1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Infection with 1,000s of Junk files... HELP!

Discussion in 'Virus & Other Malware Removal' started by fru, Apr 29, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. fru

    fru Thread Starter

    Joined:
    Apr 28, 2015
    Messages:
    9
    The other night Internet Explorer stopped working. Two windows would pop up saying, first, that Internet Explorer (IE) was not working, and next that a solution was being searched for.
    Restarted computer several times.
    Used phone to look up "what to do when Internet Explorer stops working" and followed these suggestions:
    -Restarted Computer again.
    -Made sure all updates were installed.
    -Turned IE off and then on again.
    -Ran IE Performance troubleshooter.
    -Turned off add-ons.
    -Changed homepage.
    -Cleared online history. (nothing worked, though I noticed even though IE didn't work when I opened it from my desktop, it worked when I opened it from the Windows Start Page, instead).
    -Finally, I attempted a system restore for the recommended day and time, which didn't fix the issue, so I did a system restore from an earlier date and time, and got IE to work again, though there were now previously uninstalled apps on my desktop that I could not uninstall this time (they're still on my computer).


    I called Toshiba Tech Support and was told my computer had multiple infections and Thousands of Junk Files. The Toshiba guy found these (through remote access), when he downloaded SpeedyPCPro onto my desktop and started a scan of my computer. Our call was ended before completing the scan or fixing the problem (the issues were left unresolved).


    Later that evening (and multiple times today), I completed the scan myself (because SpeedyPCPro was still on my computer as a 14 day free trial), and there were multiple issues from almost every category. I clicked to fix the problems, though every time I do the scan, there's still privacy issues and excessive junk files, among other issues.


    I had my phone plugged in to charge its battery from my computer the night I noticed all of these problems, so I don't know if my phone is infected or not.


    I have also downloaded a few items without knowing whether or not they were from reputable sources (so I don't know if any of those downloads were the cause of the infection).


    I really need guidance on how to permanently repair the issues on my laptop (and possibly my phone, too). What I am looking for from this post is:


    1. Get to the root of current issues and permanently fix them.
    2. Get recommendations for where to get open source security options (I currently have antivirus protection, though I guess it doesn't protect against malware (?)) and protect all of my technology, so that I can use the internet freely and securely.
    3. Advice and/or recommendations on what I can do to prevent this from ever happening again.


    PLEASE HELP!!!




    Here's the system info for my computer:


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 8.1 with Bing, 64 bit
    Processor: AMD E1-2100 APU with Radeon(TM) HD Graphics, AMD64 Family 22 Model 0 Stepping 1
    Processor Count: 2
    RAM: 3508 Mb
    Graphics Card: AMD Radeon HD 8210, 512 Mb
    Hard Drives: C: Total - 466080 MB, Free - 428854 MB;
    Motherboard: TOSHIBA, ZKWAE
    Antivirus: Trend Micro Internet Security, Updated: Yes, On-Demand Scanner: Enabled




    (I tried to get the system info from my phone, but for some reason, after it downloads, it says the file can't be opened) :(
     
  2. fru

    fru Thread Starter

    Joined:
    Apr 28, 2015
    Messages:
    9
    Update Since First Post:


    I was able to uninstall one of the apps that previously could not be uninstalled. I had to download that app again in order to uninstall it. So now that's taken care of.


    Unfortunately, there are still issues on my computer. When attempting to watch YouTube videos this morning, I got the green screen again. When this first happened I downloaded a recent flashplayer, and the problem seemed to be resolved. This time, instead, I rescanned the computer with SpeedyPCPro and "fixed" the privacy issues and junk files that were found, and this made it so that I did not have to update my flashplayer in order to view the YouTube videos.


    Next series of unfortunate events:


    The TrendMicro Antivirus program that I got with the purchase of this computer, just alerted me to 9 detections of Spyware. If this isn't bad enough, it looks like the spyware is from the SpeedyPCPro app the Toshiba guy had me download onto my computer. I was going to attach a Word document where I did several print screens of the alerts (in case my understanding is incorrect), but the files were too big.

    If anybody knows of a post that already has the steps to remedy these issues, please let me know. I don't want to do anything else to my computer without getting some guidance first, though (basically, I don't want to make the problem worse).


    Please help as soon as possible. Hope to hear from someone soon.
     
