Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Suspicious Activity under Internet Explorer

Started by Peter Lee , Mar 03 2017 04:54 AM

Please log in to reply

#16
RKinner

Posted 04 March 2017 - 11:25 AM

Malware Expert

Expert
24,624 posts

You might want to run Rogue killer just to make sure there is nothing hiding:

These instructions are a bit out of date but you should be able to figure it out. Do not let Rogue Killer remove anything after it finishes. It's prone to false positives so just leave it up until you hear from me.

Download RogueKiller and save it on your desktop.

Quit all programs

Start RogueKiller.exe.

Wait until Prescan has finished ...

Click on Scan

Wait for the end of the scan.

Send me the RKreport.txt located on your desktop.

#17
Peter Lee

Posted 04 March 2017 - 06:04 PM

Member

Topic Starter
Member
117 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-03-2017
Ran by Lee (administrator) on PETERLEE (05-03-2017 08:00:02)
Running from C:\Users\Lee\Documents\Virus\geekstogo
Loaded Profiles: Lee (Available Profiles: Lee)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-02-09]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\Launcher.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-02-23]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{982F0D76-3896-46D8-BC3D-5ADB2C6AA09C}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 322oiu4s.default
FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\322oiu4s.default [2017-03-05]
FF Homepage: Mozilla\Firefox\Profiles\322oiu4s.default -> hxxps://www.google.com/?gws_rd=ssl
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\322oiu4s.default\features\{1006df96-c7b0-4a5e-8cb3-24d139622644}\[email protected] [2017-03-04]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S4 WmgpService; C:\Program Files (x86)\PGP\WmgpService.exe [26616 2016-12-27] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 GPCIDrv; C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-03-03] ()
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [38432 2017-02-23] (SoftEther Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
U5 SEE; C:\Windows\System32\Drivers\SEE.sys [50208 2017-02-23] (SoftEther Corporation)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51232 2017-02-23] (SoftEther Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2017-02-20] (Duplex Secure Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-04 12:31 - 2017-03-04 12:31 - 00405536 _____ C:\Windows\system32\MpKslwDMpt.dll
2017-03-03 21:29 - 2017-03-05 08:00 - 00000000 ____D C:\FRST
2017-03-03 21:20 - 2017-03-03 21:22 - 00000000 ____D C:\Users\Lee\AppData\Local\svchost
2017-03-03 07:18 - 2017-03-03 13:12 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-03-03 07:17 - 2017-03-03 20:55 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-03 07:17 - 2017-03-03 13:12 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-03 07:16 - 2017-03-03 21:26 - 00000561 _____ C:\Users\Lee\Desktop\JRT.txt
2017-03-03 07:07 - 2017-03-03 07:11 - 11581544 _____ (SurfRight B.V.) C:\Users\Lee\Downloads\hitmanpro_x64.exe
2017-03-03 07:06 - 2017-03-03 07:06 - 01663736 _____ (Malwarebytes) C:\Users\Lee\Downloads\JRT.exe
2017-03-02 22:09 - 2017-03-03 21:19 - 00000000 ____D C:\AdwCleaner
2017-03-02 16:54 - 2017-03-02 16:54 - 00142168 ____H C:\Windows\SysWOW64\mlfcache.dat
2017-03-01 15:43 - 2017-03-01 15:44 - 00000000 ____D C:\abc
2017-03-01 12:00 - 2017-03-03 18:55 - 00000000 ____D C:\Users\Lee\Documents\Virus
2017-02-28 21:13 - 2017-02-28 21:13 - 00000000 ____D C:\Users\Lee\Downloads\WinMTR-v092
2017-02-28 21:04 - 2017-02-28 21:12 - 01912363 _____ C:\Users\Lee\Downloads\WinMTR-v092.zip
2017-02-28 14:39 - 2017-02-28 14:39 - 00000000 ____D C:\Windows\pss
2017-02-27 21:58 - 2017-03-04 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2017-02-27 19:11 - 2017-02-27 19:11 - 00009259 _____ C:\lsp.txt
2017-02-27 18:04 - 2017-02-27 18:04 - 00061746 _____ C:\Users\Lee\Desktop\DxDiag.txt
2017-02-27 18:00 - 2017-02-27 18:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lee\Downloads\HijackThis.exe
2017-02-27 11:24 - 2017-03-04 12:01 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2017-02-27 11:22 - 2017-02-27 11:22 - 00000000 ___HD C:\Program Files (x86)\NCWest
2017-02-27 11:22 - 2017-02-27 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2017-02-27 10:34 - 2017-02-27 11:18 - 227200840 _____ (NC Interactive, LLC) C:\Users\Lee\Downloads\BnS_Lite_Installer.exe
2017-02-26 11:34 - 2017-02-26 11:37 - 00052736 ___SH C:\Users\Lee\Documents\Thumbs.db
2017-02-26 11:34 - 2017-02-26 11:34 - 00569454 _____ C:\Users\Lee\Documents\10021482921278555.bmp
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files\MSBuild
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-24 13:07 - 2017-02-24 13:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-24 12:57 - 2013-08-03 12:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-02-24 12:57 - 2013-08-03 12:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-24 12:57 - 2013-08-03 12:41 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-02-24 12:56 - 2013-08-03 12:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-02-24 12:56 - 2013-08-03 12:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-24 12:56 - 2013-08-03 12:48 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-02-23 12:46 - 2017-02-23 13:05 - 00000000 ___HD C:\Users\Lee\Downloads\FakeHospital - Daisy Lee (Blonde Patient [bleep]ed by Her Doctor) 02.22.17 720p
2017-02-23 12:01 - 2017-02-23 12:09 - 00000000 ___HD C:\Users\Lee\Downloads\Playboy USA - March-April 2017 - True PDF - 3709 [ECLiPSE]
2017-02-23 12:01 - 2017-02-23 12:01 - 00038432 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo_VPN.sys
2017-02-23 11:49 - 2017-02-23 11:49 - 00000000 ____D C:\hydra_tmp_1487821788055
2017-02-23 11:48 - 2017-02-28 15:54 - 00000000 ____D C:\Users\Lee\AppData\Roaming\uTorrent
2017-02-23 11:47 - 2017-02-23 11:47 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2017-02-23 11:47 - 2017-02-23 11:47 - 00050208 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\see.sys
2017-02-23 11:47 - 2017-02-23 11:47 - 00001951 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2017-02-23 11:47 - 2017-02-23 11:47 - 00001945 _____ C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
2017-02-23 11:47 - 2017-02-23 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2017-02-23 11:46 - 2017-03-05 07:59 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2017-02-23 11:46 - 2017-02-23 11:46 - 00051232 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\SeLow_x64.sys
2017-02-23 11:45 - 2017-02-23 11:45 - 00000000 ____D C:\Users\Lee\Downloads\vpngate-client-2017.02.23-build-9634.137761
2017-02-23 11:34 - 2017-02-23 11:43 - 54265482 _____ C:\Users\Lee\Downloads\vpngate-client-2017.02.23-build-9634.137761.zip
2017-02-22 17:37 - 2017-02-22 17:38 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Wmgp
2017-02-22 17:37 - 2017-02-22 17:37 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\完美游戏平台
2017-02-22 17:36 - 2017-02-26 11:32 - 00000000 ____D C:\Program Files (x86)\PGP
2017-02-22 17:27 - 2017-02-22 17:35 - 61039328 _____ C:\Users\Lee\Downloads\pgp_2.5.9.1227.exe
2017-02-22 15:52 - 2017-02-22 15:52 - 00001347 _____ C:\Users\Lee\Desktop\Windows Media Player.lnk
2017-02-20 14:50 - 2017-02-20 14:50 - 00055837 _____ C:\Users\Lee\AppData\LocalLow\wbkFB70.tmp
2017-02-20 12:54 - 2017-03-04 11:59 - 00000200 _____ C:\Users\Lee\Documents\ax_files.xml
