentication
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\AutoRotation
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\BitLocker
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\BITS
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Component Based Servicing
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\ConnectedSearch
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Control Panel
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Controls Folder
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\DateTime
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Device Installer
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Device Metadata
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\DeviceAccess
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\DeviceSetup
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Diagnostics
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\DIFx
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\DIFxApp
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\DPX
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\DriverSearching
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\EventCollector
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\EventForwarding
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Explorer
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Ext
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\FileHistory
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\GameInstaller
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\GameUX
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Group Policy
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\HelpAndSupport
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Hints
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\HomeGroup
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\IME
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\ImmersiveShell
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Installer
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Internet Settings
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Live
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Lock Screen
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Management Infrastructure
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Media Center
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\MMDevices
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\MSSHA
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\NcdAutoSetup
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\NetCache
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\NetworkServiceTriggers
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\OEMInformation
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\OneDrive
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\OOBE
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\OpenWith
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\OptimalLayout
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Parental Controls
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Personalization
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\PhotoManager
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\PhotoPropertyHandler
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Policies
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\PrecisionTouchPad
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Prelaunch
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\PreviewHandlers
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\PropertySystem
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Proximity
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\PushNotifications
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Reliability
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\RenameFiles
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Run
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\RunOnce
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\SelectiveRemoteWipe
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\SettingSync
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Setup
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\SharedDLLs
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Shell Extensions
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\ShellCompatibility
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\SideBySide
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\SkyDriveRamps
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\SMDEn
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\SMI
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Store
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\StructuredQuery
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Syncmgr
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\SysPrepTapi
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\SystemProtectedUserData
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Telephony
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\ThemeManager
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Themes
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\TouchKeyboard
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\UFH
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Uninstall
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\UPnP
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\URL
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\UserPictureChange
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\UserState
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Utilman
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\WebCheck
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Windows Block Level Backup
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Windows To Go
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\WindowsStore
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\WindowsUpdate
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\WINEVT
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\Wordpad
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\WSMAN
HKEY_LOCAL_MACHINE\Software\microsoft\windows\currentversion\XWizards
 
 
========= End of Reg: =========
 
 
========= reg query "HKLM\Software\microsoft\windows nt\currentversion" =========
 
 
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion
    SystemRoot    REG_SZ    C:\Windows
    SoftwareType    REG_SZ    System
    RegisteredOwner    REG_SZ    hongbauxliang@gmail.com
    InstallDate    REG_DWORD    0x5401f0a4
    CurrentVersion    REG_SZ    6.3
    CurrentBuild    REG_SZ    9600
    RegisteredOrganization    REG_SZ    
    CurrentType    REG_SZ    Multiprocessor Free
    InstallationType    REG_SZ    Client
    EditionID    REG_SZ    Professional
    ProductName    REG_SZ    Windows 8.1 Pro
    ProductId    REG_SZ    00260-00537-00966-AA177
    DigitalProductId    REG_BINARY    A40000000300000030303236302D30303533372D30303936362D414131373700280A00005B426C75655D5831382D393535363200280A60963633B4B93CC676D11D23080000000000C4880154B1A63AAE00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001844BEBE
    DigitalProductId4    REG_BINARY    F804000004000000300030003000300030002D00300032003600300030002D003000350033002D003700300030003900360036002D00300030002D0031003000330033002D0039003200300030002E0030003000300030002D0032003400320032003000310034000000000000000000000000000000000000000000000000000000000000000000380064006100320064006600610065002D0065003400660035002D0034006500360061002D0039003200370032002D00390036006600380034003700300065003000330033006500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500072006F00660065007300730069006F006E0061006C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000280A60963633B4B93CC676D11D23080044A5B9F6C2583136C908E5D35116032CEDC57B256329E2C9A04CBF30DB0438CD22531C666E128E7DA00BD872AF086D0765C05ED1FBA8D3A9214F1C95007DEA1F5B0042006C00750065005D005800310038002D00390035003500360032000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000520065007400610069006C000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000520065007400610069006C000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    CurrentBuildNumber    REG_SZ    9600
    BuildLab    REG_SZ    9600.winblue_gdr.140330-1035
    BuildLabEx    REG_SZ    9600.17085.amd64fre.winblue_gdr.140330-1035
    BuildGUID    REG_SZ    ffffffff-ffff-ffff-ffff-ffffffffffff
    PathName    REG_SZ    C:\Windows
 
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Accessibility
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\AdaptiveDisplayBrightness
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\AeDebug
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\AppCompatFlags
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\ASR
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Audit
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\BackgroundModel
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Compatibility32
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Console
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\CorruptedFileRecovery
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\DefaultProductKey
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\DeviceDisplayObjects
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\DiskDiagnostics
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\drivers.desc
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Drivers32
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\EFS
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\EMDMgmt
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Event Viewer
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Font Drivers
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Font Management
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\FontDPI
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\FontLink
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\FontMapper
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Fonts
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\FontSubstitutes
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\GRE_Initialize
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\ICM
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Image File Execution Options
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\IniFileMapping
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\InstalledFeatures
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\KnownFunctionTableDlls
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\KnownManagedDebuggingDlls
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\LanguagePack
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\MCI Extensions
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\MCI32
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\MiniDumpAuxiliaryDlls
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\MsiCorruptedFileRecovery
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Multimedia
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\NetworkCards
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\NetworkList
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\NoImeModeImes
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Notifications
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\NtVdm64
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\OpenGLDrivers
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\PeerDist
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\PeerNet
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Perflib
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\PerHwIdStorage
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Ports
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Prefetcher
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Print
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\ProfileList
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\ProfileLoader
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\ProfileNotification
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\related.desc
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\RemoteRegistry
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Schedule
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\SecEdit
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Sensor
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\setup
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\SoftwareProtectionPlatform
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\SPP
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\SRUM
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Superfetch
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Svchost
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\SystemRestore
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Terminal Server
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Time Zones
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Tracing
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Userinstallable.drivers
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\WbemPerf
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Windows
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\Winlogon
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\WinSAT
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\WSService
HKEY_LOCAL_MACHINE\Software\microsoft\windows nt\currentversion\WUDF
 
 
========= End of Reg: =========
 
 
==== End of Fixlog ====


#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 AM

Posted 02 September 2014 - 11:47 AM

Ok, now let's do this:


Please download this attached Attached File  fixlist.txt   546bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users