  3. fru

    fru Thread Starter

    Joined:
    Apr 28, 2015
    Messages:
    9
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
    Ran by YuAnAi (administrator) on PINGLING on 02-05-2015 23:11:51
    Running from C:\Users\YuAnAi\Downloads
    Loaded Profiles: YuAnAi (Available profiles: YuAnAi)
    Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
    (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (SpeedyPC Software) C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    () C:\Program Files\WindowsApps\sMedioforToshiba.TOSHIBAMediaPlayerbysMedioTrueLin_3.0.0.39_x64__679ekb9hp1h62\TrueLink+.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
    HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
    HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
    HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.)
    HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-07-20] (Trend Micro Inc.)
    HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2020488 2015-01-29] (Trend Micro Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-23] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKU\S-1-5-21-93962909-1410810787-3032571207-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
    HKU\S-1-5-21-93962909-1410810787-3032571207-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
    HKU\S-1-5-21-93962909-1410810787-3032571207-1001\...\RunOnce: [Application Restart #0] => C:\Users\YuAnAi\AppData\Local\Pokki\Engine\HostAppService.exe [7848776 2015-03-24] (Pokki)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-93962909-1410810787-3032571207-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-93962909-1410810787-3032571207-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
    HKU\S-1-5-21-93962909-1410810787-3032571207-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
    HKU\S-1-5-21-93962909-1410810787-3032571207-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-93962909-1410810787-3032571207-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-93962909-1410810787-3032571207-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-93962909-1410810787-3032571207-1001 -> {41EFCB77-681E-4FBC-BFF3-1B98A3C66335} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-04-13] (Microsoft Corporation)
    BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-01-29] (Trend Micro Inc.)
    BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
    BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.)
    BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll [2014-07-11] (Trend Micro Inc.)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-13] (Microsoft Corporation)
    BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-01-29] (Trend Micro Inc.)
    BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
    BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.)
    BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll [2014-07-11] (Trend Micro Inc.)
    Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-01-29] (Trend Micro Inc.)
    Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
    Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-01-29] (Trend Micro Inc.)
    Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-13] (Microsoft Corporation)
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll [2014-07-11] (Trend Micro Inc.)
    Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll [2014-07-11] (Trend Micro Inc.)
    Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.)
    Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.)
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
    Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.)
    Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    FireFox:
    ========
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-12] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-11-14] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
    FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2015-04-10]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension
    FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
    FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-04-10]
    FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
    FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-04-10]
    FF HKLM-x32\...\Firefox\Extensions: [{8197dd50-b252-4b08-a1be-1277f22357bb}] - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt
    FF Extension: Trend Micro Password Manager Firefox Extension - C:\Program Files\Trend Micro\TMIDS\PwmFirefoxExt [2015-04-10]
    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - https://clients2.google.com/service/update2/crx
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-22] () [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
    S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-05-02] (WildTangent) [File not signed]
    R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-07-20] (Trend Micro Inc.)
    R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [325656 2015-01-29] (Trend Micro Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
    S3 kbfilter; C:\Windows\system32\DRIVERS\kbfilter.sys [67408 2015-01-29] (Trend Micro Inc.)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
    R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29936 2014-02-21] (Synaptics Incorporated)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows (R) Win 7 DDK provider)
    R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.)
    R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.)
    R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-09] (Trend Micro Inc.)
    R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [106296 2014-07-09] (Trend Micro Inc.)
    S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [37904 2014-07-09] (Trend Micro Inc.)
    R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.)
    R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [407864 2014-07-09] (Trend Micro Inc.)
    R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-05-02 23:11 - 2015-05-02 23:13 - 00016608 _____ () C:\Users\YuAnAi\Downloads\FRST.txt
    2015-05-02 23:11 - 2015-05-02 23:12 - 00000000 ____D () C:\FRST
    2015-05-02 22:46 - 2015-05-02 23:01 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\Nico Mak Computing
    2015-05-02 22:44 - 2015-05-02 22:45 - 04798152 _____ (WinZip International LLC ) C:\Users\YuAnAi\Downloads\wzmp_10.exe
    2015-05-02 11:47 - 2015-05-02 11:47 - 00010580 _____ () C:\Windows\PFRO.log
    2015-05-02 11:47 - 2015-05-02 11:47 - 00000116 _____ () C:\Windows\setupact.log
    2015-05-02 11:47 - 2015-05-02 11:47 - 00000000 _____ () C:\Windows\setuperr.log
    2015-04-30 19:56 - 2015-05-02 22:23 - 00762985 _____ () C:\Windows\WindowsUpdate.log
    2015-04-30 17:11 - 2015-04-30 17:14 - 09629976 _____ (CyberGhost S.R.L. ) C:\Users\YuAnAi\Downloads\CG_5.0.14.7.exe
    2015-04-28 18:38 - 2015-05-02 23:10 - 02100736 _____ (Farbar) C:\Users\YuAnAi\Downloads\FRST64.exe
    2015-04-28 16:34 - 2015-04-28 16:34 - 00000040 _____ () C:\Users\YuAnAi\Desktop\TECHNICAL SUPPORT.txt
    2015-04-28 15:45 - 2015-05-02 22:13 - 00000486 _____ () C:\Windows\Tasks\SpeedyPC Pro Startup.job
    2015-04-28 15:45 - 2015-05-01 18:00 - 00000512 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job
    2015-04-28 15:45 - 2015-05-01 14:56 - 00000591 _____ () C:\Windows\Tasks\SpeedyPC Pro_sch_353FCE45-EDF8-11E4-826C-F0761C88E2C9.job
    2015-04-28 15:45 - 2015-04-29 09:20 - 00000484 _____ () C:\Windows\Tasks\SpeedyPC Update Version3_triggeronce.job
    2015-04-28 15:45 - 2015-04-29 09:20 - 00000484 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job
    2015-04-28 15:45 - 2015-04-28 15:45 - 00004006 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro_sch_353FCE45-EDF8-11E4-826C-F0761C88E2C9
    2015-04-28 15:45 - 2015-04-28 15:45 - 00003278 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3
    2015-04-28 15:45 - 2015-04-28 15:45 - 00003158 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3
    2015-04-28 15:45 - 2015-04-28 15:45 - 00002944 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3_triggeronce
    2015-04-28 15:45 - 2015-04-28 15:45 - 00002620 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro Startup
    2015-04-28 15:45 - 2015-04-28 15:45 - 00001228 _____ () C:\Users\YuAnAi\Desktop\SpeedyPC Pro.lnk
    2015-04-28 15:45 - 2015-04-28 15:45 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\SpeedyPC Software
    2015-04-28 15:44 - 2015-04-28 15:44 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
    2015-04-28 15:44 - 2015-04-28 15:44 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
    2015-04-28 15:44 - 2015-04-28 15:44 - 00000000 ____D () C:\Program Files (x86)\SpeedyPC Software
    2015-04-28 15:09 - 2015-04-28 15:09 - 00002239 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iN Technologies.lnk
    2015-04-28 11:42 - 2015-04-28 11:42 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\Trend Micro
    2015-04-28 01:02 - 2015-04-28 01:02 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\BeFrugal
    2015-04-26 11:26 - 2015-04-26 11:26 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\Mozilla
    2015-04-24 23:49 - 2015-04-28 13:53 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\vlc
    2015-04-24 23:49 - 2015-04-24 23:49 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\dvdcss
    2015-04-24 23:47 - 2015-04-24 23:47 - 00000000 ____D () C:\Program Files\VideoLAN
    2015-04-24 23:14 - 2015-04-24 23:14 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\MediaShow
    2015-04-21 10:09 - 2015-04-21 10:09 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\Apple Computer
    2015-04-21 01:43 - 2015-04-21 01:43 - 00000000 ____D () C:\Users\YuAnAi\Documents\SavedGames
    2015-04-20 21:48 - 2015-04-20 21:48 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-04-20 21:48 - 2015-04-20 21:48 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
    2015-04-20 21:48 - 2015-04-20 21:48 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\Apple
    2015-04-20 21:48 - 2015-04-20 21:48 - 00000000 ____D () C:\ProgramData\Apple
    2015-04-20 21:48 - 2015-04-20 21:48 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2015-04-20 20:34 - 2015-04-20 20:34 - 00000000 ____D () C:\Program Files\TAP-Windows
    2015-04-20 20:33 - 2015-04-30 17:22 - 00000000 ____D () C:\Program Files\CyberGhost 5
    2015-04-18 08:40 - 2015-04-28 15:11 - 00000010 _____ () C:\Users\YuAnAi\AppData\Local\sponge.last.runtime.cache
    2015-04-16 00:50 - 2015-04-28 13:55 - 00000000 ____D () C:\Users\YuAnAi\Documents\CyberLink
    2015-04-16 00:45 - 2015-04-28 13:02 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\CyberLink
    2015-04-16 00:41 - 2015-04-28 12:59 - 00000000 ____D () C:\Program Files (x86)\CyberLink
    2015-04-16 00:19 - 2015-04-16 00:19 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\WinBatch
    2015-04-15 22:08 - 2015-04-28 13:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-04-15 22:08 - 2015-04-15 22:08 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-04-15 21:01 - 2015-03-22 15:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-04-15 21:01 - 2015-03-22 15:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-04-15 21:01 - 2015-03-22 15:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-04-15 21:01 - 2015-03-22 15:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-04-15 21:01 - 2015-03-22 15:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-04-15 21:01 - 2015-03-22 15:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-04-15 21:01 - 2015-03-22 15:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-04-15 21:01 - 2014-12-02 16:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-04-15 12:10 - 2015-03-14 01:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-04-15 12:10 - 2015-03-14 01:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2015-04-15 11:06 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-04-15 11:06 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-04-15 11:06 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-04-15 11:06 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-04-15 11:06 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-04-15 11:05 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-04-15 11:05 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-04-15 11:04 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-04-15 11:04 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-04-15 11:04 - 2015-03-12 20:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-04-15 11:04 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-04-15 11:04 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-04-15 11:04 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-04-15 11:04 - 2015-03-12 20:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-04-15 11:04 - 2015-03-12 20:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-04-15 11:04 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-04-15 11:04 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-04-15 11:04 - 2015-03-12 19:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2015-04-15 11:04 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-04-15 11:04 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-04-15 11:04 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-04-15 11:04 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-04-15 11:04 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-04-15 11:04 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-04-15 10:39 - 2015-03-14 01:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-04-15 10:39 - 2015-03-13 18:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-04-15 10:39 - 2015-03-13 18:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-04-15 10:39 - 2015-03-13 18:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-04-15 10:39 - 2015-03-13 18:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-04-15 10:39 - 2015-03-13 18:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-04-15 10:39 - 2015-03-13 17:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-04-15 10:39 - 2015-03-13 17:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-04-15 10:39 - 2015-03-13 17:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-04-15 10:39 - 2015-03-13 17:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