2017-02-20 12:28 - 2017-02-20 12:28 - 00000000 ___HD C:\Program Files (x86)\illusion
2017-02-20 12:16 - 2017-02-20 12:16 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2017-02-20 12:10 - 2017-02-20 12:10 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2017-02-20 11:21 - 2017-02-20 12:54 - 00000000 ___HD C:\Users\Lee\Documents\Oppai Slider
2017-02-20 11:10 - 2017-02-20 11:10 - 00000000 ___HD C:\Users\Lee\Downloads\[051125][ILLUSION](205861) Oppai Slider 2 (1DVD)(iso+mds)
2017-02-18 12:26 - 2017-02-18 12:26 - 00000000 ____D C:\Users\Lee\Downloads\FormatFactory.3.9.portable
2017-02-18 11:32 - 2017-02-18 12:14 - 118751860 _____ C:\Users\Lee\Downloads\FormatFactory.3.9.portable.rar
2017-02-17 14:32 - 2017-03-05 07:55 - 00000000 ___RD C:\Users\Lee\SkyDrive
2017-02-17 11:42 - 2017-02-17 11:42 - 00001108 _____ C:\Users\Lee\Desktop\Calculator.lnk
2017-02-16 21:04 - 2017-02-16 21:04 - 00000210 _____ C:\Users\Lee\Desktop\MapleStory Status Checker.URL
2017-02-16 17:52 - 2017-02-16 18:21 - 00077552 _____ C:\Users\Lee\Desktop\AS_Latency_Check.txt
2017-02-16 17:51 - 2017-02-16 17:51 - 00001626 _____ C:\Users\Lee\Downloads\Asiasoft_Network_Diagnostic_Tool.bat
2017-02-16 06:55 - 2017-02-16 06:55 - 00000000 ____D C:\Users\Lee\AppData\Local\Macromedia
2017-02-16 06:54 - 2017-02-16 06:54 - 00000000 ____D C:\ProgramData\McAfee
2017-02-16 06:51 - 2017-02-16 06:55 - 00000000 ____D C:\Users\Lee\AppData\Local\Adobe
2017-02-15 22:01 - 2017-02-15 22:01 - 00000000 ____D C:\ProgramData\Nexon
2017-02-14 20:41 - 2017-02-14 20:41 - 00001178 _____ C:\Users\Public\Desktop\MapleStorySEA.lnk
2017-02-14 20:40 - 2017-02-14 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizet
2017-02-14 20:27 - 2017-02-14 20:27 - 00000000 ____D C:\Program Files (x86)\Wizet
2017-02-14 14:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-02-14 14:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-02-14 14:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-02-14 14:16 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-02-14 14:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-02-14 14:16 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-02-14 14:16 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-02-14 14:16 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-02-14 14:16 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-02-14 14:16 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-02-14 14:16 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-02-14 14:16 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-02-14 14:16 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-02-14 14:16 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2017-02-14 14:16 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-02-14 14:16 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2017-02-14 14:15 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-02-14 14:15 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-02-14 14:15 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-02-14 14:15 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-02-14 14:15 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-02-14 14:14 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-02-14 14:14 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-02-14 14:14 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-02-14 14:14 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-02-14 14:14 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-02-14 14:14 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-02-14 14:14 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-02-14 14:14 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-02-14 14:14 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-02-14 14:14 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-02-14 14:14 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-02-14 14:14 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-02-14 14:13 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-02-14 14:13 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-02-14 14:13 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-02-14 14:13 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-02-14 14:13 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-02-14 14:13 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-02-14 14:13 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-02-14 14:13 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-02-14 14:13 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-02-14 14:13 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-02-14 14:13 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-02-14 14:13 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-02-14 14:13 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-02-14 14:13 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-02-14 14:13 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-02-14 14:13 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-02-14 14:13 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-02-14 14:13 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-02-14 14:13 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-02-14 14:13 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-02-14 14:13 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-02-14 14:13 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-02-14 14:13 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-02-14 14:12 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-02-14 14:12 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-02-14 14:12 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-02-14 14:12 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-02-14 14:12 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-02-14 14:12 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-02-14 14:12 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-02-14 14:12 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-02-14 14:12 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-02-14 14:12 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-02-14 14:11 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-02-14 14:11 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-02-14 14:11 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-02-14 14:11 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-02-14 14:11 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-02-14 14:11 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-02-14 14:10 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-02-14 14:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-02-14 14:10 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-02-14 14:10 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-02-14 14:10 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-02-14 14:10 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-02-14 14:10 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-02-14 14:10 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-02-14 14:10 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-02-14 14:10 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-02-14 14:10 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-02-14 14:10 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-02-14 14:10 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-02-14 14:10 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-02-14 