Page 1 of 5 12345 Last
  1. #1

    Exclamation Is efnnouse.exe a virus?

    Hey friends,

    Today I found a start up program located in C:\Program Data\Osoluwsieak\1.0.1.0\efnnouse.exe, which is running in the background and was installed on the 15 of this month. I have tried to get information about it, and it's unknown everywhere. I am trying to check it with Malwarebytes, but the process in desperately slow. I would like to know if someone here has seen this file before, and can tell me from where it comes, or if it's a new virus.


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Is efnnouse.exe a virus?

    Hi, Monka.

    Nothing comes up in my search efforts either. Do you have any programs installed named "Osoluwsieak" When I tried translating the name it showed as Arabic.

    Let's try a couple online scans of the file.

    1. Please go to Jotti: Jotti's malware scan

    Upload the filepath shown below into the "File to upload & scan" box at the upper left:

    C:\Program Data\Osoluwsieak\1.0.1.0\efnnouse.exe

    2. Please upload the same file at VirusTotal: VirusTotal - Free Online Virus, Malware and URL Scanner

    In the "Upload a file", browse to the file path above and upload the file.

    Please provide the results from both Jotti and VirusTotal in your reply.
    Evyatar says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Is efnnouse.exe a virus?

    Thanks for your cooperation. Both scans gave the this result:


    Really, I don't know for what is or how I got that program. I found it looking at Task Schedule to figure out why my PC start by herself after I made all the tasks to start only when I am log in. It immediately called my attention, because the action showed the start up of this file: "C:\ProgramData\Osoluwsieak\1.0.1.0\efnnouse.exe" "/e=L3A9MjMyMDAxXi91PTYyNGM2ZmU1YmY4ZTQxM2ViYjgxMzA2YjRjZGFmYzk2Xi9kPXdlYnNoaWVsZG9ubGluZS5jb21eL249V0VCU14vYT1XZWJTaGllbGReL3Q="
    When I checked my programs, I verified that the file only exist in ProgramData, and it's composed only by two files: efnnouse.exe, and sqlite3.dll. Now I don't know what to do. What would you do in this case?

  4. #4

    Re: Is efnnouse.exe a virus?

    Sorry I copied the images directly, and they didn't go through. I will do it differently now:


    Is efnnouse.exe a virus?-jotti-jpg


    Is efnnouse.exe a virus?-virustotal-jpg



    Hope this helps.

  5. #5
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Is efnnouse.exe a virus?

    Hi, Monka.

    Personally, I would create a System Restore point and then go ahead and delete the file. That said, I would be happy to review logs to see if there is something else that needs to be done, particularly since you do not know where it came from. The instructions are here: Malware Removal Posting Instructions.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Is efnnouse.exe a virus?

    Since I see you're reading the forum now, rather than editing my post, I'll add: If you decide to post the logs, which I recommend you do, I'll look at them tomorrow since I'll be shutting down for the night.

    Have a good evening.
    Evyatar says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Question Re: Is efnnouse.exe a virus?

    Hi Corrine,

    I followed your instructions and here are the tests' results:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
    Ran by Monica (administrator) on KENNY on 25-06-2015 11:17:34
    Running from C:\Users\Monica\Downloads\Programs
    Loaded Profiles: Monica (Available Profiles: Monica)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    (TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
    (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
    () C:\Program Files X86\Mind of Winner\Subliminal Messages\SubliminalMessages.exe
    () C:\SB\SB4\SB4.exe
    (Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
    (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2013-11-05] (Realtek Semiconductor)
    HKLM-x32\...\Run: [EMET 4.1 Update 1 Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [88272 2014-05-28] (Microsoft Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-20] (Advanced Micro Devices, Inc.)
    HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [GmailNotifierPro] => C:\Users\Monica\Downloads\Compressed\GmailNotifierPro\GmailNotifierPro\GmailNotifierPro.exe [2871616 2015-01-04] (IntelliBreeze Software)
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1905032 2015-04-28] (TomTom)
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [SubliminalMessages] => C:\Program Files X86\Mind of Winner\Subliminal Messages\SubliminalMessages.exe [984576 2015-06-18] ()
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [Subliminal Blaster 4] => C:\SB\SB4\SB4.exe [7244800 2013-08-18] ()
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7821120 2015-06-10] (OrdinarySoft)
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
    Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar446.lnk [2015-06-25]
    ShortcutTarget: Sidebar446.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
    SearchScopes: HKLM -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-04-01] (IObit)
    BHO: Total Defense Anti-Phishing Toolbar Helper -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll No File
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
    BHO-x32: Total Defense Anti-Phishing Toolbar Helper -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll No File
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
    Toolbar: HKLM - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll No File
    Toolbar: HKLM-x32 - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll No File
    Toolbar: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll No File
    DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
    Hosts: 127.0.0.1 lm.auslogics.com
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default
    FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
    FF DefaultSearchEngine: DuckDuckGo
    FF DefaultSearchEngine.US: DuckDuckGo
    FF SelectedSearchEngine: DuckDuckGo
    FF Homepage: chrome://fvd.speeddial/content/fvd_about_blank.html
    FF Keyword.URL: https://duckduckgo.com/?q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
    FF user.js: detected! => C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\user.js [2015-06-02]
    FF Extension: EverSync - Sync bookmarks, backup your favorites. - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\fvdmedia@gmail.com [2015-05-29]
    FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\pavel.sherbakov@gmail.com [2015-05-29]
    FF Extension: LastPass - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\support@lastpass.com [2015-05-29]
    FF Extension: FireShot - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-06-08]
    FF Extension: cliget - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\cliget@zaidabdulla.com.xpi [2015-02-09]
    FF Extension: Translate This! - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2015-02-09]
    FF Extension: Nimbus Web Clipper - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\nimbusnote@everhelper.me.xpi [2015-03-08]
    FF Extension: Personas Plus - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\personas@christopher.beard.xpi [2015-02-09]
    FF Extension: Save as PDF - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2015-02-09]
    FF Extension: RightToClick - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015-02-09]
    FF Extension: Adblock Edge - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-02-09]
    FF HKLM-x32\...\Firefox\Extensions: [caaphishtoolbar@ca.com] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox
    FF HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Monica\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\Monica\AppData\Roaming\IDM\idmmzcc5 [2015-06-25]
    FF HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Monica\AppData\Roaming\IDM\idmmzcc5