    2015-04-15 10:39 - 2015-03-13 17:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2015-04-15 10:39 - 2015-03-13 17:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-04-15 10:39 - 2015-03-13 17:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-04-15 10:39 - 2015-03-13 17:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-04-15 10:39 - 2015-03-13 17:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-04-15 10:39 - 2015-03-13 17:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-04-15 10:39 - 2015-03-13 16:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-04-15 10:39 - 2015-03-13 16:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-04-15 10:39 - 2014-10-17 23:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
    2015-04-15 09:38 - 2015-03-23 14:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-04-15 09:38 - 2015-03-23 14:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-04-15 09:38 - 2015-03-23 14:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-04-15 09:38 - 2015-03-23 14:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-04-15 09:38 - 2015-03-23 14:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
    2015-04-15 09:38 - 2015-03-19 21:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
    2015-04-15 09:38 - 2015-03-19 21:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-04-15 09:38 - 2015-03-19 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-04-15 09:38 - 2015-03-19 20:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-04-15 09:38 - 2015-03-19 19:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
    2015-04-15 09:38 - 2015-03-19 19:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-04-15 09:38 - 2015-03-19 19:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-04-15 09:38 - 2014-10-28 19:43 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-04-15 09:38 - 2014-10-28 19:17 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-04-15 09:38 - 2014-10-28 18:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
    2015-04-15 09:38 - 2014-10-28 18:38 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
    2015-04-15 09:38 - 2014-10-28 18:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-04-15 09:38 - 2014-10-28 18:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-04-15 09:38 - 2014-10-28 18:04 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
    2015-04-15 09:38 - 2014-10-28 18:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
    2015-04-15 09:32 - 2015-03-12 19:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2015-04-15 09:32 - 2015-03-12 19:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2015-04-15 09:32 - 2015-02-20 16:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
    2015-04-15 09:32 - 2014-10-28 19:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
    2015-04-15 09:27 - 2015-02-24 01:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-04-15 09:21 - 2015-03-04 03:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
    2015-04-15 09:21 - 2015-03-03 20:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-04-15 09:21 - 2015-03-03 19:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
    2015-04-13 17:24 - 2015-04-13 17:24 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\Adobe
    2015-04-13 11:52 - 2015-04-13 11:52 - 00001401 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
    2015-04-13 11:52 - 2015-04-13 11:52 - 00001332 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    2015-04-13 11:52 - 2015-04-13 11:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    2015-04-13 11:52 - 2015-04-13 11:52 - 00000000 ____D () C:\Windows\en
    2015-04-13 11:39 - 2015-04-13 11:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2015-04-13 11:38 - 2015-04-13 11:38 - 00002513 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    2015-04-13 11:38 - 2015-04-13 11:38 - 00001485 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2015-04-13 11:20 - 2015-04-13 11:39 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2015-04-13 11:20 - 2015-04-13 11:20 - 00000000 ____D () C:\Windows\PCHEALTH
    2015-04-13 11:20 - 2015-04-13 11:20 - 00000000 ____D () C:\Program Files\Windows Live
    2015-04-13 11:19 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
    2015-04-13 11:19 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
    2015-04-13 11:19 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
    2015-04-13 11:19 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
    2015-04-13 11:18 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
    2015-04-13 11:18 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2015-04-13 11:18 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
    2015-04-13 11:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2015-04-13 11:18 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
    2015-04-13 11:18 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
    2015-04-13 11:18 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
    2015-04-13 11:18 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
    2015-04-13 11:09 - 2015-04-18 22:18 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\Windows Live
    2015-04-12 22:12 - 2015-04-21 00:30 - 00010562 _____ () C:\Users\YuAnAi\Desktop\Crosswords.xlsx
    2015-04-12 17:42 - 2015-05-02 22:25 - 00004978 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PingLing-YuAnAi PingLing
    2015-04-12 17:42 - 2015-05-02 22:15 - 00000000 ___RD () C:\Users\YuAnAi\OneDrive
    2015-04-12 14:38 - 2015-04-13 11:08 - 00003098 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-93962909-1410810787-3032571207-1001
    2015-04-12 14:38 - 2015-04-12 17:42 - 00000000 ___RD () C:\Users\YuAnAi\OneDrive.old
    2015-04-12 14:37 - 2015-04-12 14:37 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
    2015-04-12 14:27 - 2015-04-12 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-04-12 14:26 - 2015-04-13 13:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-04-11 21:01 - 2015-04-28 13:55 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-04-11 21:01 - 2015-04-11 21:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
    2015-04-11 16:09 - 2014-07-24 02:44 - 16874496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
    2015-04-11 16:09 - 2014-07-24 02:16 - 12730880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
    2015-04-11 16:08 - 2014-07-24 08:28 - 00412992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
    2015-04-11 16:08 - 2014-07-24 08:28 - 00143680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2015-04-11 16:08 - 2014-07-24 08:16 - 02574208 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2015-04-11 16:08 - 2014-07-24 08:07 - 02009920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2015-04-11 16:08 - 2014-07-24 08:05 - 01660048 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-04-11 16:08 - 2014-07-24 08:05 - 01519560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-04-11 16:08 - 2014-07-24 08:03 - 02141920 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
    2015-04-11 16:08 - 2014-07-24 08:03 - 00882136 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-04-11 16:08 - 2014-07-24 08:03 - 00205512 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
    2015-04-11 16:08 - 2014-07-24 06:48 - 02410976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2015-04-11 16:08 - 2014-07-24 06:36 - 02145472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
    2015-04-11 16:08 - 2014-07-24 06:36 - 00707536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-04-11 16:08 - 2014-07-24 06:36 - 00180720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
    2015-04-11 16:08 - 2014-07-24 04:44 - 00674816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2015-04-11 16:08 - 2014-07-24 04:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2015-04-11 16:08 - 2014-07-24 04:05 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
    2015-04-11 16:08 - 2014-07-24 03:20 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
    2015-04-11 16:08 - 2014-07-24 02:52 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
    2015-04-11 16:08 - 2014-07-24 02:39 - 00770048 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
    2015-04-11 16:08 - 2014-07-24 02:33 - 01741824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
    2015-04-11 16:08 - 2014-07-24 02:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
    2015-04-11 16:08 - 2014-07-24 01:53 - 01261056 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
    2015-04-11 16:08 - 2014-07-24 01:39 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
    2015-04-11 16:08 - 2014-07-24 01:38 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
    2015-04-11 16:08 - 2014-07-24 01:32 - 01532416 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
    2015-04-11 16:08 - 2014-07-24 01:29 - 00439296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
    2015-04-11 16:08 - 2014-07-24 01:21 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
    2015-04-11 16:08 - 2014-07-24 01:21 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
    2015-04-11 16:08 - 2014-07-24 01:18 - 00795136 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
    2015-04-11 16:08 - 2014-07-24 01:10 - 00889344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
    2015-04-11 16:08 - 2014-07-24 01:10 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
    2015-04-11 16:08 - 2014-07-24 01:01 - 01992192 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
    2015-04-11 16:08 - 2014-07-24 00:50 - 01182208 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
    2015-04-11 16:08 - 2014-07-24 00:44 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
    2015-04-11 16:08 - 2014-07-24 00:28 - 01600000 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
    2015-04-11 16:08 - 2014-07-04 02:30 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
    2015-04-11 16:08 - 2014-07-04 02:27 - 00474112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
    2015-04-11 16:08 - 2014-06-13 23:03 - 02389504 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-04-11 16:08 - 2014-06-13 22:46 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-04-11 16:08 - 2014-05-05 21:41 - 00486744 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
    2015-04-11 16:08 - 2014-05-05 17:55 - 00391000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
    2015-04-11 16:07 - 2014-07-24 08:28 - 00419648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2015-04-11 16:07 - 2014-07-24 08:28 - 00280384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
    2015-04-11 16:07 - 2014-07-24 08:23 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2015-04-11 16:07 - 2014-07-24 08:23 - 00125472 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
    2015-04-11 16:07 - 2014-07-24 08:20 - 00263400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
    2015-04-11 16:07 - 2014-07-24 08:16 - 00211216 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
    2015-04-11 16:07 - 2014-07-24 08:05 - 01488008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-04-11 16:07 - 2014-07-24 08:05 - 01356840 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-04-11 16:07 - 2014-07-24 08:03 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
    2015-04-11 16:07 - 2014-07-24 08:03 - 00233888 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-04-11 16:07 - 2014-07-24 06:50 - 00098048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
    2015-04-11 16:07 - 2014-07-24 06:48 - 00180208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
    2015-04-11 16:07 - 2014-07-24 06:36 - 00355800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
    2015-04-11 16:07 - 2014-07-24 04:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
    2015-04-11 16:07 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2015-04-11 16:07 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2015-04-11 16:07 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2015-04-11 16:07 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2015-04-11 16:07 - 2014-07-24 04:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2015-04-11 16:07 - 2014-07-24 04:46 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
    2015-04-11 16:07 - 2014-07-24 04:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
    2015-04-11 16:07 - 2014-07-24 04:42 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
    2015-04-11 16:07 - 2014-07-24 04:42 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NdisImPlatform.sys
    2015-04-11 16:07 - 2014-07-24 04:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll
    2015-04-11 16:07 - 2014-07-24 04:05 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2015-04-11 16:07 - 2014-07-24 03:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2015-04-11 16:07 - 2014-07-24 03:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2015-04-11 16:07 - 2014-07-24 03:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
    2015-04-11 16:07 - 2014-07-24 03:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2015-04-11 16:07 - 2014-07-24 03:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2015-04-11 16:07 - 2014-07-24 03:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2015-04-11 16:07 - 2014-07-24 03:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
    2015-04-11 16:07 - 2014-07-24 03:32 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
    2015-04-11 16:07 - 2014-07-24 03:18 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
    2015-04-11 16:07 - 2014-07-24 03:12 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
    2015-04-11 16:07 - 2014-07-24 03:10 - 01844224 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
    2015-04-11 16:07 - 2014-07-24 03:10 - 00834560 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2015-04-11 16:07 - 2014-07-24 03:10 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2015-04-11 16:07 - 2014-07-24 03:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasnap.dll