14:10 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-02-14 14:10 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-02-14 14:10 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-02-14 14:10 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-02-14 14:10 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-02-14 14:10 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-02-14 14:10 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-02-14 14:10 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-02-14 14:10 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-02-14 14:10 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-02-14 14:10 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-02-14 14:10 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-02-14 14:10 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-02-14 14:10 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-02-14 14:10 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-02-14 14:10 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-02-14 14:10 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-02-14 14:10 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-02-14 14:10 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-02-14 14:10 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-02-14 14:10 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-02-14 14:10 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-02-14 14:10 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-02-14 14:10 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-02-14 14:10 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-02-14 14:10 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-02-14 14:10 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-02-14 14:10 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-02-14 14:10 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-02-14 14:10 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-02-14 14:10 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-02-14 14:10 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-02-14 14:10 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-02-14 14:10 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-02-14 14:10 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-02-14 14:10 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-02-14 14:09 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-02-14 14:09 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Sun
2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\Users\Lee\AppData\LocalLow\Sun
2017-02-14 13:25 - 2017-02-14 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-14 13:25 - 2017-02-14 13:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-14 13:24 - 2017-02-14 13:25 - 00000000 ____D C:\ProgramData\Oracle
2017-02-14 13:24 - 2017-02-14 13:24 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-14 13:13 - 2017-02-14 13:13 - 00738880 _____ (Oracle Corporation) C:\Users\Lee\Downloads\jxpiinstall.exe
2017-02-12 19:38 - 2017-03-01 12:40 - 00371712 ___SH C:\Users\Lee\Downloads\Thumbs.db
2017-02-11 20:26 - 2017-03-04 22:52 - 00000000 ____D C:\Users\Lee\AppData\Local\CrashDumps
2017-02-11 09:38 - 2017-02-11 09:38 - 00000000 ____D C:\Users\Lee\AppData\Roaming\OpenOffice
2017-02-11 09:31 - 2017-02-11 09:31 - 00001154 _____ C:\Users\Lee\Desktop\Wordpad.lnk
2017-02-10 20:34 - 2017-02-10 20:35 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-02-10 20:34 - 2017-02-10 20:34 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.3.lnk
2017-02-10 20:34 - 2017-02-10 20:34 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2017-02-10 20:32 - 2017-02-10 20:32 - 00000000 ____D C:\Users\Lee\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
2017-02-10 18:55 - 2017-02-10 19:54 - 140742472 _____ C:\Users\Lee\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
2017-02-10 16:29 - 2017-02-10 16:29 - 01038336 _____ C:\Users\Lee\Downloads\PlayparkDownloader_v0.3.6.1.msi
2017-02-10 16:29 - 2017-02-10 16:29 - 00003101 _____ C:\Users\Lee\Desktop\Playpark Downloader.lnk
2017-02-10 16:29 - 2017-02-10 16:29 - 00003061 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Playpark Downloader.lnk
2017-02-10 16:29 - 2017-02-10 16:29 - 00000000 ____D C:\Program Files (x86)\Asiasoft Online
2017-02-10 14:06 - 2017-02-10 14:06 - 00000000 ____D C:\Users\Lee\AppData\Local\NVIDIA Corporation
2017-02-10 14:05 - 2017-02-10 14:05 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-10 14:03 - 2016-04-14 13:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-02-10 14:03 - 2016-04-14 13:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-02-10 14:03 - 2016-04-14 13:38 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-02-10 07:30 - 2017-02-10 07:30 - 00000000 ____D C:\Users\Lee\AppData\Local\TeamViewer
2017-02-10 07:27 - 2017-02-23 11:54 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-10 07:27 - 2017-02-10 07:27 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-02-10 07:27 - 2017-02-10 07:27 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-02-10 07:27 - 2017-02-10 07:27 - 00000000 ____D C:\Users\Lee\AppData\Roaming\TeamViewer
2017-02-10 07:23 - 2017-02-10 07:26 - 14482152 _____ (TeamViewer GmbH) C:\Users\Lee\Downloads\TeamViewer_Setup.exe
2017-02-10 07:22 - 2017-02-27 18:53 - 00000000 ____D C:\Users\Lee\Documents\temp
2017-02-10 07:22 - 2017-02-10 07:22 - 00000000 ____D C:\GvTemp
2017-02-10 07:20 - 2017-02-10 07:20 - 00331464 _____ C:\Windows\Minidump\021017-39078-01.dmp
2017-02-09 20:56 - 2017-02-22 21:34 - 00000000 ____D C:\Users\Lee\AppData\Local\NVIDIA
2017-02-09 20:56 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-02-09 20:56 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-02-09 20:53 - 2017-02-20 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 20:53 - 2016-01-23 09:12 - 00110016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-09 20:52 - 2016-01-23 11:42 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-02-09 20:52 - 2016-01-23 11:42 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 06368312 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 02992064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 01263040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2017-02-09 20:50 - 2016-01-23 09:04 - 00532024 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-09 20:50 - 2016-01-23 09:04 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-02-09 20:50 - 2016-01-23 05:07 - 06125650 _____ C:\Windows\system32\nvcoproc.bin
2017-02-09 20:48 - 2016-01-23 11:42 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436175.dll