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
    CHR HKLM-x32\...\Chrome\Extension: [hpdpkkpdlooddakbebmkeeegehfjdnih] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\GoogleChrome\td_aphish_toolbar.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-06-20] (Advanced Micro Devices, Inc.) [File not signed]
    S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
    R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
    S3 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
    S3 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
    R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [48128 2014-07-24] (Microsoft Corporation)
    S3 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-15] (Realtek Semiconductor)
    S2 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
    S3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
    S3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation) [File not signed]
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
    S3 athrusb; C:\Windows\system32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-10] (REALiX(tm))
    S3 pwftap; C:\Windows\system32\DRIVERS\pwftap.sys [36736 2014-07-24] (The OpenVPN Project)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-01-22] (Realtek Semiconductor Corp.)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-25 10:05 - 2015-06-25 11:18 - 00000000 ____D C:\FRST
    2015-06-25 07:35 - 2015-06-25 07:35 - 00000485 _____ C:\Users\Monica\Desktop\Administrative Tools - Shortcut.lnk
    2015-06-23 11:43 - 2015-06-23 11:43 - 00000921 _____ C:\Users\Public\Desktop\PhotoScissors.lnk
    2015-06-23 11:43 - 2015-06-23 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScissors
    2015-06-23 11:43 - 2015-06-23 11:43 - 00000000 ____D C:\Program Files\PhotoScissors
    2015-06-22 20:55 - 2015-06-22 20:55 - 00000000 ____D C:\Users\Monica\AppData\Local\AMD
    2015-06-22 20:52 - 2015-06-22 20:52 - 00000000 ____D C:\Users\Monica\AppData\Local\AppEx Networks
    2015-06-22 20:46 - 2015-06-22 20:46 - 00000000 ____D C:\ProgramData\ATI
    2015-06-22 20:45 - 2015-06-22 20:45 - 00000000 ____D C:\Users\Monica\AppData\Roaming\library_dir
    2015-06-22 20:40 - 2015-06-22 20:42 - 00000000 ____D C:\Program Files\AMD Quick Stream
    2015-06-22 20:40 - 2015-06-22 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
    2015-06-22 20:40 - 2015-06-22 20:40 - 00000000 ____D C:\Program Files (x86)\AMD AVT
    2015-06-22 20:40 - 2015-04-03 01:14 - 00229056 _____ (AppEx Networks Corporation) C:\windows\system32\Drivers\appexDrv.sys
    2015-06-22 20:39 - 2015-06-22 20:39 - 00058610 _____ C:\windows\SysWOW64\CCCInstall_201506222039423244.log
    2015-06-22 20:38 - 2015-06-22 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
    2015-06-22 20:25 - 2015-06-22 20:25 - 00000000 ____D C:\Program Files (x86)\AMD
    2015-06-22 20:07 - 2015-06-22 20:07 - 00000000 ____D C:\AMD
    2015-06-22 19:18 - 2015-06-22 19:18 - 00280600 _____ C:\windows\Minidump\062215-46734-01.dmp
    2015-06-21 21:32 - 2015-06-21 22:26 - 00000972 ____N C:\windows\DtcInstall.log
    2015-06-21 20:40 - 2015-06-21 20:55 - 00000000 ___SD C:\windows\SysWOW64\GWX
    2015-06-21 20:40 - 2015-06-21 20:49 - 00000000 ____D C:\windows\system32\appraiser
    2015-06-21 20:39 - 2015-06-21 20:48 - 00000000 ___SD C:\windows\system32\CompatTel
    2015-06-21 12:30 - 2015-06-21 12:30 - 00001836 _____ C:\Users\Monica\Desktop\www_primalbeautysecrets_com.pdf - Shortcut.lnk
    2015-06-21 12:07 - 2015-06-21 12:08 - 27155924 _____ C:\Users\Monica\Downloads\Windows8.1-KB2962409-x86.msu
    2015-06-20 18:46 - 2015-06-20 18:46 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2015-06-20 10:23 - 2015-06-20 10:23 - 00051200 _____ C:\windows\system32\kdbsdk64.dll
    2015-06-20 10:18 - 2015-06-20 10:18 - 00038912 _____ C:\windows\SysWOW64\kdbsdk32.dll
    2015-06-19 16:36 - 2015-06-19 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu X
    2015-06-19 16:35 - 2015-06-19 16:36 - 00000000 ____D C:\Users\Monica\AppData\Roaming\StartMenuX
    2015-06-19 16:35 - 2015-06-19 16:36 - 00000000 ____D C:\Program Files\Start Menu X
    2015-06-19 16:35 - 2015-06-19 16:35 - 00000000 ____D C:\ProgramData\StartMenuX
    2015-06-19 11:13 - 2015-06-19 11:14 - 00468376 _____ C:\windows\Minidump\061915-51593-01.dmp
    2015-06-18 23:20 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
    2015-06-18 23:20 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\WiFiDisplay.dll
    2015-06-18 23:14 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\windows\system32\GeofenceMonitorService.dll
    2015-06-18 23:14 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\GeofenceMonitorService.dll
    2015-06-18 23:04 - 2015-05-15 18:01 - 00133288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
    2015-06-18 23:04 - 2015-05-15 17:05 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
    2015-06-18 23:04 - 2015-05-15 16:47 - 00355328 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
    2015-06-18 23:04 - 2015-05-15 15:42 - 03682304 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
    2015-06-18 23:04 - 2015-05-15 15:32 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
    2015-06-18 23:04 - 2015-05-15 15:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
    2015-06-18 23:04 - 2015-05-15 15:28 - 02223104 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
    2015-06-18 23:04 - 2015-05-15 15:28 - 00408064 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
    2015-06-18 23:04 - 2015-05-15 15:28 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
    2015-06-18 23:04 - 2015-05-15 15:27 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
    2015-06-18 23:04 - 2015-05-15 15:21 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
    2015-06-18 23:04 - 2015-05-15 15:21 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
    2015-06-18 23:04 - 2015-05-15 15:19 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
    2015-06-18 23:04 - 2015-05-15 15:19 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
    2015-06-18 23:03 - 2015-05-15 16:23 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
    2015-06-18 22:47 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
    2015-06-18 22:47 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
    2015-06-18 22:47 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
    2015-06-18 22:47 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
    2015-06-18 22:19 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023x.sys
    2015-06-18 22:19 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
    2015-06-18 22:19 - 2015-04-23 13:01 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rndismpx.sys
    2015-06-18 22:15 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-06-18 22:15 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-06-18 22:15 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
    2015-06-18 22:15 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
    2015-06-18 22:06 - 2015-05-11 20:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
    2015-06-18 22:06 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\windows\system32\fhcpl.dll
    2015-06-18 22:04 - 2015-04-30 21:13 - 06521800 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
    2015-06-18 22:04 - 2015-04-30 21:13 - 01488000 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
    2015-06-18 22:04 - 2015-04-30 21:13 - 00261376 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
    2015-06-18 21:49 - 2015-04-28 09:13 - 00513480 _____ C:\windows\SysWOW64\locale.nls
    2015-06-18 21:49 - 2015-04-28 09:13 - 00513480 _____ C:\windows\system32\locale.nls
    2015-06-18 21:43 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
    2015-06-18 21:43 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
    2015-06-18 21:39 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
    2015-06-18 21:29 - 2015-05-01 19:33 - 00410739 _____ C:\windows\system32\ApnDatabase.xml
    2015-06-18 21:28 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
    2015-06-18 21:21 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
    2015-06-18 21:20 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
    2015-06-18 20:03 - 2015-06-18 20:03 - 00000000 ____D C:\Users\Monica\AppData\Roaming\SUBLASTER
    2015-06-18 20:03 - 2015-06-18 20:03 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subliminal Blaster 4
    2015-06-18 20:03 - 2015-06-18 20:03 - 00000000 ____D C:\SB
    2015-06-18 19:32 - 2015-06-18 19:32 - 00000000 ____D C:\Users\Monica\AppData\Local\Mind of a Winner
    2015-06-18 19:30 - 2015-06-18 19:30 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subliminal Messages
    2015-06-18 19:30 - 2015-06-18 19:30 - 00000000 ____D C:\Program Files X86
    2015-06-18 17:56 - 2015-06-18 17:56 - 00003432 _____ C:\bootsqm.dat
    2015-06-18 13:17 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2015-06-18 13:17 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2015-06-18 13:17 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2015-06-18 13:17 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2015-06-18 13:17 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2015-06-18 13:17 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2015-06-18 13:17 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2015-06-18 13:17 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2015-06-18 13:15 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2015-06-18 13:15 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2015-06-18 13:15 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2015-06-18 13:15 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2015-06-18 13:15 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2015-06-18 13:15 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2015-06-18 13:15 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2015-06-18 13:15 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2015-06-18 13:15 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2015-06-18 13:15 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2015-06-18 13:15 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2015-06-18 13:15 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2015-06-18 13:15 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2015-06-18 13:15 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2015-06-18 13:15 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2015-06-18 13:15 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2015-06-18 13:15 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2015-06-18 13:15 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2015-06-18 13:15 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2015-06-18 13:15 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2015-06-18 13:15 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2015-06-18 13:15 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2015-06-18 13:15 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2015-06-18 13:15 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2015-06-18 13:15 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2015-06-18 13:15 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2015-06-18 13:15 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2015-06-18 13:15 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2015-06-18 13:15 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
    2015-06-18 13:15 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2015-06-18 13:15 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2015-06-18 13:14 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2015-06-18 13:14 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
    2015-06-18 13:14 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
    2015-06-18 13:14 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
    2015-06-18 13:14 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2015-06-18 13:14 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2015-06-18 13:14 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
    2015-06-18 13:14 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
    2015-06-18 13:14 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2015-06-18 13:13 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2015-06-18 13:12 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
    2015-06-18 13:12 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
    2015-06-18 13:06 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
    2015-06-18 13:06 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
    2015-06-17 20:05 - 2015-06-17 20:05 - 00000000 ____D C:\windows\SysWOW64\RTCOM
    2015-06-17 20:03 - 2013-11-05 18:48 - 03710552 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
    2015-06-17 20:03 - 2013-11-03 09:11 - 02587864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO64.dll
    2015-06-17 20:03 - 2013-10-27 15:29 - 01021656 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
    2015-06-17 20:03 - 2013-10-08 18:12 - 02103040 _____ (Waves Audio Ltd.) C:\windows\system32\WavesGUILib64.dll
    2015-06-17 20:03 - 2013-10-06 09:05 - 02810072 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
    2015-06-17 20:03 - 2013-04-23 15:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
    2015-06-17 20:03 - 2011-12-19 13:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtlCPAPI64.dll
    2015-06-17 20:03 - 2011-11-21 14:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoLDR64.dll
    2015-06-17 20:03 - 2011-09-01 12:21 - 00221024 _____ (Synopsys, Inc.) C:\windows\system32\SFNHK64.dll
    2015-06-17 20:03 - 2011-09-01 12:21 - 00081248 _____ (Synopsys, Inc.) C:\windows\system32\SFCOM64.dll
    2015-06-17 20:03 - 2011-09-01 12:21 - 00078688 _____ (Synopsys, Inc.) C:\windows\system32\SFAPO64.dll
    2015-06-17 20:03 - 2010-11-07 05:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP64A.dll
    2015-06-17 20:03 - 2010-11-07 05:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL64A.dll
    2015-06-17 20:03 - 2010-11-02 16:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll
    2015-06-17 20:03 - 2010-07-21 14:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\SysWOW64\SFCOM.dll
    2015-06-17 20:03 - 2010-07-10 19:28 - 00180048 _____ (Sonic Focus, Inc.) C:\windows\system32\SFProc64.dll
    2015-06-17 20:03 - 2010-07-10 19:28 - 00086352 _____ (Sonic Focus, Inc.) C:\windows\system32\SFComm64.dll
    2015-06-17 20:03 - 2010-07-10 19:28 - 00083792 _____ (Sonic Focus, Inc.) C:\windows\system32\SFSAPO64.dll
    2015-06-17 20:03 - 2010-07-10 19:28 - 00082768 _____ (Sonic Focus, Inc.) C:\windows\system32\SFHAPO64.dll
    2015-06-17 20:03 - 2010-07-10 19:28 - 00082768 _____ (Sonic Focus, Inc.) C:\windows\system32\SFDAPO64.dll
    2015-06-17 20:03 - 2009-11-23 07:55 - 00518896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSX64.dll
    2015-06-17 20:03 - 2009-11-23 07:55 - 00211184 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSH64.dll
    2015-06-17 20:03 - 2009-11-23 07:55 - 00198896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSHP64.dll
    2015-06-17 20:03 - 2009-11-23 07:55 - 00155888 _____ (SRS Labs, Inc.) C:\windows\system32\SRSWOW64.dll
    2015-06-17 20:02 - 2013-11-05 14:59 - 38747648 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoRes64.dat
    2015-06-17 20:02 - 2013-11-05 14:41 - 00682709 _____ C:\windows\system32\Drivers\RTAIODAT.DAT
    2015-06-17 20:02 - 2013-11-03 17:26 - 00153304 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll
    2015-06-17 20:02 - 2013-10-17 14:41 - 01286360 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
    2015-06-17 20:02 - 2013-10-01 15:10 - 00617176 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll
    2015-06-17 20:02 - 2010-11-07 05:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT64.dll
    2015-06-17 20:02 - 2010-11-07 05:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA64.dll
    2015-06-17 20:02 - 2010-11-07 05:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED64A.dll
    2015-06-17 20:02 - 2010-11-07 05:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG64A.dll
    2015-06-17 20:01 - 2013-10-15 01:43 - 00209096 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll
    2015-06-17 20:01 - 2013-10-10 10:47 - 00113576 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll
    2015-06-17 20:01 - 2013-10-08 18:12 - 02036992 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ64.dll
    2015-06-17 20:01 - 2013-10-08 18:12 - 01012992 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPOShell64.dll
    2015-06-17 20:01 - 2013-08-04 16:11 - 02743328 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll
    2015-06-17 20:01 - 2012-03-07 09:47 - 00108640 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAR64.dll
    2015-06-17 20:01 - 2010-09-26 07:34 - 00318808 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO20.dll
    2015-06-17 19:46 - 2013-08-15 20:13 - 03859968 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athwbx.sys
    2015-06-17 19:24 - 2015-06-17 19:24 - 00000000 ____D C:\Users\Monica\AppData\Roaming\WinBatch
    2015-06-17 18:32 - 2013-08-01 14:34 - 00035672 _____ (COMPAL ELECTRONIC INC.) C:\windows\system32\Drivers\LPCFilter.sys
    2015-06-17 15:39 - 2015-06-17 15:39 - 00000965 _____ C:\Users\Monica\Desktop\CBS.log - Shortcut.lnk
    2015-06-16 15:57 - 2015-06-16 16:11 - 00000000 ____D C:\SFCFix
    2015-06-16 13:17 - 2015-06-16 16:11 - 00000000 ____D C:\Users\Monica\AppData\Local\niemiro
    2015-06-15 20:40 - 2015-06-22 19:18 - 1435506520 _____ C:\windows\MEMORY.DMP
    2015-06-15 20:40 - 2015-06-15 20:41 - 00415712 _____ C:\windows\Minidump\061515-50500-01.dmp
    2015-06-15 13:16 - 2015-06-24 19:18 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-06-15 13:16 - 2015-06-15 13:16 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-06-15 13:16 - 2015-06-15 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-06-15 13:15 - 2015-06-15 13:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-06-15 13:15 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2015-06-15 13:15 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2015-06-15 13:15 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2015-06-15 12:51 - 2015-06-15 12:51 - 00000000 ____D C:\ProgramData\EmailNotifier
    2015-06-15 12:48 - 2015-06-15 12:48 - 00000000 ____D C:\Program Files\Malwarebytes
    2015-06-15 12:30 - 2015-06-15 12:52 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-06-15 12:30 - 2015-06-15 12:30 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Malwarebytes
    2015-06-15 11:30 - 2015-06-15 11:30 - 00000000 ____D C:\Program Files\DIFX
    2015-06-15 11:29 - 2015-06-17 18:32 - 00004894 _____ C:\windows\DPINST.LOG
    2015-06-15 11:29 - 2015-01-22 00:51 - 00301784 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RtsP2Stor.sys
    2015-06-15 11:29 - 2014-10-20 04:50 - 00083160 _____ (Realtek Semiconductor.) C:\windows\system32\RtCRX64.dll
    2015-06-14 22:54 - 2015-06-14 22:54 - 00000000 ____D C:\ProgramData\BSD
    2015-06-14 22:36 - 2015-06-25 11:21 - 02038945 _____ C:\windows\WindowsUpdate.log
    2015-06-14 22:35 - 2015-06-25 11:05 - 00004861 _____ C:\windows\setupact.log
    2015-06-14 22:35 - 2015-06-14 22:35 - 00000000 _____ C:\windows\setuperr.log
    2015-06-14 22:34 - 2015-06-21 21:43 - 00078756 _____ C:\windows\PFRO.log
    2015-06-14 22:10 - 2015-06-14 22:10 - 00000000 ____D C:\Users\Monica\AppData\Local\PackageAware
    2015-06-14 22:10 - 2014-07-24 07:48 - 00036736 _____ (The OpenVPN Project) C:\windows\system32\Drivers\pwftap.sys
    2015-06-14 21:59 - 2015-06-14 21:59 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Auslogics
    2015-06-14 21:52 - 2015-06-18 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    2015-06-14 21:52 - 2015-06-18 12:48 - 00000000 ____D C:\Program Files (x86)\Auslogics
    2015-06-14 21:42 - 2015-06-14 21:42 - 00001172 _____ C:\Users\Public\Desktop\AusLogics BoostSpeed.lnk
    2015-06-14 21:42 - 2015-06-14 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AusLogics BoostSpeed
    2015-06-14 21:41 - 2015-06-14 21:42 - 00000000 ____D C:\Program Files (x86)\AusLogics BoostSpeed
    2015-06-14 21:20 - 2015-06-14 21:20 - 00028163 _____ C:\Users\Monica\Downloads\Auslogics BoostSpeed Premium 7.9.0 DC 07.05.htm
    2015-06-14 19:26 - 2015-06-14 21:57 - 00000000 ____D C:\ProgramData\Auslogics
    2015-06-13 21:08 - 2015-06-13 21:08 - 00000000 ____D C:\Users\Monica\AppData\Local\Microsoft_Corporation
    2015-06-12 18:22 - 2015-06-12 18:22 - 00002062 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
    2015-06-12 18:22 - 2015-06-12 18:22 - 00000000 ____D C:\ProgramData\Visan
    2015-06-12 18:22 - 2015-06-12 18:22 - 00000000 ____D C:\ProgramData\HP Photo Creations
    2015-06-12 18:22 - 2015-06-12 18:22 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
    2015-06-12 18:19 - 2015-06-12 18:19 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    2015-06-12 18:18 - 2015-06-12 18:18 - 00002293 _____ C:\Users\Public\Desktop\HP Officejet 4630 series.lnk
    2015-06-12 18:18 - 2015-06-12 18:18 - 00000000 ____D C:\Users\Monica\AppData\Roaming\HpUpdate
    2015-06-12 18:18 - 2014-07-21 16:31 - 00763912 _____ (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPMC611.dll
    2015-06-12 18:14 - 2015-06-12 18:14 - 00000000 ____D C:\ProgramData\HP
    2015-06-12 18:13 - 2015-06-12 18:20 - 00000000 ____D C:\Program Files (x86)\HP
    2015-06-12 18:13 - 2015-06-12 18:13 - 00000000 ____D C:\Program Files\HP
    2015-06-12 18:10 - 2015-06-12 18:10 - 00000057 _____ C:\ProgramData\Ament.ini
    2015-06-12 17:57 - 2015-06-12 18:22 - 00000000 ____D C:\Users\Monica\AppData\Local\HP
    2015-06-12 15:36 - 2015-06-12 15:36 - 00032667 _____ C:\ProgramData\1434137700.bdinstall.bin
    2015-06-10 23:11 - 2015-06-10 23:11 - 00001764 _____ C:\Users\Monica\Desktop\Applicant-Checklist.pdf - Shortcut.lnk
    2015-06-09 12:36 - 2015-06-09 12:36 - 00000000 ____D C:\ProgramData\ProcessLasso
    2015-06-09 12:34 - 2015-06-09 12:34 - 00000000 ____D C:\Users\Monica\AppData\Roaming\ProcessLasso
    2015-06-08 22:13 - 2015-06-08 22:13 - 00001975 _____ C:\Users\Monica\Desktop\MV_Tag_and_or_Title_Application.pdf.lnk
    2015-06-05 17:31 - 2015-06-05 17:31 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Aspell
    2015-06-05 12:18 - 2015-06-05 12:18 - 00001795 _____ C:\Users\Monica\Desktop\2289808_228_20150528_2.pdf - Shortcut.lnk
    2015-06-05 12:13 - 2015-06-05 12:13 - 00001631 _____ C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Foxit Advanced PDF Editor.lnk
    2015-06-05 12:10 - 2015-06-05 12:10 - 00000000 ____D C:\Program Files\Foxit Software
    2015-06-04 22:48 - 2015-06-04 22:48 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Buku Dominoes
    2015-06-03 20:03 - 2015-04-20 22:49 - 00333656 _____ (Total Defense, Inc.) C:\windows\system32\isafprod64.dll
    2015-06-03 20:03 - 2015-04-20 22:49 - 00268120 _____ (Total Defense, Inc.) C:\windows\SysWOW64\Isafprod.dll
    2015-06-03 20:03 - 2015-04-20 22:47 - 00141656 _____ (Computer Associates International, Inc.) C:\windows\system32\Isafeif64.dll
    2015-06-03 20:03 - 2015-04-20 22:47 - 00128856 _____ (Computer Associates International, Inc.) C:\windows\SysWOW64\Isafeif.dll
    2015-06-03 20:03 - 2015-04-20 22:47 - 00104280 _____ (Computer Associates International, Inc.) C:\windows\system32\Vetredir64.dll
    2015-06-03 20:03 - 2015-04-20 22:47 - 00096088 _____ (Computer Associates International, Inc.) C:\windows\SysWOW64\Vetredir.dll
    2015-06-03 19:59 - 2015-06-03 19:59 - 02539576 _____ () C:\windows\SysWOW64\winsflt_x64.dll
    2015-06-03 19:59 - 2015-03-05 10:49 - 00292920 _____ C:\windows\SysWOW64\winsfinst_x64.exe
    2015-06-03 19:59 - 2015-03-05 10:45 - 03214904 _____ () C:\windows\system32\mdmc3cfa.rra
    2015-06-03 19:58 - 2002-01-01 13:02 - 00007440 _____ (Microsoft Corporation) C:\windows\SysWOW64\sporder.dll
    2015-06-03 19:57 - 2015-06-03 19:57 - 00000000 ____D C:\Program Files\Total Defense
    2015-06-03 19:56 - 2015-06-03 19:56 - 00000000 ____D C:\ProgramData\CA
    2015-06-03 19:55 - 2015-06-03 20:04 - 00000000 ____D C:\ProgramData\TotalDefense
    2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3AC4.tmp
    2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3A46.tmp
    2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE556.tmp
    2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE4D8.tmp
    2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD8098.tmp
    2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD7FFB.tmp
    2015-06-02 13:56 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
    2015-06-02 13:56 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
    2015-06-02 13:56 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
    2015-06-02 13:56 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
    2015-06-02 13:56 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
    2015-06-02 13:56 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
    2015-06-02 13:56 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
    2015-06-02 13:56 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
    2015-06-02 13:56 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
    2015-06-02 13:56 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
    2015-06-02 13:56 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
    2015-06-02 13:56 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
    2015-06-02 13:56 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
    2015-06-02 13:56 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
    2015-06-02 13:56 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
    2015-06-02 13:56 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
    2015-06-02 13:56 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
    2015-06-02 13:56 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
    2015-06-02 13:56 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
    2015-06-02 13:56 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
    2015-06-02 13:56 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
    2015-06-02 13:56 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
    2015-06-02 13:56 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
    2015-06-02 13:56 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
    2015-06-02 13:56 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
    2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFB6A.tmp
    2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFAEC.tmp
    2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD9468.tmp
    2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD93DA.tmp
    2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD318C.tmp
    2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD310E.tmp
    2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD47AE.tmp
    2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD4730.tmp
    2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE8DA.tmp
    2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE86B.tmp
    2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8821.tmp
    2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8793.tmp
    2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1B22.tmp
    2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1A85.tmp
    2015-06-02 13:35 - 2015-06-10 11:47 - 00000000 ____D C:\Users\Monica\Crack
    2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBAA8.tmp
    2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBA2A.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF238.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE9A6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE18B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDBB6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB349.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8C10.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8084.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET6F55.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4060.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET3432.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET29F0.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET13B4.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF646.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF016.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE57A.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE10C.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETB6FA.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET90BB.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET83F6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET7874.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET442F.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET3755.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET2DC0.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET1784.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETF588.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETEF29.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETE4CC.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETDEB9.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETB64C.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET900D.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET8339.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET76CC.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET4333.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET36B7.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET2CC4.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET16C6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETF5E7.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETEF98.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETE51B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETDF17.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETB69B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET906B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET8397.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET773A.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET43D1.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET3706.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET2D51.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET1725.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF7BE.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF101.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE5C9.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE1D9.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETB759.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET9119.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET8455.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET7A0B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET447F.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET37B4.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET2E2E.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET17E3.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF5C6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF4CB.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF3C0.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEC58.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE2C6.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDCE1.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB4C2.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8DF6.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET81BF.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET733F.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET418B.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET353D.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B2A.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET14EF.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF43E.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETED24.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE334.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDD5F.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB531.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8E94.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET824C.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET73EC.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4209.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET35BB.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B99.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET157C.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETF4EB.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETEE7D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETE3C2.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETDE1B.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETB5CE.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET8F6F.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET82CA.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET7525.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET42B5.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET3649.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET2C46.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET1639.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF313.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEA72.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE238.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDC73.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB416.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8D4A.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8131.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET707F.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET40FD.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET34CF.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2AAC.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET1461.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF81D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF170.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE618.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE237.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETB7A8.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET9168.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET84F2.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET7C7D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET44CE.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET3803.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET2E8D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET1841.tmp
    2015-06-02 13:19 - 2015-06-02 13:19 - 00000000 ____D C:\Users\Monica\AppData\Local\GWX
    2015-05-31 16:44 - 2015-05-31 16:44 - 00000000 ____D C:\Users\Monica\AppData\Roaming\MagicIndie
    2015-05-31 11:25 - 2015-05-31 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pistonsoft Text to Speech Converter
    2015-05-31 11:25 - 2015-05-31 11:25 - 00000000 ____D C:\Program Files (x86)\Pistonsoft Text to Speech Converter
    2015-05-27 18:56 - 2015-06-25 11:14 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4116287391-1936068046-2123032155-1001
    2015-05-27 18:50 - 2015-05-27 18:50 - 00000000 ____D C:\Users\Monica\Documents\Vibosoft files
    2015-05-27 18:50 - 2015-05-27 18:50 - 00000000 ____D C:\Users\Monica\Documents\Vibosoft
    2015-05-27 18:50 - 2015-05-27 18:50 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Vibosoft
    2015-05-27 18:50 - 2015-05-27 18:50 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vibosoft
    2015-05-27 18:49 - 2015-05-27 18:49 - 00000000 ____D C:\Program Files (x86)\Vibosoft
    2015-05-27 12:08 - 2015-05-27 12:08 - 00000000 ____D C:\ProgramData\FreshGames
    2015-05-26 10:50 - 2015-05-27 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
    2015-05-26 10:50 - 2015-05-26 10:50 - 00000000 ____D C:\ProgramData\com.gamehouse.acid
    2015-05-26 10:46 - 2015-05-27 12:07 - 00000000 ____D C:\Users\Monica\AppData\Local\com.gamehouse.acid