    2015-04-11 16:07 - 2014-07-24 03:05 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
    2015-04-11 16:07 - 2014-07-24 02:42 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
    2015-04-11 16:07 - 2014-07-24 02:40 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PrintDialogs.dll
    2015-04-11 16:07 - 2014-07-24 02:32 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
    2015-04-11 16:07 - 2014-07-24 02:27 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2015-04-11 16:07 - 2014-07-24 02:25 - 00832512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
    2015-04-11 16:07 - 2014-07-24 02:24 - 01817088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
    2015-04-11 16:07 - 2014-07-24 02:21 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
    2015-04-11 16:07 - 2014-07-24 02:18 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
    2015-04-11 16:07 - 2014-07-24 02:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
    2015-04-11 16:07 - 2014-07-24 02:11 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-04-11 16:07 - 2014-07-24 02:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
    2015-04-11 16:07 - 2014-07-24 02:10 - 00540672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
    2015-04-11 16:07 - 2014-07-24 02:04 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
    2015-04-11 16:07 - 2014-07-24 02:04 - 00183808 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
    2015-04-11 16:07 - 2014-07-24 01:58 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
    2015-04-11 16:07 - 2014-07-24 01:53 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
    2015-04-11 16:07 - 2014-07-24 01:49 - 01361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2015-04-11 16:07 - 2014-07-24 01:49 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
    2015-04-11 16:07 - 2014-07-24 01:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
    2015-04-11 16:07 - 2014-07-24 01:48 - 00659968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
    2015-04-11 16:07 - 2014-07-24 01:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
    2015-04-11 16:07 - 2014-07-24 01:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
    2015-04-11 16:07 - 2014-07-24 01:36 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
    2015-04-11 16:07 - 2014-07-24 01:30 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
    2015-04-11 16:07 - 2014-07-24 01:28 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
    2015-04-11 16:07 - 2014-07-24 01:23 - 01404416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
    2015-04-11 16:07 - 2014-07-24 01:22 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
    2015-04-11 16:07 - 2014-07-24 01:18 - 01144320 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
    2015-04-11 16:07 - 2014-07-24 01:16 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
    2015-04-11 16:07 - 2014-07-24 01:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
    2015-04-11 16:07 - 2014-07-24 01:15 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
    2015-04-11 16:07 - 2014-07-24 01:15 - 00432128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
    2015-04-11 16:07 - 2014-07-24 01:13 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
    2015-04-11 16:07 - 2014-07-24 01:08 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
    2015-04-11 16:07 - 2014-07-24 01:05 - 00448000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
    2015-04-11 16:07 - 2014-07-24 00:58 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
    2015-04-11 16:07 - 2014-07-24 00:58 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
    2015-04-11 16:07 - 2014-07-24 00:54 - 01290752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
    2015-04-11 16:07 - 2014-07-24 00:47 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
    2015-04-11 16:07 - 2014-07-24 00:41 - 00459264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
    2015-04-11 16:07 - 2014-07-11 22:55 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
    2015-04-11 16:07 - 2014-07-11 21:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
    2015-04-11 16:07 - 2014-07-04 05:59 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
    2015-04-11 16:07 - 2014-07-04 03:29 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
    2015-04-11 16:07 - 2014-07-04 03:20 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
    2015-04-11 16:07 - 2014-07-04 03:06 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
    2015-04-11 16:07 - 2014-07-04 03:00 - 01351168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
    2015-04-11 16:07 - 2014-06-26 23:22 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2015-04-11 16:07 - 2014-06-25 17:32 - 01029632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
    2015-04-11 16:07 - 2014-06-25 17:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
    2015-04-11 16:07 - 2014-06-19 16:37 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-04-11 16:07 - 2014-06-18 19:13 - 00310080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
    2015-04-11 16:07 - 2014-06-07 05:46 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
    2015-04-11 16:07 - 2014-06-07 03:20 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
    2015-04-11 16:07 - 2014-06-05 03:18 - 01018368 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
    2015-04-11 16:07 - 2014-06-05 02:42 - 00889856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
    2015-04-11 16:07 - 2014-05-30 22:00 - 01463808 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
    2015-04-11 16:07 - 2014-05-30 21:18 - 01319936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
    2015-04-11 16:07 - 2014-05-28 23:23 - 00427008 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
    2015-04-11 16:07 - 2014-05-28 22:25 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
    2015-04-11 16:07 - 2014-05-26 00:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
    2015-04-11 16:07 - 2014-05-10 03:12 - 00387896 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
    2015-04-11 16:07 - 2014-05-10 01:46 - 00335680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
    2015-04-11 16:07 - 2014-03-24 19:27 - 00160600 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
    2015-04-11 16:07 - 2014-03-24 19:27 - 00123920 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
    2015-04-11 16:07 - 2014-03-24 18:20 - 00128568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
    2015-04-11 16:07 - 2014-03-24 18:20 - 00127544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
    2015-04-11 16:06 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTT102.DLL
    2015-04-11 16:06 - 2014-07-24 03:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTT102.DLL
    2015-04-11 16:06 - 2014-07-24 02:14 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
    2015-04-11 16:06 - 2014-07-24 01:00 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
    2015-04-11 00:52 - 2015-04-15 22:06 - 00000000 ____D () C:\Windows\system32\MRT
    2015-04-11 00:52 - 2015-04-15 21:30 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-04-10 22:37 - 2015-04-13 11:55 - 00000000 ____D () C:\Users\YuAnAi\Tracing
    2015-04-10 15:35 - 2015-04-10 15:35 - 00000000 __SHD () C:\Users\YuAnAi\AppData\Local\EmieBrowserModeList
    2015-04-10 15:21 - 2015-04-13 16:24 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-04-10 15:21 - 2015-04-13 16:24 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-10 15:14 - 2015-01-28 18:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-04-10 15:14 - 2015-01-28 18:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-04-10 15:14 - 2015-01-28 17:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
    2015-04-10 15:14 - 2015-01-28 17:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
    2015-04-10 15:14 - 2014-10-28 19:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
    2015-04-10 15:14 - 2014-10-28 19:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
    2015-04-10 15:14 - 2014-10-28 18:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
    2015-04-10 15:14 - 2014-10-28 17:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
    2015-04-10 15:12 - 2015-04-30 19:40 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\CrashDumps
    2015-04-10 15:10 - 2015-01-28 17:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-04-10 15:10 - 2015-01-28 17:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-04-10 14:21 - 2015-02-03 16:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
    2015-04-10 14:21 - 2015-02-03 16:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
    2015-04-10 14:21 - 2015-02-03 16:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
    2015-04-10 14:21 - 2015-02-02 16:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
    2015-04-10 14:21 - 2015-02-02 16:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
    2015-04-10 14:21 - 2015-01-23 00:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
    2015-04-10 14:21 - 2014-10-30 16:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-04-10 14:21 - 2014-10-30 16:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-04-10 14:20 - 2015-01-22 22:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
    2015-04-10 14:20 - 2014-10-12 19:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-04-10 14:20 - 2014-10-10 17:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-04-10 14:20 - 2014-10-10 17:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2015-04-10 14:20 - 2014-10-08 00:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2015-04-10 14:20 - 2014-10-08 00:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2015-04-10 14:20 - 2014-10-07 23:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2015-04-10 14:05 - 2015-01-29 19:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
    2015-04-10 14:05 - 2015-01-29 18:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
    2015-04-10 14:05 - 2015-01-29 18:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
    2015-04-10 14:05 - 2015-01-29 18:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
    2015-04-10 14:05 - 2015-01-29 18:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
    2015-04-10 14:05 - 2015-01-29 18:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
    2015-04-10 14:05 - 2015-01-29 18:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
    2015-04-10 14:05 - 2015-01-29 18:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
    2015-04-10 14:05 - 2014-10-28 18:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll
    2015-04-10 14:05 - 2014-10-28 17:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll
    2015-04-10 13:38 - 2014-12-19 01:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-04-10 13:38 - 2014-12-19 01:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-04-10 13:31 - 2015-02-02 17:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
    2015-04-10 13:31 - 2015-02-02 17:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
    2015-04-10 13:31 - 2015-01-29 19:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
    2015-04-10 13:31 - 2015-01-29 19:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
    2015-04-10 13:31 - 2015-01-29 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
    2015-04-10 13:31 - 2015-01-29 18:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
    2015-04-10 13:31 - 2015-01-29 18:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
    2015-04-10 13:31 - 2014-10-28 18:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
    2015-04-10 13:13 - 2014-12-10 22:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
    2015-04-10 12:57 - 2015-01-26 20:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
    2015-04-10 12:57 - 2015-01-23 18:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
    2015-04-10 12:43 - 2015-02-06 16:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
    2015-04-10 12:43 - 2014-11-09 19:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
    2015-04-10 12:43 - 2014-11-09 18:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
    2015-04-10 12:27 - 2015-01-28 18:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
    2015-04-10 12:27 - 2015-01-28 18:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
    2015-04-10 12:25 - 2015-01-30 16:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
    2015-04-10 12:25 - 2014-12-13 14:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
    2015-04-10 12:25 - 2014-12-13 14:28 - 00513488 _____ () C:\Windows\system32\locale.nls
    2015-04-10 12:25 - 2014-10-28 18:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
    2015-04-10 12:25 - 2014-10-28 18:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
    2015-04-10 12:25 - 2014-10-28 18:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
    2015-04-10 12:25 - 2014-10-28 18:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
    2015-04-10 12:24 - 2015-01-30 16:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
    2015-04-10 12:21 - 2015-02-05 13:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-04-10 12:20 - 2015-01-28 18:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2015-04-10 12:20 - 2015-01-28 18:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2015-04-10 12:20 - 2014-10-28 19:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
    2015-04-10 12:20 - 2014-10-28 19:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
    2015-04-10 12:20 - 2014-10-28 19:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
    2015-04-10 12:20 - 2014-10-28 18:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
    2015-04-10 12:20 - 2014-10-28 18:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
    2015-04-10 12:20 - 2014-10-28 18:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
    2015-04-10 12:20 - 2014-10-28 18:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
    2015-04-10 12:20 - 2014-10-28 18:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
    2015-04-10 12:20 - 2014-10-28 18:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
    2015-04-10 12:20 - 2014-10-28 18:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