2017-02-09 20:48 - 2016-01-23 11:42 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436175.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 42983992 _____ C:\Windows\system32\nvcompiler.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 37614528 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 31079992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 24911296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 21193544 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 20733832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 17626352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 17218792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 16995064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 14016576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 12379072 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-09 20:46 - 2016-01-23 11:42 - 03258664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 03145272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 02721216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00948672 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00880576 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00747064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00689600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00501896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00468960 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00388560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-02-09 20:46 - 2016-01-23 11:42 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-02-09 20:37 - 2017-03-04 12:01 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-02-09 20:37 - 2017-02-09 20:37 - 00002767 _____ C:\Users\Public\Desktop\GIGABYTE OC_GURU.lnk
2017-02-09 20:37 - 2017-02-09 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2017-02-09 20:36 - 2017-02-09 20:36 - 00000000 ____D C:\Program Files (x86)\GIGABYTE
2017-02-09 19:58 - 2017-02-20 13:49 - 00000000 ____D C:\Users\Lee\AppData\Roaming\MPC-HC
2017-02-09 19:56 - 2017-02-09 19:56 - 00001239 _____ C:\Users\Lee\Desktop\Media Player Classic.lnk
2017-02-09 18:55 - 2017-02-09 18:55 - 00003156 _____ C:\Windows\System32\Tasks\klcp_update
2017-02-09 18:54 - 2017-02-09 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-02-09 18:54 - 2017-02-09 18:54 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2017-02-09 18:54 - 2016-05-08 18:27 - 03613696 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2017-02-09 18:54 - 2016-05-08 18:19 - 03642880 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2017-02-09 18:54 - 2015-12-18 18:00 - 00755200 _____ C:\Windows\system32\xvidcore.dll
2017-02-09 18:54 - 2015-12-18 18:00 - 00674816 _____ C:\Windows\SysWOW64\xvidcore.dll
2017-02-09 18:54 - 2015-12-18 18:00 - 00309248 _____ C:\Windows\system32\xvidvfw.dll
2017-02-09 18:54 - 2015-12-18 18:00 - 00282112 _____ C:\Windows\SysWOW64\xvidvfw.dll
2017-02-09 18:54 - 2015-10-25 01:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2017-02-09 18:54 - 2012-07-21 19:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2017-02-09 18:54 - 2012-07-21 19:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2017-02-09 18:54 - 2011-12-08 02:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2017-02-09 18:54 - 2011-12-08 02:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2017-02-09 18:25 - 2017-02-09 18:31 - 43807219 _____ (KLCP ) C:\Users\Lee\Downloads\K-Lite_Codec_Pack_1290_Mega.exe
2017-02-09 18:23 - 2017-02-09 18:24 - 01006644 _____ ( ) C:\Users\Lee\Downloads\CodecTweakTool_615.exe
2017-02-09 18:05 - 2017-03-05 07:59 - 00000000 ____D C:\Users\Lee\AppData\LocalLow\Mozilla
2017-02-09 17:21 - 2017-02-09 18:16 - 00000000 ____D C:\Users\Lee\AppData\Local\Mozilla
2017-02-09 17:21 - 2017-02-09 18:05 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Mozilla
2017-02-09 17:21 - 2017-02-09 17:21 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-09 17:21 - 2017-02-09 17:21 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-09 17:21 - 2017-02-09 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-09 17:20 - 2017-02-09 17:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-09 16:23 - 2017-02-09 16:24 - 00410408 _____ C:\Windows\Minidump\020917-21218-01.dmp
2017-02-09 09:53 - 2017-02-10 07:20 - 00000000 ____D C:\Windows\Minidump
2017-02-09 09:53 - 2017-02-10 07:19 - 271268873 _____ C:\Windows\MEMORY.DMP
2017-02-09 09:53 - 2017-02-09 09:54 - 00379704 _____ C:\Windows\Minidump\020917-23109-01.dmp
2017-02-09 06:22 - 2017-02-09 06:17 - 00000355 __RSH C:\Boot.ini.saved
2017-02-09 06:22 - 2013-08-22 13:17 - 02407936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-02-09 06:17 - 2017-02-09 06:17 - 00008192 __RSH C:\BOOTSECT.BAK
2017-02-09 06:17 - 2017-02-08 14:47 - 00000000 ____D C:\Windows\Panther
2017-02-09 06:17 - 2012-06-18 13:10 - 00000211 ____H C:\Boot.BAK
2017-02-09 06:09 - 2017-02-12 06:03 - 00000000 ____D C:\Windows.old
2017-02-08 22:25 - 2017-02-08 22:26 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Tmp
2017-02-08 22:25 - 2017-02-08 22:25 - 00000000 ____D C:\Windows\OEM8
2017-02-08 18:04 - 2017-02-08 18:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-02-08 17:25 - 2017-02-08 17:25 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 17:25 - 2016-09-10 02:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-08 17:25 - 2016-09-10 02:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2017-02-08 17:25 - 2016-09-10 02:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-08 17:25 - 2016-09-10 02:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-08 17:24 - 2017-03-05 07:54 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 17:24 - 2017-02-20 22:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-08 17:24 - 2017-01-04 15:31 - 00222648 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-02-08 17:24 - 2017-01-04 15:31 - 00210360 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-02-08 16:29 - 2017-02-24 13:09 - 00443438 _____ C:\Windows\system32\prfh0804.dat
2017-02-08 16:29 - 2017-02-24 13:09 - 00135458 _____ C:\Windows\system32\prfc0804.dat
2017-02-08 16:29 - 2017-02-08 16:27 - 00113084 _____ C:\Windows\system32\prfi0804.dat
2017-02-08 16:29 - 2017-02-08 16:27 - 00033362 _____ C:\Windows\system32\prfd0804.dat
2017-02-08 16:27 - 2017-02-08 16:27 - 00000000 ____D C:\Windows\SysWOW64\zh-HANS
2017-02-08 16:27 - 2017-02-08 16:27 - 00000000 ____D C:\Windows\system32\zh-HANS
2017-02-08 15:12 - 2017-02-08 15:14 - 00001908 _____ C:\Windows\diagwrn.xml
2017-02-08 15:12 - 2017-02-08 15:14 - 00001908 _____ C:\Windows\diagerr.xml
2017-02-08 15:05 - 2017-02-08 15:05 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Macromedia
2017-02-08 14:54 - 2017-02-17 14:32 - 00000000 ___RD C:\Users\Lee\SkyDrive.old
2017-02-08 14:53 - 2017-03-05 07:59 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1811311261-2537790386-1638266141-1001
2017-02-08 14:50 - 2017-02-16 07:28 - 01358934 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-08 14:48 - 2017-02-08 14:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-08 14:47 - 2017-02-27 18:00 - 00000000 ____D C:\Users\Lee\AppData\Local\VirtualStore
2017-02-08 14:47 - 2017-02-27 17:48 - 00000000 ____D C:\Users\Lee\AppData\Local\Packages
2017-02-08 14:47 - 2017-02-08 14:47 - 00001446 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-08 14:47 - 2017-02-08 14:47 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Adobe
2017-02-08 14:46 - 2017-02-22 21:32 - 00000000 ____D C:\Users\Lee
2017-02-08 14:46 - 2017-02-08 14:46 - 00000020 ___SH C:\Users\Lee\ntuser.ini
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\My Documents
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Videos
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Pictures
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 _SHDL C:\Users\Lee\Documents\My Music
2017-02-08 14:46 - 2017-02-08 14:46 - 00000000 ____D C:\Windows\CSC
2017-02-08 14:46 - 2013-08-29 20:35 - 00000000 ____D C:\Users\Lee\AppData\Roaming\Media Center Programs
2017-02-07 18:59 - 2017-02-07 18:59 - 00000000 ____D C:\NVIDIA
2017-02-07 17:53 - 2017-02-07 18:05 - 00000000 ____D C:\Documents and Settings 2
2017-02-07 17:53 - 2017-02-07 17:53 - 00000000 ____D C:\program files2