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-25 11:27 - 2015-02-09 23:28 - 00008192 _____ C:\windows\SysWOW64\WDPABKP.dat
    2015-06-25 11:21 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
    2015-06-25 11:16 - 2015-02-09 22:34 - 00000000 ____D C:\Users\Monica\AppData\Roaming\DMCache
    2015-06-25 11:05 - 2013-08-22 11:36 - 00000000 ____D C:\windows\Registration
    2015-06-25 11:05 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2015-06-25 11:04 - 2014-03-05 11:56 - 00065536 _____ C:\windows\system32\spu_storage.bin
    2015-06-25 11:02 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sru
    2015-06-25 11:01 - 2015-02-09 23:36 - 00000000 __RDO C:\Users\Monica\SkyDrive
    2015-06-25 11:00 - 2015-02-11 00:52 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-06-25 09:05 - 2013-08-24 17:38 - 00891984 _____ C:\windows\system32\PerfStringBackup.INI
    2015-06-25 09:05 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\NDF
    2015-06-24 22:16 - 2015-05-14 19:06 - 00052224 ___SH C:\Users\Monica\Desktop\Thumbs.db
    2015-06-24 15:06 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
    2015-06-24 06:01 - 2015-02-11 00:52 - 00004176 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-24 05:44 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
    2015-06-24 00:08 - 2015-04-16 18:23 - 00000028 _____ C:\windows\popcinfo.dat
    2015-06-23 11:41 - 2015-04-15 10:14 - 00000000 ____D C:\Users\Monica\Desktop\Today App
    2015-06-23 11:28 - 2015-02-09 22:34 - 00000000 ____D C:\Users\Monica\Downloads\Compressed
    2015-06-22 20:42 - 2015-02-11 20:50 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Hoyle Card Games 2012
    2015-06-22 20:40 - 2015-03-30 14:48 - 00000000 ____D C:\ProgramData\AMD
    2015-06-22 20:37 - 2015-02-15 00:12 - 00000000 ____D C:\Program Files\AMD
    2015-06-22 19:21 - 2015-02-09 20:54 - 00000000 ____D C:\Users\Monica
    2015-06-22 19:18 - 2015-03-30 16:22 - 00000000 ____D C:\windows\Minidump
    2015-06-21 21:27 - 2013-08-22 10:44 - 00443680 _____ C:\windows\system32\FNTCACHE.DAT
    2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
    2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-06-21 20:56 - 2013-08-22 15:12 - 00000000 ____D C:\Program Files\Windows Journal
    2015-06-21 20:56 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2015-06-21 20:56 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2015-06-21 20:56 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
    2015-06-21 20:56 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
    2015-06-21 20:56 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
    2015-06-21 20:55 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
    2015-06-21 20:55 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\sppui
    2015-06-21 20:55 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\setup
    2015-06-21 20:55 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\migwiz
    2015-06-21 20:55 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\inetsrv
    2015-06-21 20:55 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\Com
    2015-06-21 20:55 - 2013-08-22 09:36 - 00000000 ____D C:\windows\SysWOW64\oobe
    2015-06-21 20:55 - 2013-08-22 09:36 - 00000000 ____D C:\windows\SysWOW64\Dism
    2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\WinStore
    2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sr-Latn-RS
    2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sk-SK
    2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\lv-LV
    2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\hr-HR
    2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\et-EE
    2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\en-GB
    2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\Com
    2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\MediaViewer
    2015-06-21 20:50 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\Sysprep
    2015-06-21 20:50 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\oobe
    2015-06-21 20:49 - 2015-04-07 22:11 - 00000000 ___SD C:\windows\system32\GWX
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\zh-HK
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\WinBioPlugIns
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\uk-UA
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\tr-TR
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\th-TH
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sr-Latn-CS
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sppui
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sl-SI
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\setup
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\ro-RO
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\lt-LT
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\inetsrv
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\he-IL
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\bg-BG
    2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\ar-SA
    2015-06-21 20:49 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers
    2015-06-21 20:48 - 2013-08-22 11:36 - 00000000 ___SD C:\windows\system32\dsc
    2015-06-21 20:48 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\SystemResetPlatform
    2015-06-21 20:48 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\migwiz
    2015-06-21 20:48 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\Dism
    2015-06-21 20:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\PolicyDefinitions
    2015-06-21 20:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\IME
    2015-06-21 20:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\FileManager
    2015-06-21 20:42 - 2013-08-22 09:36 - 00000000 ____D C:\windows\servicing
    2015-06-21 20:41 - 2013-08-22 11:36 - 00000000 ____D C:\windows\Camera
    2015-06-21 20:41 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2015-06-21 20:41 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2015-06-21 20:41 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2015-06-21 20:41 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2015-06-21 20:40 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\InputMethod
    2015-06-21 20:40 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\WindowsPowerShell
    2015-06-21 20:16 - 2013-08-22 11:36 - 00195072 _____ (Microsoft Corporation) C:\windows\SysWOW64\msclmd.dll
    2015-06-21 20:15 - 2013-08-22 11:36 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\msclmd.dll
    2015-06-20 23:18 - 2015-04-01 09:34 - 00002394 _____ C:\windows\System32\Tasks\Uninstaller_SkipUac_Monica
    2015-06-20 23:18 - 2015-04-01 09:34 - 00000292 _____ C:\windows\Tasks\Uninstaller_SkipUac_Monica.job
    2015-06-20 19:05 - 2015-03-13 21:03 - 00000000 ___RD C:\Users\Monica\Dropbox
    2015-06-19 23:19 - 2015-03-02 12:24 - 00000000 ____D C:\Users\Monica\Desktop\General
    2015-06-19 23:02 - 2013-08-22 11:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-06-19 23:02 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-19 20:49 - 2015-02-11 01:20 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Hoyle Puzzle and Board Games
    2015-06-18 13:35 - 2015-02-11 03:07 - 00000000 ____D C:\windows\system32\MRT
    2015-06-18 13:14 - 2015-02-11 03:07 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2015-06-17 21:33 - 2015-02-09 20:56 - 00000000 ____D C:\Users\Monica\AppData\Local\Packages
    2015-06-17 21:28 - 2013-08-22 09:25 - 00000236 _____ C:\windows\win.ini
    2015-06-17 20:43 - 2015-02-11 15:13 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
    2015-06-17 20:06 - 2015-02-11 00:51 - 00000000 ____D C:\Users\Monica\AppData\Local\Adobe
    2015-06-17 20:00 - 2014-03-05 12:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-06-17 19:55 - 2014-03-05 12:11 - 00000000 ___HD C:\Program Files (x86)\Temp
    2015-06-17 19:47 - 2014-03-05 12:13 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
    2015-06-17 19:23 - 2014-03-05 12:11 - 00000000 ____D C:\Program Files (x86)\Realtek
    2015-06-17 19:15 - 2013-09-03 00:57 - 00000000 ____D C:\SWSETUP
    2015-06-17 19:11 - 2015-02-10 00:58 - 00000000 ____D C:\Users\Monica\AppData\Local\Hewlett-Packard
    2015-06-17 17:50 - 2015-02-26 18:21 - 00000374 _____ C:\windows\system32\Drivers\etc\hosts.ics
    2015-06-16 17:40 - 2015-02-10 01:14 - 00000459 _____ C:\Users\Monica\AppData\Roaming\Weather Meter_Settings.ini
    2015-06-15 20:31 - 2015-02-09 23:58 - 00000000 ____D C:\Users\Monica\Discovered
    2015-06-15 14:13 - 2015-02-09 23:21 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Azureus
    2015-06-14 21:23 - 2015-02-09 23:21 - 00000000 ____D C:\Program Files\Vuze
    2015-06-13 12:26 - 2015-03-19 23:21 - 00000000 ____D C:\Program Files (x86)\IObit
    2015-06-12 18:22 - 2014-03-05 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-06-12 18:22 - 2014-03-05 12:07 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2015-06-12 15:53 - 2015-02-09 22:34 - 00000000 ____D C:\Users\Monica\AppData\Roaming\IDM
    2015-06-12 15:44 - 2015-03-19 23:21 - 00000000 ____D C:\Users\Monica\AppData\Roaming\IObit
    2015-06-12 15:39 - 2015-02-10 22:50 - 00000000 ____D C:\Program Files\Bitdefender
    2015-06-12 14:40 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\BBI
    2015-06-08 17:26 - 2015-02-09 22:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-06-06 12:12 - 2015-04-07 23:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-06-06 11:53 - 2015-03-19 23:21 - 00000000 ____D C:\ProgramData\ProductData
    2015-06-04 22:48 - 2015-02-09 22:01 - 00000000 ____D C:\Program Files (x86)\GAMES
    2015-06-04 11:56 - 2015-02-09 22:34 - 00000000 ____D C:\Users\Monica\Downloads\Video
    2015-06-01 15:01 - 2015-03-11 00:05 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
    2015-06-01 14:01 - 2015-03-13 21:01 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-05-31 16:22 - 2015-02-09 23:46 - 00000000 ____D C:\Users\Monica\.rainlendar2
    2015-05-31 11:36 - 2015-05-17 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playrix Entertainment
    2015-05-31 11:30 - 2015-05-17 21:13 - 00000000 ____D C:\Program Files (x86)\Playrix Entertainment
    2015-05-27 12:07 - 2015-05-23 18:44 - 00000000 ____D C:\ProgramData\Trymedia