    2015-04-10 12:20 - 2014-10-28 17:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
    2015-04-10 12:20 - 2014-10-28 17:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
    2015-04-10 12:20 - 2014-10-28 17:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
    2015-04-10 12:20 - 2014-10-28 17:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
    2015-04-10 12:16 - 2015-01-29 20:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
    2015-04-10 12:15 - 2015-02-05 18:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2015-04-10 12:15 - 2015-02-05 18:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2015-04-10 12:07 - 2014-07-09 21:08 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\lockscreencn.dll
    2015-04-10 12:05 - 2015-01-19 11:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
    2015-04-10 11:56 - 2015-01-27 19:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
    2015-04-10 11:56 - 2015-01-27 18:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
    2015-04-10 10:21 - 2014-08-14 17:36 - 00146752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
    2015-04-10 10:21 - 2014-07-29 18:56 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
    2015-04-10 10:21 - 2014-07-28 22:22 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
    2015-04-10 10:20 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-04-10 10:20 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-04-10 10:20 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-04-10 10:20 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-04-10 10:20 - 2015-02-19 18:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-04-10 10:20 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-04-10 10:20 - 2015-02-19 18:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
    2015-04-10 10:20 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-04-10 10:20 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-04-10 10:20 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-04-10 10:20 - 2015-01-11 18:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-04-10 10:20 - 2014-10-30 21:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-04-10 10:20 - 2014-10-30 21:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-04-10 10:20 - 2014-10-30 21:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-04-10 10:20 - 2014-10-30 20:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-04-10 10:20 - 2014-10-30 19:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-04-10 10:20 - 2014-10-30 19:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
    2015-04-10 10:19 - 2015-02-20 17:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2015-04-10 10:19 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-04-10 10:19 - 2015-02-19 19:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-04-10 10:19 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-04-10 10:19 - 2015-02-19 18:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-04-10 10:19 - 2015-02-19 18:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-04-10 10:19 - 2014-11-21 19:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-04-10 10:19 - 2014-11-21 19:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-04-10 10:19 - 2014-10-30 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2015-04-10 10:19 - 2014-10-30 22:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-04-10 10:19 - 2014-10-30 22:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2015-04-10 10:19 - 2014-10-30 22:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2015-04-10 10:19 - 2014-10-30 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-04-10 10:19 - 2014-10-30 22:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-04-10 10:19 - 2014-10-30 22:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-04-10 10:19 - 2014-10-30 22:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-04-10 10:19 - 2014-10-30 21:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-04-10 10:19 - 2014-10-30 21:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2015-04-10 10:19 - 2014-10-30 21:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-04-10 10:19 - 2014-10-30 21:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2015-04-10 10:19 - 2014-10-30 21:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-04-10 10:19 - 2014-10-30 21:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-04-10 10:19 - 2014-10-30 21:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2015-04-10 10:19 - 2014-10-30 21:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2015-04-10 10:19 - 2014-10-30 21:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2015-04-10 10:19 - 2014-10-30 21:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2015-04-10 10:19 - 2014-10-30 21:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-04-10 10:19 - 2014-10-30 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-04-10 10:19 - 2014-10-30 20:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2015-04-10 10:19 - 2014-10-30 20:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2015-04-10 10:19 - 2014-10-30 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2015-04-10 10:19 - 2014-10-30 20:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2015-04-10 10:19 - 2014-10-30 20:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2015-04-10 10:19 - 2014-10-30 20:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2015-04-10 10:19 - 2014-10-30 20:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2015-04-10 10:19 - 2014-10-30 20:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-04-10 10:19 - 2014-10-30 20:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-04-10 10:19 - 2014-10-30 20:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-04-10 10:19 - 2014-10-30 20:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-04-10 10:19 - 2014-10-30 20:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2015-04-10 10:19 - 2014-10-30 20:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-04-10 10:19 - 2014-10-30 20:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2015-04-10 10:19 - 2014-10-30 20:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-04-10 10:19 - 2014-10-30 20:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2015-04-10 10:19 - 2014-10-30 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-04-10 10:19 - 2014-10-30 19:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2015-04-10 10:19 - 2014-10-30 19:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2015-04-10 10:19 - 2014-10-30 19:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2015-04-10 10:19 - 2014-10-30 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-04-10 10:19 - 2014-10-30 19:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2015-04-10 10:19 - 2014-10-30 19:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2015-04-10 10:15 - 2014-09-09 23:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2015-04-10 10:15 - 2014-09-07 20:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2015-04-10 10:15 - 2014-09-03 20:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
    2015-04-10 10:15 - 2014-09-03 19:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
    2015-04-10 10:15 - 2014-08-30 14:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
    2015-04-10 10:15 - 2014-08-30 13:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
    2015-04-10 10:15 - 2014-08-22 22:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2015-04-10 10:15 - 2014-08-22 22:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2015-04-10 10:15 - 2014-08-22 21:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
    2015-04-10 10:14 - 2014-09-07 20:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2015-04-10 10:14 - 2014-09-03 17:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
    2015-04-10 10:14 - 2014-08-30 17:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2015-04-10 10:14 - 2014-08-30 15:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
    2015-04-10 10:14 - 2014-08-30 14:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
    2015-04-10 10:14 - 2014-08-30 13:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
    2015-04-10 10:14 - 2014-08-27 17:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2015-04-10 10:14 - 2014-08-27 17:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2015-04-10 10:14 - 2014-08-01 17:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
    2015-04-10 10:14 - 2014-08-01 17:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
    2015-04-10 09:52 - 2014-08-15 21:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
    2015-04-10 09:52 - 2014-08-15 20:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-04-10 09:52 - 2014-08-15 20:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
    2015-04-10 09:52 - 2014-08-15 18:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-04-10 09:52 - 2014-08-15 18:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
    2015-04-10 09:52 - 2014-08-15 17:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
    2015-04-10 09:52 - 2014-08-15 17:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
    2015-04-10 09:52 - 2014-08-15 17:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
    2015-04-10 09:52 - 2014-08-15 17:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
    2015-04-10 09:52 - 2014-08-15 17:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
    2015-04-10 09:52 - 2014-08-15 17:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
    2015-04-10 09:52 - 2014-08-15 17:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
    2015-04-10 09:52 - 2014-08-15 17:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
    2015-04-10 09:52 - 2014-08-15 17:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
    2015-04-10 09:52 - 2014-08-15 17:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
    2015-04-10 09:52 - 2014-08-15 17:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
    2015-04-10 09:52 - 2014-08-15 17:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
    2015-04-10 09:52 - 2014-08-15 17:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
    2015-04-10 09:52 - 2014-08-15 17:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
    2015-04-10 09:52 - 2014-08-15 17:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-04-10 09:52 - 2014-08-15 17:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
    2015-04-10 09:52 - 2014-08-15 17:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
    2015-04-10 09:52 - 2014-08-15 17:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
    2015-04-10 09:52 - 2014-08-15 17:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-04-10 09:52 - 2014-07-24 08:28 - 00468288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
    2015-04-10 09:52 - 2014-07-24 04:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
    2015-04-10 09:52 - 2014-07-24 03:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-04-10 09:52 - 2014-07-24 02:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2015-04-10 09:23 - 2015-02-12 10:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-04-10 09:22 - 2015-02-12 10:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-04-10 09:21 - 2014-12-05 20:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-04-10 09:21 - 2014-12-05 18:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-04-10 09:21 - 2014-10-28 18:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-04-10 09:21 - 2014-10-28 18:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-04-10 09:21 - 2014-07-23 20:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
    2015-04-10 09:21 - 2014-07-23 20:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
    2015-04-10 09:12 - 2015-04-10 09:12 - 00000000 ____D () C:\ProgramData\Synaptics
    2015-04-10 09:11 - 2015-03-05 19:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-04-10 09:11 - 2015-03-05 19:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-04-10 09:11 - 2015-02-25 16:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-04-10 09:11 - 2015-01-15 15:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-04-10 09:11 - 2015-01-15 15:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-04-10 09:11 - 2015-01-13 21:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-04-10 09:11 - 2015-01-13 20:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-04-10 09:11 - 2014-12-08 20:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-04-10 09:11 - 2014-12-08 18:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-04-10 09:11 - 2014-12-08 18:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-04-10 09:11 - 2014-10-28 19:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-04-10 09:11 - 2014-10-28 19:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-04-10 09:11 - 2014-10-28 19:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-04-10 09:11 - 2014-10-28 19:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-04-10 09:11 - 2014-10-28 18:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-04-10 09:11 - 2014-09-26 20:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
    2015-04-10 09:10 - 2015-02-19 20:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-04-10 09:10 - 2015-02-19 19:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-04-10 09:10 - 2015-02-19 19:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-04-10 09:10 - 2015-02-19 19:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-04-10 09:10 - 2014-10-28 19:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-04-10 09:10 - 2014-10-28 19:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-04-10 09:10 - 2014-10-28 19:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-04-10 09:10 - 2014-10-28 19:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-04-10 09:10 - 2014-10-28 19:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-04-10 09:10 - 2014-10-28 19:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-04-10 09:10 - 2014-09-27 00:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
    2015-04-10 09:10 - 2014-09-26 22:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