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 07:54 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-04 22:40 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-04 18:08 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-03-02 13:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2017-03-02 12:55 - 2013-08-22 22:44 - 00369184 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-28 14:21 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
2017-02-27 15:26 - 2015-12-22 23:49 - 00000000 ___HD C:\Peter
2017-02-24 20:17 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
2017-02-24 13:09 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2017-02-24 13:07 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-02-24 13:07 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\MUI
2017-02-18 12:25 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 06:54 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-16 06:54 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-10 20:32 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-09 20:53 - 2012-06-18 13:21 - 00000000 ____D C:\Temp
2017-02-09 20:50 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Help
2017-02-09 06:17 - 2013-08-22 23:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2017-02-08 18:04 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-08 16:27 - 2013-08-23 03:11 - 00000000 ____D C:\Program Files\Windows Journal
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\winrm
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\WCN
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\winrm
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\WCN
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\slmgr
2017-02-08 16:27 - 2013-08-23 03:09 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ___SD C:\Windows\system32\dsc
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\WinStore
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\migwiz
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\Com
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\IME
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\FileManager
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\System
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-08 16:27 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\Sysprep
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\oobe
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\Dism
2017-02-08 16:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\servicing
2017-02-08 15:08 - 2013-08-22 23:36 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-08 14:47 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Camera