    ==================== Files in the root of some directories =======

    2015-04-11 12:09 - 2015-04-11 12:22 - 298812648 _____ () C:\Program Files\PhotoDirector_5.0.5724.51476_GM5_HE_LE_HE_PTD141222-01.exe
    2015-02-10 01:14 - 2015-06-16 17:40 - 0000459 _____ () C:\Users\Monica\AppData\Roaming\Weather Meter_Settings.ini
    2015-02-10 23:07 - 2015-02-10 23:07 - 0581824 _____ () C:\ProgramData\1423622981.bdinstall.bin
    2015-04-20 19:41 - 2015-04-20 19:41 - 0324960 _____ () C:\ProgramData\1429573007.bdinstall.bin
    2015-04-20 19:41 - 2015-04-20 19:41 - 0049287 _____ () C:\ProgramData\1429573245.bdinstall.bin
    2015-06-12 15:36 - 2015-06-12 15:36 - 0032667 _____ () C:\ProgramData\1434137700.bdinstall.bin
    2015-06-12 18:10 - 2015-06-12 18:10 - 0000057 _____ () C:\ProgramData\Ament.ini

    Files to move or delete:
    ====================
    C:\Users\Monica\advanced-systemcare-setup.exe


    Some files in TEMP:
    ====================
    C:\Users\Monica\AppData\Local\Temp\$$$EOUI.exe
    C:\Users\Monica\AppData\Local\Temp\$$$HRLM.exe
    C:\Users\Monica\AppData\Local\Temp\$$$TKEL.exe
    C:\Users\Monica\AppData\Local\Temp\$$$WOFV.exe
    C:\Users\Monica\AppData\Local\Temp\raptrpatch.exe
    C:\Users\Monica\AppData\Local\Temp\raptr_stub.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    ==================== BCD ================================

    Firmware Boot Manager
    ---------------------
    identifier {fwbootmgr}
    displayorder {bootmgr}
    {f10c3a02-f77f-11e4-8282-806e6f6e6963}
    {f10c3a03-f77f-11e4-8282-806e6f6e6963}
    {f10c3a04-f77f-11e4-8282-806e6f6e6963}
    {7b2b78c8-1200-11e5-82b3-806e6f6e6963}
    {7b2b78c9-1200-11e5-82b3-806e6f6e6963}
    {7b2b78ca-1200-11e5-82b3-806e6f6e6963}
    {ccbc006c-12ee-11e5-82b5-806e6f6e6963}
    {ccbc006d-12ee-11e5-82b5-806e6f6e6963}
    {ccbc006e-12ee-11e5-82b5-806e6f6e6963}
    timeout 0

    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=\Device\HarddiskVolume2
    path \EFI\Microsoft\Boot\bootmgfw.efi
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    integrityservices Enable
    default {current}
    resumeobject {3ac473bd-a48a-11e3-bd39-c57cb637ed7d}
    displayorder {current}
    toolsdisplayorder {memdiag}
    timeout 30

    Firmware Application (101fffff)
    -------------------------------
    identifier {7b2b78c8-1200-11e5-82b3-806e6f6e6963}
    description UEFI: IPv6 Realtek PCIe GBE Family Controller

    Firmware Application (101fffff)
    -------------------------------
    identifier {7b2b78c9-1200-11e5-82b3-806e6f6e6963}
    description USB Floppy/CD

    Firmware Application (101fffff)
    -------------------------------
    identifier {7b2b78ca-1200-11e5-82b3-806e6f6e6963}
    description Hard Drive

    Firmware Application (101fffff)
    -------------------------------
    identifier {ccbc006c-12ee-11e5-82b5-806e6f6e6963}
    description UEFI:CD/DVD Drive

    Firmware Application (101fffff)
    -------------------------------
    identifier {ccbc006d-12ee-11e5-82b5-806e6f6e6963}
    description UEFI:Removable Device

    Firmware Application (101fffff)
    -------------------------------
    identifier {ccbc006e-12ee-11e5-82b5-806e6f6e6963}
    description UEFI:Network Device

    Firmware Application (101fffff)
    -------------------------------
    identifier {f10c3a02-f77f-11e4-8282-806e6f6e6963}
    description USB Floppy/CD

    Firmware Application (101fffff)
    -------------------------------
    identifier {f10c3a03-f77f-11e4-8282-806e6f6e6963}
    description USB Hard Drive

    Firmware Application (101fffff)
    -------------------------------
    identifier {f10c3a04-f77f-11e4-8282-806e6f6e6963}
    description UEFI: IPv4 Realtek PCIe GBE Family Controller

    Windows Boot Loader
    -------------------
    identifier {3ac473b9-a48a-11e3-bd39-c57cb637ed7d}
    device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3ac473ba-a48a-11e3-bd39-c57cb637ed7d}
    path \windows\system32\winload.efi
    description Windows Recovery Environment
    locale en-us
    inherit {bootloadersettings}
    displaymessage Recovery
    osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3ac473ba-a48a-11e3-bd39-c57cb637ed7d}
    systemroot \windows
    nx OptIn
    bootmenupolicy Standard
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {3ac473bb-a48a-11e3-bd39-c57cb637ed7d}
    device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3ac473bc-a48a-11e3-bd39-c57cb637ed7d}
    path \windows\system32\winload.efi
    description Windows Recovery Environment
    locale en-US
    inherit {bootloadersettings}
    displaymessage Recovery
    displaymessageoverride Recovery
    osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3ac473bc-a48a-11e3-bd39-c57cb637ed7d}
    systemroot \windows
    nx OptIn
    bootmenupolicy Standard
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {current}
    device partition=C:
    path \windows\system32\winload.efi
    description Windows 8.1
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {3ac473bb-a48a-11e3-bd39-c57cb637ed7d}
    integrityservices Enable
    recoveryenabled Yes
    isolatedcontext Yes
    allowedinmemorysettings 0x15000075
    osdevice partition=C:
    systemroot \windows
    resumeobject {3ac473bd-a48a-11e3-bd39-c57cb637ed7d}
    nx OptIn
    bootmenupolicy Standard

    Resume from Hibernate
    ---------------------
    identifier {3ac473bd-a48a-11e3-bd39-c57cb637ed7d}
    device partition=C:
    path \windows\system32\winresume.efi
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    recoverysequence {3ac473bb-a48a-11e3-bd39-c57cb637ed7d}
    recoveryenabled Yes
    isolatedcontext Yes
    allowedinmemorysettings 0x15000075
    filedevice partition=C:
    filepath \hiberfil.sys
    bootmenupolicy Standard
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=\Device\HarddiskVolume2
    path \EFI\Microsoft\Boot\memtest.efi
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    EMS Settings
    ------------
    identifier {emssettings}
    bootems No

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}

    Hypervisor Settings
    -------------------
    identifier {hypervisorsettings}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {3ac473ba-a48a-11e3-bd39-c57cb637ed7d}
    description Windows Recovery
    ramdisksdidevice partition=\Device\HarddiskVolume1
    ramdisksdipath \Recovery\WindowsRE\boot.sdi

    Device options
    --------------
    identifier {3ac473bc-a48a-11e3-bd39-c57cb637ed7d}
    description Windows Recovery
    ramdisksdidevice partition=\Device\HarddiskVolume1
    ramdisksdipath \Recovery\WindowsRE\boot.sdi



    LastRegBack: 2015-06-24 04:07

    ==================== End of log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
    Ran by Monica at 2015-06-25 11:31:16
    Running from C:\Users\Monica\Downloads\Programs
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4116287391-1936068046-2123032155-500 - Administrator - Disabled)
    Guest (S-1-5-21-4116287391-1936068046-2123032155-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4116287391-1936068046-2123032155-1005 - Limited - Enabled)
    kingken (S-1-5-21-4116287391-1936068046-2123032155-1006 - Limited - Enabled)
    Monica (S-1-5-21-4116287391-1936068046-2123032155-1001 - Administrator - Enabled) => C:\Users\Monica