    2015-04-10 09:10 - 2014-08-06 19:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-04-10 09:10 - 2014-08-01 20:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-04-10 09:10 - 2014-06-19 18:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-04-10 09:10 - 2014-06-19 16:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-04-10 09:10 - 2014-06-12 18:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
    2015-04-10 09:10 - 2014-06-12 18:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2015-04-10 09:10 - 2014-06-12 17:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2015-04-10 09:01 - 2014-07-15 11:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
    2015-04-10 09:01 - 2014-07-15 01:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
    2015-04-10 09:01 - 2014-07-15 01:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
    2015-04-10 09:01 - 2014-07-15 01:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
    2015-04-10 08:59 - 2014-12-18 23:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-04-10 08:59 - 2014-12-11 19:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-04-10 08:59 - 2014-12-11 17:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
    2015-04-10 08:59 - 2014-08-01 17:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2015-04-10 08:58 - 2014-09-03 17:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2015-04-10 08:58 - 2014-09-03 17:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2015-04-10 08:57 - 2014-08-22 23:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
    2015-04-10 08:57 - 2014-08-22 22:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2015-04-10 08:57 - 2014-08-22 21:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
    2015-04-10 08:54 - 2015-05-02 14:11 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\Skype
    2015-04-10 08:54 - 2015-04-10 08:54 - 00002713 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-04-10 08:54 - 2015-04-10 08:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2015-04-10 08:54 - 2015-04-10 08:54 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\Skype
    2015-04-10 08:54 - 2015-04-10 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-04-10 08:53 - 2015-04-11 14:51 - 00000000 ____D () C:\ProgramData\Skype
    2015-04-10 08:49 - 2014-06-09 15:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2015-04-10 08:49 - 2014-06-09 15:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2015-04-10 08:48 - 2014-10-12 19:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
    2015-04-10 08:48 - 2014-10-12 19:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
    2015-04-10 08:48 - 2014-10-12 19:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
    2015-04-10 08:48 - 2014-10-12 19:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
    2015-04-10 08:48 - 2014-08-22 22:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-04-10 08:48 - 2014-08-22 22:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-04-10 08:47 - 2014-10-28 18:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-04-10 08:47 - 2014-10-28 18:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-04-10 08:47 - 2014-10-28 18:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-04-10 08:47 - 2014-10-28 18:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-04-10 08:47 - 2014-10-28 18:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-04-10 08:47 - 2014-10-28 18:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-04-10 08:47 - 2014-10-22 22:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2015-04-10 08:47 - 2014-10-22 22:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2015-04-10 08:47 - 2014-05-18 23:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe
    2015-04-10 08:47 - 2014-05-18 23:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
    2015-04-10 08:47 - 2014-05-18 22:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
    2015-04-10 08:44 - 2015-01-30 16:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-04-10 08:44 - 2015-01-26 21:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-04-10 08:44 - 2015-01-26 19:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-04-10 08:44 - 2014-10-28 20:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2015-04-10 08:44 - 2014-10-28 19:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
    2015-04-10 01:16 - 2014-10-30 15:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
    2015-04-10 01:16 - 2014-10-30 15:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-04-10 01:14 - 2014-07-11 21:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
    2015-04-10 01:13 - 2015-01-29 11:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-04-10 01:13 - 2015-01-29 11:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-04-10 01:10 - 2015-01-27 18:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-04-10 01:10 - 2015-01-27 18:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-04-10 01:09 - 2015-02-07 16:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
    2015-04-10 01:09 - 2015-02-07 16:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
    2015-04-10 01:09 - 2015-01-27 16:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2015-04-10 01:09 - 2015-01-27 16:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2015-04-10 01:09 - 2014-11-09 16:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-04-10 01:09 - 2014-11-09 16:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-04-10 01:05 - 2014-12-08 12:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2015-04-10 01:05 - 2014-12-08 12:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2015-04-10 01:05 - 2014-12-08 12:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
    2015-04-10 01:05 - 2014-12-08 12:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
    2015-04-10 01:05 - 2014-12-08 12:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-04-10 01:05 - 2014-12-05 18:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
    2015-04-10 01:05 - 2014-10-28 21:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
    2015-04-10 01:05 - 2014-10-28 20:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-04-10 01:05 - 2014-10-28 20:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-04-10 01:05 - 2014-10-28 20:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-04-10 01:05 - 2014-10-28 20:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-04-10 01:05 - 2014-10-28 20:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
    2015-04-10 01:05 - 2014-10-28 20:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-04-10 01:05 - 2014-10-28 20:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-04-10 01:05 - 2014-10-28 20:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-04-10 01:05 - 2014-10-28 18:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-04-10 01:04 - 2014-12-08 12:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2015-04-10 01:04 - 2014-12-08 12:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
    2015-04-10 01:04 - 2014-12-08 12:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
    2015-04-10 01:04 - 2014-10-28 21:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
    2015-04-10 01:04 - 2014-10-28 20:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
    2015-04-10 01:04 - 2014-10-28 19:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
    2015-04-10 01:04 - 2014-10-28 18:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
    2015-04-10 00:58 - 2015-04-10 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Password Manager
    2015-04-10 00:42 - 2015-01-29 20:55 - 00067408 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\kbfilter.sys
    2015-04-10 00:42 - 2015-01-29 20:55 - 00067408 _____ (Trend Micro Inc.) C:\kbfilter.sys
    2015-04-10 00:42 - 2015-01-29 20:55 - 00007799 _____ () C:\kbfilter.cat
    2015-04-10 00:42 - 2015-01-29 20:55 - 00000098 _____ () C:\install.bat
    2015-04-10 00:42 - 2015-01-29 20:55 - 00000081 _____ () C:\uninstall.bat
    2015-04-10 00:14 - 2015-04-10 00:14 - 00000000 ___HD () C:\TMRescueDisk
    2015-04-10 00:13 - 2015-04-10 00:13 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2015-04-10 00:11 - 2015-04-10 00:11 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security
    2015-04-10 00:10 - 2015-04-10 00:10 - 00001472 _____ () C:\Users\YuAnAi\Desktop\Trend Micro Internet Security.lnk
    2015-04-10 00:09 - 2014-07-14 00:39 - 00305832 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
    2015-04-10 00:09 - 2014-07-14 00:39 - 00121944 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmactmon.sys
    2015-04-10 00:09 - 2014-07-14 00:39 - 00093664 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmevtmgr.sys
    2015-04-10 00:09 - 2014-07-09 09:03 - 00407864 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmnciesc.sys
    2015-04-10 00:09 - 2014-07-09 09:03 - 00037904 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmel.sys
    2015-04-10 00:09 - 2014-07-09 09:02 - 00106296 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmeevw.sys
    2015-04-10 00:09 - 2014-07-09 09:02 - 00050976 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\TMEBC64.sys
    2015-04-10 00:09 - 2014-06-30 04:06 - 00106296 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmusa.sys
    2015-04-10 00:08 - 2015-04-10 00:14 - 00003326 _____ () C:\Windows\System32\Tasks\Trend Micro Inspect of Platinum
    2015-04-10 00:07 - 2015-04-10 00:07 - 00000059 _____ () C:\Windows\system32\SupportTool.exe.bat
    2015-04-10 00:06 - 2015-04-10 00:13 - 00000000 ____D () C:\Program Files\Trend Micro
    2015-04-10 00:05 - 2015-05-02 23:03 - 00000000 ____D () C:\ProgramData\Trend Micro
    2015-04-10 00:02 - 2015-04-10 00:02 - 00000036 _____ () C:\Users\YuAnAi\AppData\Local\housecall.guid.cache
    2015-04-09 22:36 - 2015-04-09 23:54 - 246872976 _____ (Trend Micro Inc.) C:\Users\YuAnAi\Downloads\TTi_8.0OEM_MR_Full.exe
    2015-04-09 20:09 - 2015-04-09 20:09 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\10tons
    2015-04-09 20:09 - 2015-04-09 20:09 - 00000000 ____D () C:\ProgramData\10tons
    2015-04-09 18:27 - 2015-04-09 18:27 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\Macromedia
    2015-04-09 18:18 - 2015-04-09 18:18 - 00002213 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geek Squad Online Support (2).lnk
    2015-04-09 18:12 - 2015-04-29 03:53 - 00000000 ____D () C:\ProgramData\WRData
    2015-04-09 18:08 - 2015-04-28 15:09 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\LogMeIn Rescue Applet
    2015-04-09 18:08 - 2015-04-09 18:08 - 00002239 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geek Squad Online Support.lnk
    2015-04-06 22:00 - 2015-04-06 22:00 - 00000000 ___RD () C:\Users\YuAnAi\Documents\Notes
    2015-04-06 16:40 - 2015-04-06 16:40 - 00000013 __RSH () C:\Windows\system32\Drivers\fbd.sys
    2015-04-06 16:37 - 2015-04-06 16:37 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\Wild Tangent
    2015-04-06 16:31 - 2015-04-06 16:31 - 00002601 ____N () C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
    2015-04-06 16:31 - 2015-04-06 16:31 - 00000000 ____D () C:\ProgramData\BlueStacks
    2015-04-06 16:24 - 2015-05-02 22:16 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0E041041-A68C-4A23-8892-FDD3144B7ED3}
    2015-04-06 16:24 - 2015-04-06 16:24 - 00000000 __SHD () C:\Users\YuAnAi\AppData\Local\EmieUserList
    2015-04-06 16:24 - 2015-04-06 16:24 - 00000000 __SHD () C:\Users\YuAnAi\AppData\Local\EmieSiteList
    2015-04-06 16:16 - 2015-05-02 23:06 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-93962909-1410810787-3032571207-1001
    2015-04-06 16:16 - 2015-04-10 01:04 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\WildTangent
    2015-04-06 16:16 - 2015-04-06 16:16 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\ATI
    2015-04-06 16:16 - 2015-04-06 16:16 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\ATI
    2015-04-06 15:08 - 2015-04-10 01:01 - 00002302 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
    2015-04-06 15:08 - 2015-04-09 20:07 - 00002131 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
    2015-04-06 15:08 - 2015-04-09 18:04 - 00002341 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragons of Atlantis.lnk
    2015-04-06 15:08 - 2015-04-09 17:59 - 00002321 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edgeworld.lnk
    2015-04-06 15:08 - 2015-04-06 15:08 - 00002476 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FarmVille 2.lnk
    2015-04-06 15:08 - 2015-04-06 15:08 - 00002366 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire.lnk
    2015-04-06 15:08 - 2015-04-06 15:08 - 00002330 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Groupon.lnk
    2015-04-06 15:06 - 2015-04-06 15:06 - 00000000 ____D () C:\Users\Public\Pokki
    2015-04-06 15:05 - 2015-04-06 15:10 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\TOSHIBA
    2015-04-06 15:04 - 2015-04-13 17:24 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\Adobe
    2015-04-06 15:04 - 2015-04-12 14:27 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\VirtualStore
    2015-04-06 15:04 - 2015-04-06 15:04 - 00001453 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-04-06 15:03 - 2015-04-28 13:11 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\Packages
    2015-04-06 15:03 - 2015-04-06 15:03 - 00000020 ___SH () C:\Users\YuAnAi\ntuser.ini
    2015-04-06 15:00 - 2015-05-01 14:44 - 00000000 ____D () C:\Users\YuAnAi\AppData\Local\Pokki
    2015-04-06 15:00 - 2015-04-28 14:23 - 00000000 ____D () C:\Users\YuAnAi
    2015-04-06 15:00 - 2014-08-11 00:46 - 00000000 ___RD () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-04-06 15:00 - 2014-08-11 00:33 - 00000000 ___RD () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-04-06 15:00 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2015-04-06 15:00 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2015-04-06 15:00 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-04-06 15:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\YuAnAi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-04-06 14:48 - 2015-04-06 14:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2015-04-06 13:31 - 2015-04-06 13:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
     