Some files in TEMP:
====================
2017-03-03 20:55 - 2017-03-03 07:11 - 11581544 _____ (SurfRight B.V.) C:\Users\Lee\AppData\Local\Temp\HitmanPro.exe
2017-02-08 17:25 - 2016-12-29 20:43 - 0860776 _____ (NVIDIA Corporation) C:\Users\Lee\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-09 20:47 - 2016-12-29 20:43 - 0351680 _____ (NVIDIA Corporation) C:\Users\Lee\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-23 07:07

==================== End of FRST.txt ============================

#18
Peter Lee

Posted 04 March 2017 - 06:05 PM

Member

Topic Starter
Member
117 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2017
Ran by Lee (05-03-2017 08:01:43)
Running from C:\Users\Lee\Documents\Virus\geekstogo
Windows 8.1 Pro with Media Center (X64) (2017-02-08 06:47:10)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1811311261-2537790386-1638266141-500 - Administrator - Disabled)
Guest (S-1-5-21-1811311261-2537790386-1638266141-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1811311261-2537790386-1638266141-1003 - Limited - Enabled)
Lee (S-1-5-21-1811311261-2537790386-1638266141-1001 - Administrator - Enabled) => C:\Users\Lee

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{EA298EC1-2B8F-4DA9-8C5B-BC1FCBBAD72F}) (Version: 1.96.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.96.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
ILLUSION SexyビーチZERO (HKLM-x32\...\{51FAC155-0705-4EA0-B00F-7955676627BF}) (Version: 1.00.0000 - ILLUSION)
ILLUSION おっぱいスライダー2 (HKLM-x32\...\{6B0B39AC-22EC-44AA-AEBB-B9E52250FEED}) (Version: 1.00.0000 - ILLUSION)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
K-Lite Mega Codec Pack 12.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.9.0 - KLCP)
MapleStorySEA version 1.50 (HKLM-x32\...\{838168F3-D9F3-4FC0-B818-1E6E7B7831D5}_is1) (Version: 1.50 - Asiasoft Online Pte.Ltd.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.75 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Playpark Downloader (HKLM-x32\...\{D81B5861-F391-4905-A779-8A82994F3A00}) (Version: 0.3.6 - Asiasoft Online)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
μTorrent (HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
完美游戏平台 (HKLM-x32\...\PGP) (Version: 2.5.9.1227 - PWRD, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B7E15E4-76FB-4718-A15A-6F7E5136B5FB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-02-01] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-02-09 20:50 - 2016-01-23 09:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2017-02-09 20:54 - 2016-06-15 09:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2017-02-09 20:54 - 2016-06-15 09:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-02-10 14:05 - 2016-06-15 09:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 21:25 - 2017-03-04 12:44 - 00001192 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 xhamsterxxx.xyz
127.0.0.1 www.duba.com
127.0.0.1 admaster.com.cn
127.0.0.1 a.ndzjkw.com
127.0.0.1 c.xingjuhe.com
127.0.0.1 ccc.x.jd.com
127.0.0.1 kc.cli.baihuamao.com
127.0.0.1 www.crnds.com
127.0.0.1 ww.hao123.com
127.0.0.1 www.qunyun.net
127.0.0.1 sale.jd.com
127.0.0.1 www.xiangnan.cc
127.0.0.1 www.yuemei.com
127.0.0.1
127.0.0.1

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AxAutoMntSrv => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: StarWindServiceAE => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WmgpService => 3
HKLM\...\StartupApproved\StartupFolder: => "GIGABYTE OC_GURU.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1811311261-2537790386-1638266141-1001\...\StartupApproved\Run: => "AlcoholAutomount"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3D6F92E3-5410-4DE7-B339-F5E136873626}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F6AFA09-7D4F-442A-8CE8-E94012BEFA8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{946B61ED-7E76-40CE-B325-817EE0A737C4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{375D0796-CF8C-4FED-8D6E-5B15F65BFE48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4A9CC1BB-C7CD-414D-917F-15A8EED342CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B85BA918-4485-43EE-9449-D5648F7C5D9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{2E68CAFE-BCAF-4CDA-87BA-65E678FE5BAB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{71CA6087-8F98-49D6-81B7-5F2EF7A2876C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CEE6F92C-DA85-42D5-8549-20A47DEFDB2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D022D86D-9A8B-462D-983A-569475070C34}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{51B6253F-D390-415D-8D37-2148E279EAF1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{85D540F2-E186-4B47-B1F3-F579F19CF756}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B4CEF642-48ED-48A5-A461-3927C62A95F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{C96E1ACA-8541-49DF-95C8-BF33A252A5DE}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{D68801A9-2992-4058-9E70-7679EE1A8E61}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{91938808-AF53-46DD-BA75-446E783DD0C4}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{F08F38FA-6230-4309-8C10-7DBC9D0D570D}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{9C817201-D5D9-4144-9ACA-E5DBAEA3489A}] => (Allow) C:\Program Files (x86)\PGP\wmgp.exe
FirewallRules: [{3D880ABF-D6D1-4019-B36E-3A2187F73D15}] => (Allow) C:\Program Files (x86)\PGP\wmgp.exe
FirewallRules: [{CA42FA96-8EB6-4DFD-8A62-D29BF3B079B4}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebGame.exe
FirewallRules: [{4F8A94C2-39B0-40E1-86EB-64545DB9C0E4}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebGame.exe
FirewallRules: [{860A50E9-9789-4ECA-9041-B147550F8DB2}] => (Allow) C:\Program Files (x86)\PGP\WmgpBrowser.exe
FirewallRules: [{33B1BA51-BEB5-458C-9B75-600C14CF0AC8}] => (Allow) C:\Program Files (x86)\PGP\WmgpBrowser.exe
FirewallRules: [{755296EB-0819-4537-9994-151B706F1DEE}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebBooster.exe
FirewallRules: [{7DFD6D21-7FEB-44C3-B617-5564864043A7}] => (Allow) C:\Program Files (x86)\PGP\WmgpWebBooster.exe
FirewallRules: [{DBD0BBFB-14BE-455A-98BB-AD67B065BF22}] => (Allow) C:\Program Files (x86)\PGP\XunLei\download\MiniThunderPlatform.exe
FirewallRules: [{552BEAB5-5A76-4ED1-81BB-5384C11E80DE}] => (Allow) C:\Program Files (x86)\PGP\XunLei\download\MiniThunderPlatform.exe
FirewallRules: [{F52A5708-F3E7-45EE-B616-B5D24B48721B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{5C95202A-2C7E-4A12-870D-7446E5F28B8E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{7856266E-56C8-4874-9F8E-E5D1FEFA279F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{24885D04-D094-4341-9EFD-225DEBB8B1A3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{520FA5FB-7D30-416D-983D-5B159E4B27D3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{360BF758-9FCD-4BF8-89FB-DA267AA6F92C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{09E5A488-7AEB-4C2A-8AA7-69B6B264DB60}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5F65CD03-5030-47F8-BD17-D413DEBDC391}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E2C7DBA4-C68F-4D6A-BA56-1D314404092F}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{37522116-8C98-4992-9973-12FDFCB8DF29}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8E04F20B-22A6-4B02-AB1E-5BA1A6BAEF4D}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B8EC7065-46E9-4F2D-A7F6-A4E664C8CA42}] => (Allow) C:\Users\Lee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5DFB6AF9-41C6-41FD-975B-459E654BA093}] => (Allow) %ProgramFiles% (x86)\Wizet\MapleStorySEA\MapleStory.exe
FirewallRules: [{02A081D6-A909-40FC-A7B9-D1A641FE3872}] => (Allow) C:\Windows\Explorer.EXE
FirewallRules: [{B713A9BB-3A39-4367-84E8-1BB4F0593DD6}] => (Allow) C:\Windows\Explorer.EXE