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    1stFlip FlipBook Creator version 1.01.152 (HKLM-x32\...\{6682CF58-7828-4195-8009-F84C3CBF4E2E}_is1) (Version: 1.01.152 - 1stflip, Inc.)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    8GadgetPack (HKLM-x32\...\{D328A547-552F-4B3D-AF00-6E1D2BE62702}) (Version: 13.0.0 - Helmut Buhler)
    ACPsoft PDF Converter (HKLM-x32\...\ACPsoft PDF Converter) (Version: 2.0 - ACPsoft)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
    Adoreshare M4V Converter Genius (HKLM-x32\...\Adoreshare M4V Converter Genius) (Version: - Adoreshare, Inc.)
    ********* Audio Converter 6.3.20 (HKLM-x32\...\{4061F26E-B6D6-443c-994B-01194541A2D7}_is1) (Version: 6.3.20 - ********* Studio)
    AMD Catalyst Install Manager (HKLM\...\{453294E1-F95E-C930-7517-BDC9209ADE10}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
    Apowersoft Screen Capture Pro V1.1.3 (HKLM-x32\...\{eaee5526-f8bd-4d74-a24c-50e5b5f36521}_is1) (Version: 1.1.3 - APOWERSOFT LIMITED)
    Auslogics BoostSpeed Premium (HKLM-x32\...\Auslogics BoostSpeed Premium 7.9.0.0) (Version: - )
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bookworm (HKLM-x32\...\33cb11b38a46f4ff839ff5541899f1ff) (Version: - GameHouse)
    Brink of Consciousness Dorian Gray Syndrome (HKLM-x32\...\Brink of Consciousness Dorian Gray Syndrome_is1) (Version: 1.0 - Playrix Entertainment)
    Buku Dominoes (HKLM-x32\...\Buku DominoesFinal) (Version: Final - Game Owl)
    Cobi Treasure Deluxe (HKLM-x32\...\Cobi Treasure DeluxeFinal) (Version: Final - AllSmartGames)
    Coolmuster ePub Converter (HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Coolmuster ePub Converter) (Version: 2.1.13 - Coolmuster)
    Crystalinx (HKLM-x32\...\CrystalinxFinal) (Version: Final - AllSmartGames)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
    Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
    CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5724.0 - CyberLink Corp.)
    CyberLink PhotoDirector 5 (Version: 5.0.5724.0 - CyberLink Corp.) Hidden
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dropbox (HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
    EMET 4.1 Update 1 (HKLM-x32\...\{6A09FEB2-691C-456B-B982-2F6D21B19602}) (Version: 4.1.1 - Microsoft Corporation)
    Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
    Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
    GameHouse Games Collection: Mad Caps (HKLM-x32\...\Mad Caps) (Version: - )
    GiliSoft Screen Recorder 6.1.0 (HKLM-x32\...\{2F9CCB8C-8584-45CF-B916-E8C98F6497A4}_is1) (Version: 6.1.0 - GiliSoft International LLC.)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    Hoyle Puzzle and Board Games 2012 (HKLM-x32\...\Hoyle Puzzle and Board Games 20121.0) (Version: 1.0 - Foxy Games)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
    HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
    HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
    HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
    Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
    MyDriveConnect 4.0.2.2123 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.2.2123 - TomTom)
    Myths of the World - The Heart of Desolation Collectors Edition (HKLM-x32\...\Myths of the World - The Heart of Desolation Collectors EditionFinal) (Version: Final - Game Owl)
    Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Pahelika Rrevelations (HKLM-x32\...\Pahelika Rrevelations_is1) (Version: 1.0 - Playrix Entertainment)
    PhotoScissors 2.0 (HKLM\...\{664FCCAE-8187-4EC5-B191-758C040C999C}_is1) (Version: - teorex)
    Picture Collage Maker 4.1.2 (HKLM-x32\...\{D53599B0-AA76-4CC6-B9EF-CC2F27B56F24}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
    Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
    Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
    Pistonsoft Text to Speech Converter 1.26.0 (HKLM-x32\...\Pistonsoft Text to Speech Converter_is1) (Version: - Pistonsoft)
    Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7084 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
    Reflections of Life 2 - Equilibrium Collector's Edition (HKLM-x32\...\Reflections of Life 2 - Equilibrium Collector's EditionFinal) (Version: Final - Game Owl)
    RonyaSoft Poster Designer (Poster Forge) 2.02 (HKLM-x32\...\RonyaSoft Poster Designer (Poster Forge)) (Version: 2.02 - RonyaSoft)
    Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    Start Menu X version 5.46 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 5.46 - OrdinarySoft)
    Subliminal Blaster Powered 4 (HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Subliminal Blaster Powered 4) (Version: 4.0.1.0 - Subliminal Blaster Project Team)
    Subliminal Messages (HKLM-x32\...\{5583D2D0-C960-441C-ACA7-3A0E06C471EC}) (Version: 1.1.2.0 - Mind of Winner)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Taken Souls - Blood Ritual Collector's Edition (HKLM-x32\...\Taken Souls - Blood Ritual Collector's EditionFinal) (Version: Final - Game-Owl.com)
    ThunderSoft Flash Gallery Creator (1.8.4.0) (HKLM-x32\...\ThunderSoft Flash Gallery Creator_is1) (Version: 1.8.4.0 - ThunderSoft)
    TTS (HKLM-x32\...\{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}) (Version: 1.0.0.0 - ZoomCommerce Co., Ltd.)
    Vibosoft PDF Password Remover (HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Vibosoft PDF Password Remover) (Version: 2.1.10 - Vibosoft)
    Video Converter (HKLM-x32\...\Video Converter) (Version: - Tenorshare, Inc.)
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
    WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
    WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
    WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{F6FE3205-7737-4772-9017-C7ACD8A5561C}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
    Windows Driver Package - Compal Electronics, INC. (LPCFilter) System (07/17/2013 1.0.64.7) (HKLM\...\BFB1E8A5D4648875943225EF2EAD7388E4A14B63) (Version: 07/17/2013 1.0.64.7 - Compal Electronics, INC.)
    Windows Driver Package - Realtek Semiconduct Corp. (RSP2STOR) MTD (02/10/2015 6.3.9600.29086) (HKLM\...\253AFE669EBEDDCFF791E15B40F76D608394EE4C) (Version: 02/10/2015 6.3.9600.29086 - Realtek Semiconduct Corp.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Word Mojo Gold (HKLM-x32\...\d6f17c74aa0b49ddbd783e38d926a528) (Version: - GameHouse)
    Word Travels (HKLM-x32\...\Word Travels1.0) (Version: 1.0 - AllSmartGames)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    03-06-2015 19:59:01 Installed CA Parental Controls
    11-06-2015 12:55:27 Scheduled Checkpoint
    12-06-2015 14:56:46 IObit Uninstaller restore point
    15-06-2015 11:23:55 Driver-auto-backup 6/15/2015
    16-06-2015 19:52:18 Driver-auto-backup 6/16/2015
    17-06-2015 18:34:17 HPSF Applying updates
    17-06-2015 18:57:55 Installed HP Support Solutions Framework
    25-06-2015 00:06:30 6/25/15

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 09:25 - 2015-06-14 22:54 - 00000852 ____A C:\windows\system32\Drivers\etc\hosts
    127.0.0.1 lm.auslogics.com

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {09FA7F86-DCBD-4B31-BAB6-7AB69CF045A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {1180BA1E-B2EA-4BA6-A3FF-3957129D0C9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {1DDFC460-1D5C-48DE-8A8C-B6A125961D88} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
    Task: {42D6C018-FAD6-44F4-9817-A1560ACC0D20} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
    Task: {430076CF-838D-4432-A449-1D98D80DCD04} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-18] (Microsoft Corporation)
    Task: {467E68AB-4B6F-48DB-B85C-3954AF085512} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {6581C5C0-C9DD-4DAC-822C-BB1504EEE43C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
    Task: {6E19930A-1B41-4E60-BC74-4B23900BF8EC} - System32\Tasks\Uninstaller_SkipUac_Monica => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-04-01] (IObit)
    Task: {6FEE490B-0DAD-4F94-A1B6-563389E5F995} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
    Task: {87C35758-1A5B-4093-AB93-97C6398FCEA6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
    Task: {8C7430D6-8277-443E-B42B-E0847453C436} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
    Task: {C87E7A29-5E7C-4286-BE33-999ED79995ED} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
    Task: {E4F6F5B5-10D2-4A87-A4CC-CD79C6F38B28} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
    Task: {E900B40B-53AB-4270-ADD0-A1D714180665} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
    Task: {FB2322DA-06A4-45EE-9C63-CAB07A16B1FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\Uninstaller_SkipUac_Monica.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-05-28 17:23 - 2014-05-28 17:23 - 00098512 _____ () C:\Program Files (x86)\EMET 4.1\EMET_CE64.DLL
    2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
    2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
    2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2015-06-20 03:06 - 2015-06-20 03:06 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2013-10-14 11:30 - 2013-10-14 11:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2014-08-27 12:32 - 2015-06-18 19:32 - 00984576 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\SubliminalMessages.exe
    2015-06-18 20:03 - 2013-08-18 13:54 - 07244800 _____ () C:\SB\SB4\SB4.exe
    2015-02-09 22:01 - 2014-05-28 16:23 - 00131280 _____ () C:\Program Files (x86)\EMET 4.1\HelperLib.dll
    2015-02-09 22:01 - 2014-05-28 16:23 - 00044752 _____ () C:\Program Files (x86)\EMET 4.1\ReportingSubsystem.dll
    2014-05-28 17:23 - 2014-05-28 17:23 - 00348160 _____ () C:\Program Files (x86)\EMET 4.1\DevExpress.UserSkins.HighContrast.dll
    2015-02-09 22:01 - 2014-05-28 16:23 - 00039632 _____ () C:\Program Files (x86)\EMET 4.1\TrayIconSubsystem.dll
    2015-02-09 22:01 - 2014-05-28 16:23 - 00059080 _____ () C:\Program Files (x86)\EMET 4.1\PKIPinningSubsystem.dll
    2015-06-20 03:06 - 2015-06-20 03:06 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2014-03-05 12:17 - 2013-08-05 03:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-08-05 19:48 - 2013-08-05 19:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2015-04-28 13:53 - 2015-04-28 13:53 - 00140288 _____ () C:\Program Files (x86)\MyDrive Connect\quazip.dll
    2014-09-11 11:06 - 2014-09-11 11:06 - 00878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
    2014-09-11 11:05 - 2014-09-11 11:05 - 00036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
    2014-09-11 11:06 - 2014-09-11 11:06 - 00038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
    2014-09-11 11:14 - 2014-09-11 11:14 - 00032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
    2014-09-11 11:05 - 2014-09-11 11:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
    2014-09-11 11:14 - 2014-09-11 11:14 - 00027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
    2014-09-11 11:05 - 2014-09-11 11:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
    2014-09-11 11:14 - 2014-09-11 11:14 - 00381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
    2014-09-11 11:05 - 2014-09-11 11:05 - 00204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
    2014-09-11 11:14 - 2014-09-11 11:14 - 00218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
    2014-09-11 11:08 - 2014-09-11 11:08 - 00015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
    2014-09-11 11:14 - 2014-09-11 11:14 - 00015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
    2014-09-11 11:15 - 2014-09-11 11:15 - 00307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
    2014-09-11 11:15 - 2014-09-11 11:15 - 00014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
    2014-09-11 11:15 - 2014-09-11 11:15 - 00252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
    2013-04-17 21:18 - 2013-04-17 21:18 - 00544817 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\libgcc_s_dw2-1.dll
    2013-04-17 21:19 - 2013-04-17 21:19 - 00989805 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\libstdc++-6.dll
    2013-04-22 19:03 - 2013-04-22 19:03 - 03369922 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\icuin51.dll
    2013-04-22 19:03 - 2013-04-22 19:03 - 01978690 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\icuuc51.dll
    2013-04-22 19:03 - 2013-04-22 19:03 - 22378434 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\icudt51.dll
    2013-12-08 21:14 - 2013-12-08 21:14 - 01269760 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\platforms\qwindows.dll
    2013-12-08 21:13 - 2013-12-08 21:13 - 00261120 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qjpeg.dll
    2013-12-08 21:13 - 2013-12-08 21:13 - 00051200 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qgif.dll
    2013-12-08 21:13 - 2013-12-08 21:13 - 00052224 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qico.dll
    2013-12-08 21:23 - 2013-12-08 21:23 - 00381952 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qmng.dll
    2013-12-08 21:23 - 2013-12-08 21:23 - 00046592 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qtga.dll
    2013-12-08 21:23 - 2013-12-08 21:23 - 00442368 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qtiff.dll
    2013-12-08 21:23 - 2013-12-08 21:23 - 00045056 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qwbmp.dll
    2014-05-28 17:23 - 2014-05-28 17:23 - 00089808 _____ () C:\Program Files (x86)\EMET 4.1\EMET_CE.DLL
    2015-02-09 23:42 - 2005-01-05 14:47 - 01132272 _____ () C:\Program Files (x86)\GameHouse Games Collection\Cubis Gold 2\cubis2.exe
    2015-02-09 23:42 - 2005-01-05 14:47 - 00036864 _____ () C:\Program Files (x86)\GameHouse Games Collection\Cubis Gold 2\cubis2res.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Monica\SkyDrive:ms-properties
    AlternateDataStreams: C:\Users\Monica\Downloads\DropboxInstaller.exe:BDU
    AlternateDataStreams: C:\Users\Monica\Downloads\install_flashplayer17x32au_mssd_aaa_aih.exe:BDU
    AlternateDataStreams: C:\Users\Monica\Downloads\md64-win-mp240-1_02-ej.exe:BDU
    AlternateDataStreams: C:\Users\Monica\Downloads\mpnx_2_0-win-2_05-ea23_2.exe:BDU
    AlternateDataStreams: C:\Users\Monica\Downloads\Shockwave_Installer_Slim(1).exe:BDU
    AlternateDataStreams: C:\Users\Monica\Downloads\Shockwave_Installer_Slim.exe:BDU

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.0.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: fhsvc => 3
    MSCONFIG\Services: swprv => 2
    MSCONFIG\Services: VSS => 2
    MSCONFIG\Services: WPCSvc => 3
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\StartupApproved\Run: => "ApowersoftScreenCapture"
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\StartupApproved\Run: => "GmailNotifierPro"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{B8D74365-A030-44F4-AB73-1480C864CFB6}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    FirewallRules: [{A1C14F7F-E464-4B2D-BE86-68ABC18692C7}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
    FirewallRules: [{8943CA2D-B251-4136-9FAC-E20BCC5F8A06}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
    FirewallRules: [{50ED3F80-DC8F-4C15-9C79-9EE43C1A4DD9}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
    FirewallRules: [{2C498563-9271-497B-BF21-60D2BA77CED0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{49061BC2-EF6A-40C5-B70A-F35CB4DF2D6D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{FE3F5A85-EBB9-49ED-8358-07665742CFEE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{698145CF-F707-46C5-9AA1-3D019538985A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{3E0BAD63-6BD7-4B9D-8D71-8354BB486782}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{52C1962E-C00A-4EBC-B4F6-0793511A3218}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{B9118846-7ABC-4F3C-9255-CA45C2FA26F6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{04501231-1A7D-4A14-93F6-7639571F42AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{5B9FB83D-F79C-4B48-A450-7C39D9422659}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{1467B84E-A83D-437E-A379-4CAD77B85857}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{678E64CE-3C97-401F-ADBD-7510E088100B}] => (Allow) LPort=2869
    FirewallRules: [{4F3094BC-5FB2-4176-ADC4-1B1E291745BF}] => (Allow) LPort=1900
    FirewallRules: [{8CC2F4ED-5651-4378-B752-05C974BCDA68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{38728DCF-CDA5-45FC-8998-F6489ADC88FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{E099D64F-C7D0-4E24-B18A-AA340B36D37D}] => (Allow) C:\windows\system32\mstsc.exe
    FirewallRules: [{A2EE38C1-9224-4CF5-94DE-E0A0AB75D4E8}] => (Allow) C:\windows\system32\mstsc.exe
    FirewallRules: [{C0DD09B2-92B9-48CB-86C5-2D99DEFE57DD}] => (Allow) C:\windows\system32\mstsc.exe
    FirewallRules: [{EBAE1002-72F4-4109-AF89-B99FE203C631}] => (Allow) C:\windows\system32\mstsc.exe
    FirewallRules: [{81AA45C0-03E3-4BB2-BAF5-26B024FC6225}] => (Allow) LPort=139
    FirewallRules: [{8F4690A3-53DC-4D98-A647-0FBFF00892EC}] => (Allow) %systemroot%\system32\alg.exe
    FirewallRules: [TCP Query User{13E0FD47-B1EC-4DE6-B46F-CE898F6F112A}C:\program files (x86)\photobie\photobie.exe] => (Block) C:\program files (x86)\photobie\photobie.exe
    FirewallRules: [UDP Query User{4C397365-32E4-4778-9744-7D82FBEF27D9}C:\program files (x86)\photobie\photobie.exe] => (Block) C:\program files (x86)\photobie\photobie.exe
    FirewallRules: [{A39BB7C9-31F0-4EF9-9FA0-D4FA4B55DDBF}] => (Allow) C:\Program Files\Vuze\Azureus.exe
    FirewallRules: [{9A6CEB10-0347-4043-A078-E9D7C07E233D}] => (Allow) C:\Program Files\Vuze\Azureus.exe
    FirewallRules: [TCP Query User{7F391B22-10E2-4D2C-BB7D-DB10EDE17107}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{654D86B7-0932-4175-A0E4-0CF4C3A71C38}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{EC2F5E38-4AC2-46A7-B40E-8334A5301FB7}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Capture Pro\Apowersoft Screen Capture Pro.exe
    FirewallRules: [{D16C11B3-F7D8-4464-A5B8-72D167157806}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Capture Pro\Apowersoft Screen Capture Pro.exe
    FirewallRules: [{378F57D0-E4E4-4CDE-A08F-4EFA4B71A8FC}] => (Allow) %ProgramFiles% (x86)\GameHouse Games Collection\Flip Words\FlipWords.exe
    FirewallRules: [{F79A9F28-1FED-4DD4-AEAC-9EDC257F1312}] => (Allow) %ProgramFiles% (x86)\GameHouse Games Collection\Holiday Express\Holiday Express.exe
    FirewallRules: [{282377A1-94C1-46A0-B730-6D4A8F40BD74}] => (Allow) %ProgramFiles% (x86)\GameHouse Games Collection\Puzzle Express\PuzzleExpress.exe
    FirewallRules: [TCP Query User{1AD09F6E-1E65-4F03-AB84-F27BC05DB000}C:\program files (x86)\gamehouse games collection\wheel of fortune\wheel of fortune.exe] => (Allow) C:\program files (x86)\gamehouse games collection\wheel of fortune\wheel of fortune.exe
    FirewallRules: [UDP Query User{020D574A-F852-44F5-B6CF-E76DCEC70226}C:\program files (x86)\gamehouse games collection\wheel of fortune\wheel of fortune.exe] => (Allow) C:\program files (x86)\gamehouse games collection\wheel of fortune\wheel of fortune.exe
    FirewallRules: [TCP Query User{40456585-8D10-4C88-86ED-BA01992CC9A4}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
    FirewallRules: [UDP Query User{5689F3BC-DA85-4C0F-AED4-96DB0874CC7E}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
    FirewallRules: [{FA26611A-E355-470E-B4CD-216AE1661AE1}] => (Allow) C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe
    FirewallRules: [{65FF0813-1454-40EC-9769-D810222BEE52}] => (Allow) C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe
    FirewallRules: [{431CAFEB-4E3A-4C18-AE5B-04558D7E4B1E}] => (Allow) C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe
    FirewallRules: [{E6B3BCD2-4187-4A9C-8777-215EABF75A96}] => (Allow) C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe
    FirewallRules: [{FAA9F237-533B-4A22-B503-3DBC56B73BC0}] => (Allow) LPort=139
    FirewallRules: [{38B4CDDC-FB1D-4BC8-886B-FE81AF60E389}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [TCP Query User{69109C08-DB40-4E7B-A76A-E81DD773DA23}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{1C9F5948-9F40-45E9-8DD1-35870E0F79E6}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{06C63FB0-82BD-40CF-A179-DB211B5DF65D}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
    FirewallRules: [{2E8A3D24-3427-43B4-A85E-4D2A22A2BC05}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
    FirewallRules: [{A3A5010D-2DED-4CB5-9D58-09CFCDCD80B3}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
    FirewallRules: [{AFC6AAC5-7B1A-4878-AF91-0A15ADBAD758}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
    FirewallRules: [{95CB3D3D-A24C-40F5-8DD5-5FED765990D6}] => (Allow) LPort=5357
    FirewallRules: [{08A84A43-8677-4757-BC51-1997387D00DF}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{E20AC796-6D02-426D-B66C-68C1BDF31A18}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
    FirewallRules: [{0EF23985-39AF-47AD-A6A8-3C792E430502}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
    FirewallRules: [{6566EF13-6F38-4645-9623-5C4391177214}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
    FirewallRules: [{4EB1A293-1B55-469A-8B31-32D0FD8126FF}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
    FirewallRules: [{9818653F-FDAF-4317-AE18-52C40A62EE2F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{C5A761D0-6F8F-4E5E-B25D-C4355CFDECFE}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{62E02152-70AE-4F1C-9D87-CD2DADD3B7DF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{81996D25-103E-49B7-B6B9-C1BFFDBEC513}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The configuration registry database is corrupt.

    Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

    DETAIL - The configuration registry database is corrupt.
    for C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The configuration registry database is corrupt.

    Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

    DETAIL - The configuration registry database is corrupt.
    for C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (06/25/2015 11:28:16 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4

    Error: (06/25/2015 11:28:13 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: .NETFrameworkC:\windows\system32\mscoree.dll4

    Error: (06/25/2015 11:16:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The configuration registry database is corrupt.

    Error: (06/25/2015 11:16:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

    DETAIL - The configuration registry database is corrupt.
    for C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (06/25/2015 11:16:33 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: Windows cannot load classes registry file.
    DETAIL - The configuration registry database is corrupt.

    Error: (06/25/2015 11:16:33 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

    DETAIL - The configuration registry database is corrupt.
    for C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat


    System errors:
    =============
    Error: (06/25/2015 11:21:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: AD2F1837.HPConnectedPhotopoweredbySnapfish.

    Error: (06/25/2015 11:21:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: AD2F1837.HPFileViewer.

    Error: (06/25/2015 11:21:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: AMZNMobileLLC.KindleforWindows8.

    Error: (06/25/2015 11:21:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.SkypeApp.

    Error: (06/25/2015 11:21:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneVideo.

    Error: (06/25/2015 11:07:16 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Device Setup Manager service hung on starting.

    Error: (06/25/2015 11:06:25 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (06/25/2015 11:06:25 AM) (Source: ipnathlp) (EventID: 1233) (User: )
    Description:

    Error: (06/25/2015 11:06:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Encryption Provider Host Service service terminated with the following error:
    %%1064

    Error: (06/25/2015 11:06:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Interactive Services Detection service terminated with the following error:
    %%1


    Microsoft Office:
    =========================
    Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.

    Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.
    C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.

    Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.
    C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (06/25/2015 11:28:16 AM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4

    Error: (06/25/2015 11:28:13 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: .NETFrameworkC:\windows\system32\mscoree.dll4

    Error: (06/25/2015 11:16:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.

    Error: (06/25/2015 11:16:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.
    C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat

    Error: (06/25/2015 11:16:33 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.

    Error: (06/25/2015 11:16:33 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
    Description: The configuration registry database is corrupt.
    C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat


    CodeIntegrity Errors:
    ===================================
    Date: 2015-06-25 05:15:10.050
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-25 05:14:59.800
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-25 05:14:53.675
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-25 05:14:47.925
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-25 05:14:42.003
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-25 05:14:36.144
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-25 05:14:30.300
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-25 05:14:24.597
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-25 05:14:18.550
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-25 05:14:12.613
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics
    Percentage of memory in use: 21%
    Total physical RAM: 7621.94 MB
    Available physical RAM: 5964.96 MB
    Total Pagefile: 15301.94 MB
    Available Pagefile: 12886.64 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:919.9 GB) (Free:708.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Recovery Image) (Fixed) (Total:10.13 GB) (Free:1.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 0C299522)

    Partition: GPT Partition Type.

    ==================== End of log ============================


    Results of screen317's Security Check version 1.004
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Flash Player 18.0.0.194
    Mozilla Firefox (38.0.5)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    I saw that it were a lot of registry corrupt files . Did these scans fix them all, or I must take another step to do it? I deleted the file in question, and nothing bad happened. Until now I have not had any program with problems. I don't know how to read these results. May you explain to me about their meannings?

    Once again, thank you very very much for all the help that you are giving to me . Before to talk with you, I was looking for troubleshootings because the PC was critically slow, the right click was so long to open windows, or they was freezing the PC, and all the applications that I opened stop working in a few secons. Now, I have gain a little more of responsiveness, and the start up was faster. However, I continue having problems with explorer.exe response, and still the right click is taking a lot of time to react. I hope that with your help I can get back my PC health. I could refresh the system, but I am trying to avoid that as much as I can, because I have a lot of programs that I could not get fully functional if I reinstall them. I have a backup external HDD, but I am recently moved, and yet I could not find it.


  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Is efnnouse.exe a virus?

    Hi, Monka.

    The two tools I had you run are to provide information for me to research and analyze. You aren't expected to understand the information. While I spend some time researching some of the items in the logs, there are two things that you can do.

    1. Uninstall IObit. Based on IOBit's past practices, I wouldn't run it on my computer. See the following for additional information:
    -- IOBit Steals Malwarebytes' Intellectual Property
    -- IOBit’s Denial of Theft Unconvincing
    -- IOBit Theft Conclusion

    2. At least until your computer is restored to good working condition, please uninstall Vuze. P2P programs form a direct conduit on to your computer. They have always been a target of malware writers. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. Use of P2P programs can result in Identity Theft.

    Restart your computer after uninstalling those two programs and let me know when its complete. In the meantime, I'll be further reviewing your logs and will provide additional instructions.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  9. #9

    Re: Is efnnouse.exe a virus?

    Quote Originally Posted by Corrine View Post
    Hi, Monka.

    The two tools I had you run are to provide information for me to research and analyze. You aren't expected to understand the information. While I spend some time researching some of the items in the logs, there are two things that you can do.

    1. Uninstall IObit. Based on IOBit's past practices, I wouldn't run it on my computer. See the following for additional information:
    -- IOBit Steals Malwarebytes' Intellectual Property
    -- IOBit’s Denial of Theft Unconvincing
    -- IOBit Theft Conclusion

    2. At least until your computer is restored to good working condition, please uninstall Vuze. P2P programs form a direct conduit on to your computer. They have always been a target of malware writers. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. Use of P2P programs can result in Identity Theft.

    Restart your computer after uninstalling those two programs and let me know when its complete. In the meantime, I'll be further reviewing your logs and will provide additional instructions.
    --------------------------------------------------------------------------------------------


    I recently deleted all the IOBit programs, as they were being very intrusive. I just leaved the Uninstaller because helps a lot deleting the leftovers. If you know other one that securely clean the leftovers from the registry, I'll happy to use it. By now, I'll delete only Vuze, although I only have it open when I need to download a file, and close it again as soon as I finish, because I know that through the torrents are delivered a lot of viruses.

  10. #10
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Is efnnouse.exe a virus?

    The very issue with registry cleaners, optimizers, etc. is that they do more harm than good. In fact, that is specifically why Malwarebytes is adding them to detection: Registry Cleaners: Digital Snake Oil | Malwarebytes Unpacked. Windows is a closed source system. Developers of registry cleaners do not have the core code of Windows 7 and Windows 8 and are not working on definitive information, but rather they are going on past knowledge and experience. Automatic cleaners will usually have to do some guesswork.

    Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix. Registry cleaners cannot distinguish between good and bad. If you run a registry cleaner, it will delete all those keys which are obsolete and sitting idle; but in reality, those keys may well be needed by some programs or windows at a later time. If you run any other registry cleaner and do not know precisely what you are doing, you will have problems down the road. There are no gains to be had from using a registry cleaner and the risk is great.

    Taking it one4 step further, Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities

    As to Vuze or any P2P program, just because it is only open when you need to download a file does not mean that what you are getting with the file being downloaded isn't infected. Perhaps that is where the mysterious efnnouse.exe came from.

    However, it is your computer, your choice.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  11. #11
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Is efnnouse.exe a virus?

    Ok, now let's move on to the cleanup.

    1. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
    SearchScopes: HKLM -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3AC4.tmp
    2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3A46.tmp
    2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE556.tmp
    2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE4D8.tmp
    2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD8098.tmp
    2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD7FFB.tmp
    2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFB6A.tmp
    2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFAEC.tmp
    2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD9468.tmp
    2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD93DA.tmp
    2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD318C.tmp
    2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD310E.tmp
    2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD47AE.tmp
    2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD4730.tmp
    2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE8DA.tmp
    2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE86B.tmp
    2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8821.tmp
    2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8793.tmp
    2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1B22.tmp
    2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1A85.tmp
    2015-06-02 13:35 - 2015-06-10 11:47 - 00000000 ____D C:\Users\Monica\Crack
    2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBAA8.tmp
    2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBA2A.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF238.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE9A6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE18B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDBB6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB349.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8C10.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8084.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET6F55.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4060.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET3432.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET29F0.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET13B4.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF646.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF016.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE57A.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE10C.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETB6FA.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET90BB.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET83F6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET7874.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET442F.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET3755.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET2DC0.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET1784.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETF588.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETEF29.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETE4CC.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETDEB9.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETB64C.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET900D.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET8339.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET76CC.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET4333.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET36B7.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET2CC4.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET16C6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETF5E7.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETEF98.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETE51B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETDF17.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETB69B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET906B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET8397.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET773A.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET43D1.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET3706.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET2D51.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET1725.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF7BE.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF101.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE5C9.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE1D9.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETB759.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET9119.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET8455.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET7A0B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET447F.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET37B4.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET2E2E.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET17E3.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF5C6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF4CB.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF3C0.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEC58.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE2C6.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDCE1.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB4C2.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8DF6.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET81BF.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET733F.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET418B.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET353D.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B2A.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET14EF.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF43E.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETED24.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE334.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDD5F.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB531.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8E94.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET824C.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET73EC.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4209.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET35BB.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B99.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET157C.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETF4EB.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETEE7D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETE3C2.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETDE1B.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETB5CE.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET8F6F.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET82CA.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET7525.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET42B5.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET3649.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET2C46.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET1639.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF313.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEA72.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE238.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDC73.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB416.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8D4A.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8131.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET707F.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET40FD.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET34CF.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2AAC.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET1461.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF81D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF170.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE618.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE237.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETB7A8.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET9168.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET84F2.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET7C7D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET44CE.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET3803.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET2E8D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET1841.tmp
    2015-02-10 23:07 - 2015-02-10 23:07 - 0581824 _____ () C:\ProgramData\1423622981.bdinstall.bin
    2015-04-20 19:41 - 2015-04-20 19:41 - 0324960 _____ () C:\ProgramData\1429573007.bdinstall.bin
    2015-04-20 19:41 - 2015-04-20 19:41 - 0049287 _____ () C:\ProgramData\1429573245.bdinstall.bin
    2015-06-12 15:36 - 2015-06-12 15:36 - 0032667 _____ () C:\ProgramData\1434137700.bdinstall.bin
    C:\Users\Monica\advanced-systemcare-setup.exe
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.


    2. Please download Adware Cleaner by Xplode. Please save it to your desktop!
    • Close all open programs and internet browsers.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Logfile button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  12. #12

    Re: Is efnnouse.exe a virus?

    Quote Originally Posted by Corrine View Post
    Ok, now let's move on to the cleanup.

    1. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.

    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
    SearchScopes: HKLM -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3AC4.tmp
    2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3A46.tmp
    2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE556.tmp
    2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE4D8.tmp
    2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD8098.tmp
    2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD7FFB.tmp
    2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFB6A.tmp
    2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFAEC.tmp
    2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD9468.tmp
    2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD93DA.tmp
    2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD318C.tmp
    2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD310E.tmp
    2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD47AE.tmp
    2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD4730.tmp
    2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE8DA.tmp
    2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE86B.tmp
    2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8821.tmp
    2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8793.tmp
    2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1B22.tmp
    2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1A85.tmp
    2015-06-02 13:35 - 2015-06-10 11:47 - 00000000 ____D C:\Users\Monica\Crack
    2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBAA8.tmp
    2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBA2A.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF238.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE9A6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE18B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDBB6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB349.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8C10.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8084.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET6F55.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4060.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET3432.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET29F0.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET13B4.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF646.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF016.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE57A.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE10C.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETB6FA.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET90BB.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET83F6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET7874.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET442F.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET3755.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET2DC0.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET1784.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETF588.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETEF29.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETE4CC.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETDEB9.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETB64C.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET900D.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET8339.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET76CC.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET4333.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET36B7.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET2CC4.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET16C6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETF5E7.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETEF98.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETE51B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETDF17.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETB69B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET906B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET8397.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET773A.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET43D1.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET3706.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET2D51.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET1725.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF7BE.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF101.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE5C9.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE1D9.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETB759.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET9119.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET8455.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET7A0B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET447F.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET37B4.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET2E2E.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET17E3.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF5C6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF4CB.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF3C0.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEC58.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE2C6.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDCE1.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB4C2.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8DF6.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET81BF.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET733F.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET418B.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET353D.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B2A.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET14EF.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF43E.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETED24.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE334.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDD5F.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB531.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8E94.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET824C.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET73EC.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4209.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET35BB.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B99.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET157C.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETF4EB.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETEE7D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETE3C2.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETDE1B.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETB5CE.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET8F6F.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET82CA.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET7525.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET42B5.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET3649.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET2C46.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET1639.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF313.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEA72.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE238.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDC73.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB416.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8D4A.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8131.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET707F.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET40FD.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET34CF.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2AAC.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET1461.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF81D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF170.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE618.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE237.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETB7A8.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET9168.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET84F2.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET7C7D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET44CE.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET3803.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET2E8D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET1841.tmp
    2015-02-10 23:07 - 2015-02-10 23:07 - 0581824 _____ () C:\ProgramData\1423622981.bdinstall.bin
    2015-04-20 19:41 - 2015-04-20 19:41 - 0324960 _____ () C:\ProgramData\1429573007.bdinstall.bin
    2015-04-20 19:41 - 2015-04-20 19:41 - 0049287 _____ () C:\ProgramData\1429573245.bdinstall.bin
    2015-06-12 15:36 - 2015-06-12 15:36 - 0032667 _____ () C:\ProgramData\1434137700.bdinstall.bin
    C:\Users\Monica\advanced-systemcare-setup.exe
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.



    2. Please download Adware Cleaner by Xplode. Please save it to your desktop!
    • Close all open programs and internet browsers.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Logfile button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
    Here the fixlog. The adclean is going now. Thanks one more.

    Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
    Ran by Monica at 2015-06-26 19:13:45 Run:1
    Running from C:\FRST
    Loaded Profiles: Monica (Available Profiles: Monica)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
    SearchScopes: HKLM -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3AC4.tmp
    2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3A46.tmp
    2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE556.tmp
    2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE4D8.tmp
    2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD8098.tmp
    2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD7FFB.tmp
    2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFB6A.tmp
    2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFAEC.tmp
    2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD9468.tmp
    2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD93DA.tmp
    2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD318C.tmp
    2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD310E.tmp
    2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD47AE.tmp
    2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD4730.tmp
    2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE8DA.tmp
    2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE86B.tmp
    2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8821.tmp
    2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8793.tmp
    2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1B22.tmp
    2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1A85.tmp
    2015-06-02 13:35 - 2015-06-10 11:47 - 00000000 ____D C:\Users\Monica\Crack
    2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBAA8.tmp
    2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBA2A.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF238.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE9A6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE18B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDBB6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB349.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8C10.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8084.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET6F55.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4060.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET3432.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET29F0.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET13B4.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF646.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF016.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE57A.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE10C.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETB6FA.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET90BB.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET83F6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET7874.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET442F.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET3755.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET2DC0.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET1784.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETF588.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETEF29.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETE4CC.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETDEB9.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETB64C.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET900D.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET8339.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET76CC.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET4333.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET36B7.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET2CC4.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET16C6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETF5E7.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETEF98.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETE51B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETDF17.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETB69B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET906B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET8397.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET773A.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET43D1.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET3706.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET2D51.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET1725.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF7BE.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF101.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE5C9.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE1D9.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETB759.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET9119.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET8455.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET7A0B.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET447F.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET37B4.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET2E2E.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET17E3.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF5C6.tmp
    2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF4CB.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF3C0.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEC58.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE2C6.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDCE1.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB4C2.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8DF6.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET81BF.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET733F.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET418B.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET353D.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B2A.tmp
    2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET14EF.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF43E.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETED24.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE334.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDD5F.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB531.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8E94.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET824C.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET73EC.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4209.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET35BB.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B99.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET157C.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETF4EB.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETEE7D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETE3C2.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETDE1B.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETB5CE.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET8F6F.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET82CA.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET7525.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET42B5.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET3649.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET2C46.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET1639.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF313.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEA72.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE238.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDC73.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB416.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8D4A.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8131.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET707F.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET40FD.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET34CF.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2AAC.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET1461.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF81D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF170.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE618.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE237.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETB7A8.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET9168.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET84F2.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET7C7D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET44CE.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET3803.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET2E8D.tmp
    2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET1841.tmp
    2015-02-10 23:07 - 2015-02-10 23:07 - 0581824 _____ () C:\ProgramData\1423622981.bdinstall.bin
    2015-04-20 19:41 - 2015-04-20 19:41 - 0324960 _____ () C:\ProgramData\1429573007.bdinstall.bin
    2015-04-20 19:41 - 2015-04-20 19:41 - 0049287 _____ () C:\ProgramData\1429573245.bdinstall.bin
    2015-06-12 15:36 - 2015-06-12 15:36 - 0032667 _____ () C:\ProgramData\1434137700.bdinstall.bin
    C:\Users\Monica\advanced-systemcare-setup.exe
    EmptyTemp:
    end
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully
    HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully
    HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully
    HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully
    HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully
    HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully
    HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully
    HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully
    HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
    HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B099BF3-C49C-4385-BEFC-99861C7BD332}" => key removed successfully
    HKCR\CLSID\{8B099BF3-C49C-4385-BEFC-99861C7BD332} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
    HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8B099BF3-C49C-4385-BEFC-99861C7BD332}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{8B099BF3-C49C-4385-BEFC-99861C7BD332} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
    "HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B099BF3-C49C-4385-BEFC-99861C7BD332}" => key removed successfully
    HKCR\CLSID\{8B099BF3-C49C-4385-BEFC-99861C7BD332} => key not found.
    "HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
    HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
    C:\windows\system32\OLD3AC4.tmp => moved successfully.
    C:\windows\system32\OLD3A46.tmp => moved successfully.
    C:\windows\system32\OLDE556.tmp => moved successfully.
    C:\windows\system32\OLDE4D8.tmp => moved successfully.
    C:\windows\system32\OLD8098.tmp => moved successfully.
    C:\windows\system32\OLD7FFB.tmp => moved successfully.
    C:\windows\system32\OLDFB6A.tmp => moved successfully.
    C:\windows\system32\OLDFAEC.tmp => moved successfully.
    C:\windows\system32\OLD9468.tmp => moved successfully.
    C:\windows\system32\OLD93DA.tmp => moved successfully.
    C:\windows\system32\OLD318C.tmp => moved successfully.
    C:\windows\system32\OLD310E.tmp => moved successfully.
    C:\windows\system32\OLD47AE.tmp => moved successfully.
    C:\windows\system32\OLD4730.tmp => moved successfully.
    C:\windows\system32\OLDE8DA.tmp => moved successfully.
    C:\windows\system32\OLDE86B.tmp => moved successfully.
    C:\windows\system32\OLD8821.tmp => moved successfully.
    C:\windows\system32\OLD8793.tmp => moved successfully.
    C:\windows\system32\OLD1B22.tmp => moved successfully.
    C:\windows\system32\OLD1A85.tmp => moved successfully.
    C:\Users\Monica\Crack => moved successfully.
    C:\windows\system32\OLDBAA8.tmp => moved successfully.
    C:\windows\system32\OLDBA2A.tmp => moved successfully.
    C:\windows\system32\SETF238.tmp => moved successfully.
    C:\windows\system32\SETE9A6.tmp => moved successfully.
    C:\windows\system32\SETE18B.tmp => moved successfully.
    C:\windows\system32\SETDBB6.tmp => moved successfully.
    C:\windows\system32\SETB349.tmp => moved successfully.
    C:\windows\system32\SET8C10.tmp => moved successfully.
    C:\windows\system32\SET8084.tmp => moved successfully.
    C:\windows\system32\SET6F55.tmp => moved successfully.
    C:\windows\system32\SET4060.tmp => moved successfully.
    C:\windows\system32\SET3432.tmp => moved successfully.
    C:\windows\system32\SET29F0.tmp => moved successfully.
    C:\windows\system32\SET13B4.tmp => moved successfully.
    C:\windows\system32\SETF646.tmp => moved successfully.
    C:\windows\system32\SETF016.tmp => moved successfully.
    C:\windows\system32\SETE57A.tmp => moved successfully.
    C:\windows\system32\SETE10C.tmp => moved successfully.
    C:\windows\system32\SETB6FA.tmp => moved successfully.
    C:\windows\system32\SET90BB.tmp => moved successfully.
    C:\windows\system32\SET83F6.tmp => moved successfully.
    C:\windows\system32\SET7874.tmp => moved successfully.
    C:\windows\system32\SET442F.tmp => moved successfully.
    C:\windows\system32\SET3755.tmp => moved successfully.
    C:\windows\system32\SET2DC0.tmp => moved successfully.
    C:\windows\system32\SET1784.tmp => moved successfully.
    C:\windows\system32\SETF588.tmp => moved successfully.
    C:\windows\system32\SETEF29.tmp => moved successfully.
    C:\windows\system32\SETE4CC.tmp => moved successfully.
    C:\windows\system32\SETDEB9.tmp => moved successfully.
    C:\windows\system32\SETB64C.tmp => moved successfully.
    C:\windows\system32\SET900D.tmp => moved successfully.
    C:\windows\system32\SET8339.tmp => moved successfully.
    C:\windows\system32\SET76CC.tmp => moved successfully.
    C:\windows\system32\SET4333.tmp => moved successfully.
    C:\windows\system32\SET36B7.tmp => moved successfully.
    C:\windows\system32\SET2CC4.tmp => moved successfully.
    C:\windows\system32\SET16C6.tmp => moved successfully.
    C:\windows\system32\SETF5E7.tmp => moved successfully.
    C:\windows\system32\SETEF98.tmp => moved successfully.
    C:\windows\system32\SETE51B.tmp => moved successfully.
    C:\windows\system32\SETDF17.tmp => moved successfully.
    C:\windows\system32\SETB69B.tmp => moved successfully.
    C:\windows\system32\SET906B.tmp => moved successfully.
    C:\windows\system32\SET8397.tmp => moved successfully.
    C:\windows\system32\SET773A.tmp => moved successfully.
    C:\windows\system32\SET43D1.tmp => moved successfully.
    C:\windows\system32\SET3706.tmp => moved successfully.
    C:\windows\system32\SET2D51.tmp => moved successfully.
    C:\windows\system32\SET1725.tmp => moved successfully.
    C:\windows\system32\SETF7BE.tmp => moved successfully.
    C:\windows\system32\SETF101.tmp => moved successfully.
    C:\windows\system32\SETE5C9.tmp => moved successfully.
    C:\windows\system32\SETE1D9.tmp => moved successfully.
    C:\windows\system32\SETB759.tmp => moved successfully.
    C:\windows\system32\SET9119.tmp => moved successfully.
    C:\windows\system32\SET8455.tmp => moved successfully.
    C:\windows\system32\SET7A0B.tmp => moved successfully.
    C:\windows\system32\SET447F.tmp => moved successfully.
    C:\windows\system32\SET37B4.tmp => moved successfully.
    C:\windows\system32\SET2E2E.tmp => moved successfully.
    C:\windows\system32\SET17E3.tmp => moved successfully.
    C:\windows\system32\OLDF5C6.tmp => moved successfully.
    C:\windows\system32\OLDF4CB.tmp => moved successfully.
    C:\windows\system32\SETF3C0.tmp => moved successfully.
    C:\windows\system32\SETEC58.tmp => moved successfully.
    C:\windows\system32\SETE2C6.tmp => moved successfully.
    C:\windows\system32\SETDCE1.tmp => moved successfully.
    C:\windows\system32\SETB4C2.tmp => moved successfully.
    C:\windows\system32\SET8DF6.tmp => moved successfully.
    C:\windows\system32\SET81BF.tmp => moved successfully.
    C:\windows\system32\SET733F.tmp => moved successfully.
    C:\windows\system32\SET418B.tmp => moved successfully.
    C:\windows\system32\SET353D.tmp => moved successfully.
    C:\windows\system32\SET2B2A.tmp => moved successfully.
    C:\windows\system32\SET14EF.tmp => moved successfully.
    C:\windows\system32\SETF43E.tmp => moved successfully.
    C:\windows\system32\SETED24.tmp => moved successfully.
    C:\windows\system32\SETE334.tmp => moved successfully.
    C:\windows\system32\SETDD5F.tmp => moved successfully.
    C:\windows\system32\SETB531.tmp => moved successfully.
    C:\windows\system32\SET8E94.tmp => moved successfully.
    C:\windows\system32\SET824C.tmp => moved successfully.
    C:\windows\system32\SET73EC.tmp => moved successfully.
    C:\windows\system32\SET4209.tmp => moved successfully.
    C:\windows\system32\SET35BB.tmp => moved successfully.
    C:\windows\system32\SET2B99.tmp => moved successfully.
    C:\windows\system32\SET157C.tmp => moved successfully.
    C:\windows\system32\SETF4EB.tmp => moved successfully.
    C:\windows\system32\SETEE7D.tmp => moved successfully.
    C:\windows\system32\SETE3C2.tmp => moved successfully.
    C:\windows\system32\SETDE1B.tmp => moved successfully.
    C:\windows\system32\SETB5CE.tmp => moved successfully.
    C:\windows\system32\SET8F6F.tmp => moved successfully.
    C:\windows\system32\SET82CA.tmp => moved successfully.
    C:\windows\system32\SET7525.tmp => moved successfully.
    C:\windows\system32\SET42B5.tmp => moved successfully.
    C:\windows\system32\SET3649.tmp => moved successfully.
    C:\windows\system32\SET2C46.tmp => moved successfully.
    C:\windows\system32\SET1639.tmp => moved successfully.
    C:\windows\system32\SETF313.tmp => moved successfully.
    C:\windows\system32\SETEA72.tmp => moved successfully.
    C:\windows\system32\SETE238.tmp => moved successfully.
    C:\windows\system32\SETDC73.tmp => moved successfully.
    C:\windows\system32\SETB416.tmp => moved successfully.
    C:\windows\system32\SET8D4A.tmp => moved successfully.
    C:\windows\system32\SET8131.tmp => moved successfully.
    C:\windows\system32\SET707F.tmp => moved successfully.
    C:\windows\system32\SET40FD.tmp => moved successfully.
    C:\windows\system32\SET34CF.tmp => moved successfully.
    C:\windows\system32\SET2AAC.tmp => moved successfully.
    C:\windows\system32\SET1461.tmp => moved successfully.
    C:\windows\system32\SETF81D.tmp => moved successfully.
    C:\windows\system32\SETF170.tmp => moved successfully.
    C:\windows\system32\SETE618.tmp => moved successfully.
    C:\windows\system32\SETE237.tmp => moved successfully.
    C:\windows\system32\SETB7A8.tmp => moved successfully.
    C:\windows\system32\SET9168.tmp => moved successfully.
    C:\windows\system32\SET84F2.tmp => moved successfully.
    C:\windows\system32\SET7C7D.tmp => moved successfully.
    C:\windows\system32\SET44CE.tmp => moved successfully.
    C:\windows\system32\SET3803.tmp => moved successfully.
    C:\windows\system32\SET2E8D.tmp => moved successfully.
    C:\windows\system32\SET1841.tmp => moved successfully.
    C:\ProgramData\1423622981.bdinstall.bin => moved successfully.
    C:\ProgramData\1429573007.bdinstall.bin => moved successfully.
    C:\ProgramData\1429573245.bdinstall.bin => moved successfully.
    C:\ProgramData\1434137700.bdinstall.bin => moved successfully.
    "C:\Users\Monica\advanced-systemcare-setup.exe" => File/Folder not found.
    EmptyTemp: => 1.9 GB temporary data Removed.


    The system needed a reboot..

    ==== End of Fixlog 19:31:35 ====


  13. #13

    Re: Is efnnouse.exe a virus?

    This is the adclean logfile:

    # AdwCleaner v4.207 - Logfile created 26/06/2015 at 19:56:41
    # Updated 21/06/2015 by Xplode
    # Database : 2015-06-23.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Monica - KENNY
    # Running from : C:\Users\Monica\Desktop\adwcleaner_4.207.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\user.js
    Folder Found : C:\Program Files (x86)\Scrabble Plus
    Folder Found : C:\Program Files (x86)\Video Converter
    Folder Found : C:\ProgramData\EmailNotifier
    Folder Found : C:\ProgramData\Trymedia
    Folder Found : C:\Users\Monica\AppData\Local\PackageAware
    Folder Found : C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
    Folder Found : C:\Users\Monica\AppData\Roaming\Scrabble Plus
    Folder Found : C:\Users\Public\Documents\iWin

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\Email Notifier
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter
    Key Found : HKLM\SOFTWARE\Trymedia Systems
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17840


    -\\ Mozilla Firefox v38.0.5 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [1634 bytes] - [26/06/2015 19:56:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1693 bytes] ##########

    Email Notifier is a Gmail process, that I think I will delete, because I really don't use it. I would like to know why is the Video Converter considered as an adware file. Scrableplus is one of my preferred games. I will not proceed with the deletion until you check it.

  14. #14
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Is efnnouse.exe a virus?

    Hi, Monka.

    The most recent results of detections of Video Converter are at VirusTotal. This is largely due to the inclusion of Conduit adware. If you wish to keep it, we can handle that. Just let me know.

    We can check Scrabble Plus further. Please download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe

    Important: Save it to your desktop.
    • Double-click CKScanner.exe (Right-click and select "Run as administrator" in Windows Vista/Windows 7).
    • Give permission if necessary, and click Search For Files.
    • After a very short time, when the cursor hour glass disappears, click Save List To File.
    • A message box will verify the file saved. Please run the program once only.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  15. #15

    Re: Is efnnouse.exe a virus?

    Quote Originally Posted by Corrine View Post
    Hi, Monka.

    The most recent results of detections of Video Converter are at VirusTotal. This is largely due to the inclusion of Conduit adware. If you wish to keep it, we can handle that. Just let me know.

    We can check Scrabble Plus further. Please download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe

    Important: Save it to your desktop.
    • Double-click CKScanner.exe (Right-click and select "Run as administrator" in Windows Vista/Windows 7).
    • Give permission if necessary, and click Search For Files.
    • After a very short time, when the cursor hour glass disappears, click Save List To File.
    • A message box will verify the file saved. Please run the program once only.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    No it's fine. I will delete it. I was just curious. I will run the next scan now.

  16. #16

    Re: Is efnnouse.exe a virus?

    Ad removal log:

    # AdwCleaner v4.207 - Logfile created 26/06/2015 at 22:24:32
    # Updated 21/06/2015 by Xplode
    # Database : 2015-06-23.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Monica - KENNY
    # Running from : C:\Users\Monica\Desktop\adwcleaner_4.207.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\ProgramData\EmailNotifier
    Folder Deleted : C:\Users\Public\Documents\iWin
    Folder Deleted : C:\Program Files (x86)\Video Converter
    [x] Not Deleted : C:\Program Files (x86)\Scrabble Plus
    Folder Deleted : C:\Users\Monica\AppData\Local\PackageAware
    [x] Not Deleted : C:\Users\Monica\AppData\Roaming\Scrabble Plus
    Folder Deleted : C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
    File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\user.js

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\Email Notifier
    Key Deleted : HKLM\SOFTWARE\Trymedia Systems
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17840


    -\\ Mozilla Firefox v38.0.5 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [1776 bytes] - [26/06/2015 19:56:41]
    AdwCleaner[S0].txt - [1731 bytes] - [26/06/2015 22:24:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1790 bytes] ##########

    The PC is responding so much well. The right click on the desktop is faster, and also the opening of programs. However, I continue having issues with stop responding of applications and files at their opening, as well as the right click in Firefox, that make it unresponsive for a while before to open the popup window. I'll run the new scanner now.

  17. #17

    Re: Is efnnouse.exe a virus?

    I can't open the CKScanner because become unresponsive when I click to start the search.

  18. #18

    Re: Is efnnouse.exe a virus?

    Corrine, I can't run the CKScanner because become unresponsive at opening.

  19. #19
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,715

    Re: Is efnnouse.exe a virus?

    Hi, Monka.

    CKScanner was for something else. It won't help with the issues with stop responding of applications. You can delete it from your desktop.

    1. Let's see if JRT picks up anything else. Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    2. Regarding the issue with applications responding, there are a number of corruptions listed in your log. Please perform a SFC (System File Checker) scan which will check and attempt to fix any corrupted files on your system.
    • Since you have Windows 8.1, from the desktop, right-click the Windows logo in the bottom-left corner and select Command Prompt (Admin).
    • At the command prompt, type the following line, and then press ENTER: sfc /scannow (note the space before the slash)
    • When the scan is complete, if no errors are found, restart your computer and post back
    • Please let me know in your next reply if the message does not say "Windows resource protection did not find any integrity violations".


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  20. #20

    Re: Is efnnouse.exe a virus?

    Quote Originally Posted by Corrine View Post
    Hi, Monka.

    CKScanner was for something else. It won't help with the issues with stop responding of applications. You can delete it from your desktop.

    1. Let's see if JRT picks up anything else. Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    2. Regarding the issue with applications responding, there are a number of corruptions listed in your log. Please perform a SFC (System File Checker) scan which will check and attempt to fix any corrupted files on your system.
    • Since you have Windows 8.1, from the desktop, right-click the Windows logo in the bottom-left corner and select Command Prompt (Admin).
    • At the command prompt, type the following line, and then press ENTER: sfc /scannow (note the space before the slash)
    • When the scan is complete, if no errors are found, restart your computer and post back
    • Please let me know in your next reply if the message does not say "Windows resource protection did not find any integrity violations".
    Here is the JRT results:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.1.9 (06.27.2015:2)
    OS: Windows 8.1 x64
    Ran by Monica on Sat 06/27/2015 at 11:48:59.99
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Failed to delete: [Task] C:\windows\system32\tasks\Uninstaller_SkipUac_Monica
    Successfully deleted: [Task] C:\windows\tasks\Uninstaller_SkipUac_Monica.job



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] C:\ProgramData\productdata
    Successfully deleted: [Folder] C:\Users\Monica\AppData\Roaming\productdata
    Successfully deleted: [Folder] C:\Users\Monica\AppData\Roaming\software informer



    ~~~ FireFox






    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 06/27/2015 at 12:50:59.24
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    I will run SFC again to see if after all of these fixing is working now. I did it about 3 times a few days ago and the result were always the same: SFC encountered corrupt files, but couldn't repair it. Lets see how goes now.

Page 1 of 5 12345 Last

Similar Threads

  1. Need Some Help w/ Virus or Rootkit
    By Fred Garvin in forum Security Arena
    Replies: 5
    Last Post: 12-17-2014, 10:12 AM
  2. Corrupt Files After Virus
    By Brick in forum Windows Update
    Replies: 36
    Last Post: 10-30-2013, 02:06 PM
  3. possible virus
    By Ajalon in forum Security Arena
    Replies: 16
    Last Post: 08-05-2013, 09:46 AM
  4. Issue possible virus
    By Ajalon in forum General Help & Information
    Replies: 2
    Last Post: 07-16-2013, 08:45 AM
  5. When I say 'virus,' you know exactly what I mean
    By JMH in forum News You Can Use
    Replies: 0
    Last Post: 05-11-2012, 05:24 AM

Log in

Log in