  4. fru

    fru Thread Starter

    Joined:
    Apr 28, 2015
    Messages:
    9
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2015-05-02 23:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
    2015-05-02 12:07 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
    2015-05-02 11:49 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
    2015-05-02 11:47 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-02 11:46 - 2014-12-27 01:22 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
    2015-05-02 11:46 - 2013-08-22 06:25 - 01310720 ___SH () C:\Windows\system32\config\BBI
    2015-05-02 00:53 - 2014-08-11 01:34 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
    2015-04-29 03:54 - 2014-08-11 16:43 - 00000000 ____D () C:\Windows\Panther
    2015-04-29 03:54 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
    2015-04-29 03:53 - 2014-12-27 01:49 - 00000000 ____D () C:\ProgramData\install_clap
    2015-04-29 03:53 - 2014-12-27 01:37 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
    2015-04-29 03:53 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\LiveKernelReports
    2015-04-28 14:10 - 2014-03-18 02:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-04-28 13:58 - 2014-03-18 02:38 - 00000000 ____D () C:\Windows\ShellNew
    2015-04-28 13:58 - 2014-03-18 02:38 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 __RSD () C:\Windows\Media
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ___SD () C:\Windows\system32\dsc
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ToastData
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\WinStore
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\WinMetadata
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\sppui
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\ras
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\MSDRM
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\icsxml
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\Bthprops
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sppui
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\setup
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\ras
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\MSDRM
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\migwiz
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\icsxml
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\ias
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Com
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Bthprops
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system\Speech
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\MediaViewer
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\L2Schemas
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\IME
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\FileManager
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\Camera
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\addins
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\System
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\Services
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
    2015-04-28 13:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
    2015-04-28 13:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
    2015-04-28 13:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-04-28 13:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Sysprep
    2015-04-28 13:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\oobe
    2015-04-28 13:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Dism
    2015-04-28 13:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\servicing
    2015-04-28 13:55 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
    2015-04-28 13:55 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\WindowsInternal.Inbox.Shared
    2015-04-28 13:55 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\WindowsInternal.Inbox.Media.Shared
    2015-04-28 13:55 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\System
    2015-04-28 13:54 - 2014-12-27 01:51 - 00000000 ____D () C:\Users\Public\CyberLink
    2015-04-28 13:54 - 2014-08-11 01:34 - 00000000 ____D () C:\ProgramData\WildTangent
    2015-04-28 13:30 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\registration
    2015-04-28 13:02 - 2014-12-27 01:49 - 00000000 ____D () C:\ProgramData\CyberLink
    2015-04-28 13:00 - 2014-08-11 01:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-04-28 11:48 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\NDF
    2015-04-23 10:13 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
    2015-04-22 01:02 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
    2015-04-19 12:43 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\rescache
    2015-04-16 00:41 - 2014-12-27 01:49 - 00000000 ____D () C:\ProgramData\Temp
    2015-04-15 22:14 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppCompat
    2015-04-15 21:28 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-04-13 21:06 - 2014-08-11 01:34 - 00000000 ____D () C:\Program Files (x86)\WildGames
    2015-04-13 20:05 - 2014-08-11 01:31 - 00000000 ____D () C:\ProgramData\Adobe
    2015-04-13 10:55 - 2013-08-22 07:44 - 00481880 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-04-13 10:53 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
    2015-04-13 10:53 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2015-04-10 20:26 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
    2015-04-10 20:26 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
    2015-04-10 01:05 - 2014-08-11 01:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-04-10 00:15 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\restore
    2015-04-10 00:13 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-04-10 00:09 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
    2015-04-09 20:05 - 2014-08-11 01:33 - 00000000 ____D () C:\ProgramData\Toshiba
    2015-04-09 18:26 - 2014-12-27 02:12 - 00000000 ____D () C:\ProgramData\Norton
    2015-04-06 22:50 - 2014-12-27 01:23 - 00000000 ____D () C:\ProgramData\AMD
    ==================== Files in the root of some directories =======
    2015-04-28 15:45 - 2015-05-02 22:15 - 0000053 _____ () C:\Users\YuAnAi\AppData\Roaming\LogFile.txt
    2015-04-10 00:02 - 2015-04-10 00:02 - 0000036 _____ () C:\Users\YuAnAi\AppData\Local\housecall.guid.cache
    2015-04-18 08:40 - 2015-04-28 15:11 - 0000010 _____ () C:\Users\YuAnAi\AppData\Local\sponge.last.runtime.cache
    2014-12-27 01:31 - 2014-12-27 01:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
  5. fru

    fru Thread Starter

    Joined:
    Apr 28, 2015
    Messages:
    9
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
    Ran by YuAnAi at 2015-05-02 23:15:42
    Running from C:\Users\YuAnAi\Downloads
    Boot Mode: Normal
    ==========================================================