==================== Restore Points =========================

03-03-2017 07:12:53 JRT Pre-Junkware Removal
03-03-2017 21:24:45 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2017 07:55:04 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/05/2017 07:55:02 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (03/04/2017 10:52:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Exception code: 0xc0000005
Fault offset: 0x0107f484
Faulting process id: 0xb10
Faulting application start time: 0x01d294f6f3a14aea
Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SysWOW64\svchost.exe
Report Id: 3d55c0fa-00ea-11e7-828a-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:

Error: (03/04/2017 10:52:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Faulting module name: svchost.exe, version: 6.3.9600.16384, time stamp: 0x589d870d
Exception code: 0xc00001a5
Fault offset: 0x016d101b
Faulting process id: 0xb10
Faulting application start time: 0x01d294f6f3a14aea
Faulting application path: C:\Windows\SysWOW64\svchost.exe
Faulting module path: C:\Windows\SysWOW64\svchost.exe
Report Id: 3b3ec01f-00ea-11e7-828a-20cf30859c12
Faulting package full name:
Faulting package-relative application ID:

Error: (03/04/2017 10:43:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (03/04/2017 10:43:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=096ce63d-4fac-48a9-82a9-61ae9e800e5f;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

System errors:
=============
Error: (03/04/2017 10:41:58 PM) (Source: DCOM) (EventID: 10010) (User: PETERLEE)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 50%
Total physical RAM: 2047.11 MB
Available physical RAM: 1011.26 MB
Total Virtual: 4095.11 MB
Available Virtual: 2141.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.78 GB) (Free:113.8 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:232.88 GB) (Free:57.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 87A087A0)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#19
Peter Lee

Posted 04 March 2017 - 07:56 PM

Member

Topic Starter
Member
117 posts

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...ad/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Lee [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/05/2017 08:20:43 (Duration : 01:31:19)

¤¤¤ Processes : 12 ¤¤¤
[Proc.Injected] explorer.exe(2108) -- C:\Windows\explorer.exe[7] -> Found
[Proc.Svchost] svchost.exe(920) -- c:\Windows\SysWOW64\svchost.exe[7] -> Found
[Proc.Svchost] svchost.exe(864) -- c:\Windows\SysWOW64\svchost.exe[7] -> Found
[Proc.Svchost] svchost.exe(1436) -- c:\Windows\SysWOW64\svchost.exe[7] -> Found
[Proc.Svchost] svchost.exe(1536) -- c:\Windows\SysWOW64\svchost.exe[7] -> Found
[Proc.Svchost] svchost.exe(3544) -- c:\Windows\SysWOW64\svchost.exe[7] -> Found
[Proc.Injected|Proc.RunPE] svchost.exe(4244) -- C:\Windows\SysWOW64\svchost.exe[7] -> Found
[Proc.Svchost] svchost.exe(4244) -- C:\Windows\SysWOW64\svchost.exe[7] -> Found
[Proc.Svchost] svchost.exe(1896) -- C:\Windows\SysWOW64\svchost.exe[7] -> Found
[Proc.Svchost] svchost.exe(1624) -- c:\Windows\SysWOW64\svchost.exe[7] -> Found
[Proc.Svchost] svchost.exe(4468) -- c:\Windows\SysWOW64\svchost.exe[7] -> Found
[Proc.Svchost] svchost.exe(5772) -- c:\Windows\SysWOW64\svchost.exe[7] -> Found

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Tr.Gen0][File] C:\Users\Lee\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AVDS-63U7B1 ATA Device +++++
--- User ---
[MBR] 980202c866ad091d46a19d7daf7a8b99
[BSP] b84a50072ff445f81b96251487123de0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238363 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 488376000 | Size: 238473 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

#20
RKinner

Posted 04 March 2017 - 09:57 PM

Malware Expert

Expert
24,624 posts

See if Rogue Killer can remove all of the things it found. Apparently there is an infection we can't see with FRST.

I would reboot afterwards then rerun Rogue Killer to see if it stayed aways.

#21
Peter Lee

Posted 05 March 2017 - 12:29 AM

Member

Topic Starter
Member
117 posts

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Lee [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/05/2017 08:20:43 (Duration : 01:31:19)

¤¤¤ Processes : 12 ¤¤¤
[Proc.Injected] explorer.exe(2108) -- C:\Windows\explorer.exe[7] -> Killed [TermProc]
[Proc.Svchost] svchost.exe(920) -- c:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermProc]
[Proc.Svchost] svchost.exe(864) -- c:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermProc]
[Proc.Svchost] svchost.exe(1436) -- c:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermProc]
[Proc.Svchost] svchost.exe(1536) -- c:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermThr]
[Proc.Svchost] svchost.exe(3544) -- c:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermThr]
[Proc.Injected|Proc.RunPE] svchost.exe(4244) -- C:\Windows\SysWOW64\svchost.exe[7] -> [NoKill]
[Proc.Svchost] svchost.exe(4244) -- C:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermThr]
[Proc.Svchost] svchost.exe(1896) -- C:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermThr]
[Proc.Svchost] svchost.exe(1624) -- c:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermThr]
[Proc.Svchost] svchost.exe(4468) -- c:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermThr]
[Proc.Svchost] svchost.exe(5772) -- c:\Windows\SysWOW64\svchost.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Tr.Gen0][File] C:\Users\Lee\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

#22
Peter Lee

Posted 05 March 2017 - 04:36 AM

Member

Topic Starter
Member
117 posts

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Safe mode
User : Lee [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 03/05/2017 14:33:09 (Duration : 00:25:58)

¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected] explorer.exe(620) -- C:\Windows\explorer.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AVDS-63U7B1 ATA Device +++++
--- User ---
[MBR] 980202c866ad091d46a19d7daf7a8b99
[BSP] b84a50072ff445f81b96251487123de0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238363 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 488376000 | Size: 238473 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

#23
Peter Lee

Posted 05 March 2017 - 04:37 AM

Member

Topic Starter
Member
117 posts

C:\Windows\explorer.exe - unable clean.

#24
RKinner

Posted 05 March 2017 - 05:55 AM

Malware Expert

Expert
24,624 posts

Download aswMBR.exe to your desktop.

The link is a direct download so the page won't change.

Right click the aswMBR.exe and select Run As Administrator to run it

Wait until the AV Scan shows up at the bottom left.

Change AV Scan: from Quick Scan to C:\

Click the "Scan" button to start scan

If it asks you to allow the Avast engine to download then say Yes. It will take a while to finish.

On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply

If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

#25
Peter Lee

Posted 05 March 2017 - 05:07 PM

Member

Topic Starter
Member
117 posts

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-03-05 22:56:56
-----------------------------
22:56:56.425    OS Version: Windows x64 6.2.9200
22:56:56.425    Number of processors: 2 586 0x170A
22:56:56.425    ComputerName: PETERLEE UserName: Lee
22:56:57.331    Initialize success
22:56:57.472    VM: initialized successfully
22:56:57.472    VM: Intel CPU supported
22:57:06.409    VM: disk I/O atapi.sys
07:05:32.980    The log file has been saved successfully to "C:\Users\Lee\Desktop\aswMBR.txt"

#26
RKinner

Posted 05 March 2017 - 11:19 PM

Malware Expert

Expert
24,624 posts

Doesn't look like it finished.

download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:

http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.

Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot

Open an elevated command prompt:

http://www.eightforu...indows-8-a.html

If you open an elevated command prompt it will by default open in c:\Windows\system32

Once you have an elevated command prompt:

Type(with an Enter after each line):


 DISM  /Online  /Cleanup-Image  /RestoreHealth

(I use two spaces so you can be sure to see where one space goes.)

This will take a while to complete. Once the prompt returns:

Reboot. Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow

This will also take a few minutes.

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)

Windows Resource Protection found corrupt files and repaired them (a good thing)

Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt

Hit Enter. Then type::

notepad  \junk.txt

Hit Enter.

Copy the text from notepad and paste it into a reply.

After you finish SFC, regardless of the result:

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Run Rogue Killer again see if it still sees something in explorer.exe that it can't fix.

#27
Peter Lee

Posted 06 March 2017 - 02:56 AM

Member

Topic Starter
Member
117 posts

Windows resource protection did not find any integrity violation

#28
Peter Lee

Posted 06 March 2017 - 03:00 AM

Member

Topic Starter
Member
117 posts

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 06/03/2017 4:59:36 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/03/2017 7:01:16 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 06/03/2017 7:01:16 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 06/03/2017 7:01:15 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 06/03/2017 12:45:12 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/03/2017 8:57:48 AM
Type: Warning Category: 0
Event: 4204 Source: Tcpip
Autoconfigured address limit has been reached. No further autoconfigured addresses will be added until the interface is reconnected.

Log: 'System' Date/Time: 06/03/2017 8:54:03 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name s5.hunantv.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:51:18 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name hyssp.haiyunx.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:50:10 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.googletagservices.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:49:33 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.rayli.com.cn timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:45:58 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pixel.rubiconproject.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:41:53 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ttl.haoyuu.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:38:49 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name hm.baidu.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:36:12 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.st8090.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:35:37 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name api.share.baidu.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:35:05 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name 3img.mgtv.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:32:30 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name cpro.baidustatic.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:31:56 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name tk.dmp.org.cn timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:27:13 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dup.baidustatic.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:26:19 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name js.revsci.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:17:18 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name trk.mct01.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:10:06 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.mgtv.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:07:01 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name sub.tangdoou.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:06:55 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name img02.taobaocdn.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/03/2017 8:03:37 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.nvcong.com timed out after none of the configured DNS servers responded.

#29
Peter Lee

Posted 06 March 2017 - 03:03 AM

Member

Topic Starter
Member
117 posts

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 06/03/2017 4:59:36 PM

Note: All dates below are in the format dd/mm/yyyy

#30
Peter Lee

Posted 06 March 2017 - 04:51 AM

Member

Topic Starter
Member
117 posts

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Safe mode
User : Lee [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete Aborted -- Date : 03/06/2017 17:50:35 (Duration : 00:00:32)

¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected] explorer.exe(660) -- C:\Windows\explorer.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