    ==================== Accounts: =============================
    Administrator (S-1-5-21-93962909-1410810787-3032571207-500 - Administrator - Disabled)
    Guest (S-1-5-21-93962909-1410810787-3032571207-501 - Limited - Disabled)
    YuAnAi (S-1-5-21-93962909-1410810787-3032571207-1001 - Administrator - Enabled) => C:\Users\YuAnAi
    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Trend Micro Internet Security (Enabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Trend Micro Internet Security (Enabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe Reader XI (11.0.03) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
    Amazon 1Button App (HKLM-x32\...\{893CB813-4179-4BFE-8D33-ABCC38816B48}) (Version: 1.0.6 - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{8AF0BF15-DD17-7551-C99D-21DD01B3AE39}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.0.0 - AppEx Networks)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
    Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4106.05 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dragons of Atlantis (HKU\S-1-5-21-93962909-1410810787-3032571207-1001\...\Pokki_cfada041afdc4a11092a096cac66ab6a0945d92b) (Version: v1.1.7 - Pokki)
    Edgeworld (HKU\S-1-5-21-93962909-1410810787-3032571207-1001\...\Pokki_2e9d53cc2b402b6e65aa9551308ca17a19c4721a) (Version: v1.1.8 - Pokki)
    FarmVille 2 (HKU\S-1-5-21-93962909-1410810787-3032571207-1001\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.4.55785 - Pokki)
    Goodgame Empire (HKU\S-1-5-21-93962909-1410810787-3032571207-1001\...\Pokki_149b46d4a102c0304583931ceaa3f0bf19785ee3) (Version: v1.1.7 - Pokki)
    Groupon (HKU\S-1-5-21-93962909-1410810787-3032571207-1001\...\Pokki_893e2a8f4b240ed6d7def79e56791067c96f41be) (Version: 1.0.2.55621 - Pokki)
    Host App Service (HKU\S-1-5-21-93962909-1410810787-3032571207-1001\...\Pokki) (Version: 0.269.7.579 - Pokki)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-93962909-1410810787-3032571207-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Pokki Start Menu (HKU\S-1-5-21-93962909-1410810787-3032571207-1001\...\Pokki_Start_Menu) (Version: 0.269.7.579 - Pokki)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
    Skype¬ô 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    SpeedyPC Pro (HKLM-x32\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.2.15.0 - SpeedyPC Software) <==== ATTENTION
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
    TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
    TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
    TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.0.6404 - Toshiba Corporation)
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
    TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
    TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
    TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
    TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
    TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
    TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
    TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
    Trend Micro DirectPass (Version: 1.9.0.1094 - Trend Micro Inc.) Hidden
    Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.)
    Trend Micro Password Manager (HKLM\...\{3075404F-5657-4f31-A064-FEF98661BDD4}) (Version: 1.9.1157 - Trend Micro Inc.)
    Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden
    VCRT for DirectPass x64 (Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
    VCRT for DirectPass x86 (x32 Version: 1.0.0.1000 - Trend Micro, Inc.) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-93962909-1410810787-3032571207-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\YuAnAi\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
    ==================== Restore Points =========================
    29-04-2015 17:32:44 SpeedyPC Pro Backup
    30-04-2015 19:37:49 SpeedyPC Pro Backup
    02-05-2015 11:42:56 SpeedyPC Pro Backup
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {00CEA948-2ABE-4726-BD32-E3F527DAAB6D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PingLing-YuAnAi PingLing => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-04-13] (Microsoft Corporation)
    Task: {0250BBC8-FCF7-4FC9-ADFD-9B9B65B4AD42} - System32\Tasks\SpeedyPC Update Version3 => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe [2014-12-19] (SpeedyPC Software) <==== ATTENTION
    Task: {04586178-6DC2-4E19-99CA-03358E09F3F1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
    Task: {0E8D8209-D689-40E2-9E6B-B8469721AC25} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns <==== ATTENTION
    Task: {2BD9BD24-8CFA-4E3C-AE14-9E6A65C7003A} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-93962909-1410810787-3032571207-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
    Task: {305E7984-22B2-4674-92E2-7DC5713B4057} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {35898E14-6C1C-46E2-9B5C-633E94A373FE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
    Task: {380BA643-7D9B-43F6-A08B-5973A1634D32} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
    Task: {502BBAFA-13AF-408B-888B-785D56FF83D0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {527C39D6-8B83-45D3-9088-598A9E0119F6} - System32\Tasks\SpeedyPC Pro_sch_353FCE45-EDF8-11E4-826C-F0761C88E2C9 => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2014-12-19] (SpeedyPC Software) <==== ATTENTION
    Task: {67A52227-D312-4D0E-B78B-C5BAECC99ACD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {761F6116-A1D2-4699-ABB8-65BA0EA41EEC} - System32\Tasks\SpeedyPC Pro Startup => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2014-12-19] (SpeedyPC Software) <==== ATTENTION
    Task: {794A7A37-7AED-4DC0-BA8F-EF67F40102C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {849E7F3D-C885-4DA6-B46F-2B9E283583D8} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24] (Realtek Semiconductor)
    Task: {A221AFF8-FA1D-4D51-8FCF-D2AFC84F7C5A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
    Task: {AEA99A6A-466B-42D3-AED6-D18E896C6A91} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-13] (Microsoft Corporation)
    Task: {B7E9F138-8BDC-4D32-9F06-2931D71E5923} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
    Task: {CE240612-76DA-4B3F-88B1-25C1F0E171B6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
    Task: {D5AFD47A-53E5-4987-B1FE-75EAC1A531FA} - System32\Tasks\SpeedyPC Update Version3_triggeronce => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe [2014-12-19] (SpeedyPC Software) <==== ATTENTION
    Task: {F19CCC28-CBF3-41CF-B333-BA9FC69DF3D4} - System32\Tasks\Trend Micro Inspect of Platinum => C:\Program Files\Trend Micro\Titanium\plugin\Pt\win32\Inspect\Inspect.exe [2014-07-20] (Trend Micro Inc.)
    Task: C:\Windows\Tasks\SpeedyPC Pro Startup.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SpeedyPC Pro_sch_353FCE45-EDF8-11E4-826C-F0761C88E2C9.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Windows\system32\rundll32.exeMC:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll <==== ATTENTION
    Task: C:\Windows\Tasks\SpeedyPC Update Version3.job => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
    Task: C:\Windows\Tasks\SpeedyPC Update Version3_triggeronce.job => c:\program files (x86)\common files\speedypc software\uus3\SpeedyPC_Update3.exe <==== ATTENTION
     
  6. fru

    fru Thread Starter

    Joined:
    Apr 28, 2015
    Messages:
    9
    I saw on a different post that the techguy assistants were asking people with similar issues to run Farbar Recovery Scan Tool. After running Farbar, my Antivirus program (TrendMicro) would not let me continue because it suspected a threat. I suspected that this had something to do with the infection my computer already has, so I told TrendMicro to allow Farbar to run. So I posted the reports from Farbar and did another scan with SpeedyPCPro, and SpeedyPCPro did not find a virus, but today when I turned on my computer, I have phantom documents on my desktop. Sorry, I don't know what those are really called. The icons look to be kind of transparent. Two of them are called desktop.ini and when I open those documents (which look like a note with a "settings" type of wheel icon, this is what I see:


    The first one says:



    [.ShellClassInfo]
    [email protected]%SystemRoot%\system32\shell32.dll,-21799
    [LocalizedFileNames]
    Recovery Media [email protected]:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator\SCInfo.dll,-6001
    CyberLink PowerDVD for [email protected]:\PROGRA~2\CYBERL~1\POWERD~1\Common\MUI\PDVDEN~1.DLL,-544
    WildTangent Games App - [email protected]:\PROGRA~2\WILDTA~1\TOUCHP~1\toshiba\MUILink.exe,-105



    And the second one says:

    [.ShellClassInfo]
    [email protected]%SystemRoot%\system32\shell32.dll,-21769
    IconResource=%SystemRoot%\system32\imageres.dll,-183


    There is also a Word document called ~$stings with Photos, etc..docx and when I try to open it I can't. Instead, I get a message from Microsoft Word that says:
    "We're sorry. We can't open ~$stings with Photos, etc..docx because we found a problem with it's contents."


    When I press Details>> the message shows:
    "Details The file is corrupt and cannot be opened."

    And when I press OK a different message pops up that says:

    "Word found unreadable content in "~$stings with Photos, etc..docx". Do you want to recover the contents of this document? If you trust the source of this document, click Yes."



    I clicked No because I have no clue where this document even came from in the first place. I really don't know what to do at this point. I'm still waiting for a response. :(


    I tried to use the Toshiba Media Player and the CyberLink DVD player on my laptop yesterday evening, and the DVDs I tried would not play. I couldn't even get the apps to open. I don't know what's going on and why I can't use Pre-Installed Apps for this computer.


    (Oh, and this is not the first time I had issues with CyberLink DVD player. I tried to watch a RedBox dvd before and it wouldn't work then, either. I ended up downloading a free MediaPlayer from the internet, which I since have uninstalled. This time I even scanned the DVDs for threats before trying to watch them, and none were found, so why am I getting these phantom documents on my computer?) ?:(
     
  7. fru

    fru Thread Starter

    Joined:
    Apr 28, 2015
    Messages:
    9
    My computer just started updating one of the pre-installed apps (wildtangent games) while I was on the internet, and while doing so, I opened a new tab in Internet Explorer and saw this:


    Message from webpage
    Triangle with an exclamation point in it (!) wt.OnError ([object Object])


    Not sure if this is normal or not.
     
  8. fru

    fru Thread Starter

    Joined:
    Apr 28, 2015
    Messages:
    9
    bump
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Infection 000s Junk
  1. Scudstorm
    Replies:
    13
    Views:
    868
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1147472

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice