[SOLVED] Is efnnouse.exe a virus?

M

MONKA

Well-known member
Joined
Jun 16, 2015
Posts
56
Hey friends,

Today I found a start up program located in C:\Program Data\Osoluwsieak\1.0.1.0\efnnouse.exe, which is running in the background and was installed on the 15 of this month. I have tried to get information about it, and it's unknown everywhere. I am trying to check it with Malwarebytes, but the process in desperately slow. I would like to know if someone here has seen this file before, and can tell me from where it comes, or if it's a new virus. :huh:
 
Hi, Monka.

Nothing comes up in my search efforts either. Do you have any programs installed named "Osoluwsieak" When I tried translating the name it showed as Arabic.

Let's try a couple online scans of the file.

1. Please go to Jotti: Jotti's malware scan

Upload the filepath shown below into the "File to upload & scan" box at the upper left:

C:\Program Data\Osoluwsieak\1.0.1.0\efnnouse.exe

2. Please upload the same file at VirusTotal: VirusTotal - Free Online Virus, Malware and URL Scanner

In the "Upload a file", browse to the file path above and upload the file.

Please provide the results from both Jotti and VirusTotal in your reply.
 
Thanks for your cooperation. Both scans gave the this result:


Really, I don't know for what is or how I got that program. I found it looking at Task Schedule to figure out why my PC start by herself after I made all the tasks to start only when I am log in. It immediately called my attention, because the action showed the start up of this file: "C:\ProgramData\Osoluwsieak\1.0.1.0\efnnouse.exe" "/e=L3A9MjMyMDAxXi91PTYyNGM2ZmU1YmY4ZTQxM2ViYjgxMzA2YjRjZGFmYzk2Xi9kPXdlYnNoaWVsZG9ubGluZS5jb21eL249V0VCU14vYT1XZWJTaGllbGReL3Q="
When I checked my programs, I verified that the file only exist in ProgramData, and it's composed only by two files: efnnouse.exe, and sqlite3.dll. Now I don't know what to do. What would you do in this case?
 
Sorry I copied the images directly, and they didn't go through. I will do it differently now:


Jotti.jpg

VirusTotal.jpg


Hope this helps.
 
Hi, Monka.

Personally, I would create a System Restore point and then go ahead and delete the file. That said, I would be happy to review logs to see if there is something else that needs to be done, particularly since you do not know where it came from. The instructions are here: Malware Removal Posting Instructions.
 
Since I see you're reading the forum now, rather than editing my post, I'll add: If you decide to post the logs, which I recommend you do, I'll look at them tomorrow since I'll be shutting down for the night.

Have a good evening.
 
Hi Corrine,

I followed your instructions and here are the tests' results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Monica (administrator) on KENNY on 25-06-2015 11:17:34
Running from C:\Users\Monica\Downloads\Programs
Loaded Profiles: Monica (Available Profiles: Monica)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(OrdinarySoft) C:\Program Files\Start Menu X\StartMenuX.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files X86\Mind of Winner\Subliminal Messages\SubliminalMessages.exe
() C:\SB\SB4\SB4.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7205592 2013-11-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [EMET 4.1 Update 1 Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [88272 2014-05-28] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3903056 2015-05-20] (Tonec Inc.)
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [GmailNotifierPro] => C:\Users\Monica\Downloads\Compressed\GmailNotifierPro\GmailNotifierPro\GmailNotifierPro.exe [2871616 2015-01-04] (IntelliBreeze Software)
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1905032 2015-04-28] (TomTom)
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [SubliminalMessages] => C:\Program Files X86\Mind of Winner\Subliminal Messages\SubliminalMessages.exe [984576 2015-06-18] ()
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [Subliminal Blaster 4] => C:\SB\SB4\SB4.exe [7244800 2013-08-18] ()
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [StartMenuX] => C:\Program Files\Start Menu X\StartMenuX.exe [7821120 2015-06-10] (OrdinarySoft)
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar446.lnk [2015-06-25]
ShortcutTarget: Sidebar446.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
SearchScopes: HKLM -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-04-01] (IObit)
BHO: Total Defense Anti-Phishing Toolbar Helper -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Total Defense Anti-Phishing Toolbar Helper -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll No File
Toolbar: HKLM-x32 - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll No File
Toolbar: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Hosts: 127.0.0.1 lm.auslogics.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Keyword.URL: https://duckduckgo.com/?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF user.js: detected! => C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\user.js [2015-06-02]
FF Extension: EverSync - Sync bookmarks, backup your favorites. - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\fvdmedia@gmail.com [2015-05-29]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\pavel.sherbakov@gmail.com [2015-05-29]
FF Extension: LastPass - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\support@lastpass.com [2015-05-29]
FF Extension: FireShot - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-06-08]
FF Extension: cliget - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\cliget@zaidabdulla.com.xpi [2015-02-09]
FF Extension: Translate This! - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2015-02-09]
FF Extension: Nimbus Web Clipper - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\nimbusnote@everhelper.me.xpi [2015-03-08]
FF Extension: Personas Plus - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\personas@christopher.beard.xpi [2015-02-09]
FF Extension: Save as PDF - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2015-02-09]
FF Extension: RightToClick - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015-02-09]
FF Extension: Adblock Edge - C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-02-09]
FF HKLM-x32\...\Firefox\Extensions: [caaphishtoolbar@ca.com] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox
FF HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Monica\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Monica\AppData\Roaming\IDM\idmmzcc5 [2015-06-25]
FF HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Monica\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM-x32\...\Chrome\Extension: [hpdpkkpdlooddakbebmkeeegehfjdnih] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\GoogleChrome\td_aphish_toolbar.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-06-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
S3 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
S3 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [48128 2014-07-24] (Microsoft Corporation)
S3 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-15] (Realtek Semiconductor)
S2 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
S3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
S3 athrusb; C:\Windows\system32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-10] (REALiX(tm))
S3 pwftap; C:\Windows\system32\DRIVERS\pwftap.sys [36736 2014-07-24] (The OpenVPN Project)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-01-22] (Realtek Semiconductor Corp.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-25 10:05 - 2015-06-25 11:18 - 00000000 ____D C:\FRST
2015-06-25 07:35 - 2015-06-25 07:35 - 00000485 _____ C:\Users\Monica\Desktop\Administrative Tools - Shortcut.lnk
2015-06-23 11:43 - 2015-06-23 11:43 - 00000921 _____ C:\Users\Public\Desktop\PhotoScissors.lnk
2015-06-23 11:43 - 2015-06-23 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScissors
2015-06-23 11:43 - 2015-06-23 11:43 - 00000000 ____D C:\Program Files\PhotoScissors
2015-06-22 20:55 - 2015-06-22 20:55 - 00000000 ____D C:\Users\Monica\AppData\Local\AMD
2015-06-22 20:52 - 2015-06-22 20:52 - 00000000 ____D C:\Users\Monica\AppData\Local\AppEx Networks
2015-06-22 20:46 - 2015-06-22 20:46 - 00000000 ____D C:\ProgramData\ATI
2015-06-22 20:45 - 2015-06-22 20:45 - 00000000 ____D C:\Users\Monica\AppData\Roaming\library_dir
2015-06-22 20:40 - 2015-06-22 20:42 - 00000000 ____D C:\Program Files\AMD Quick Stream
2015-06-22 20:40 - 2015-06-22 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2015-06-22 20:40 - 2015-06-22 20:40 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2015-06-22 20:40 - 2015-04-03 01:14 - 00229056 _____ (AppEx Networks Corporation) C:\windows\system32\Drivers\appexDrv.sys
2015-06-22 20:39 - 2015-06-22 20:39 - 00058610 _____ C:\windows\SysWOW64\CCCInstall_201506222039423244.log
2015-06-22 20:38 - 2015-06-22 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-06-22 20:25 - 2015-06-22 20:25 - 00000000 ____D C:\Program Files (x86)\AMD
2015-06-22 20:07 - 2015-06-22 20:07 - 00000000 ____D C:\AMD
2015-06-22 19:18 - 2015-06-22 19:18 - 00280600 _____ C:\windows\Minidump\062215-46734-01.dmp
2015-06-21 21:32 - 2015-06-21 22:26 - 00000972 ____N C:\windows\DtcInstall.log
2015-06-21 20:40 - 2015-06-21 20:55 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-06-21 20:40 - 2015-06-21 20:49 - 00000000 ____D C:\windows\system32\appraiser
2015-06-21 20:39 - 2015-06-21 20:48 - 00000000 ___SD C:\windows\system32\CompatTel
2015-06-21 12:30 - 2015-06-21 12:30 - 00001836 _____ C:\Users\Monica\Desktop\www_primalbeautysecrets_com.pdf - Shortcut.lnk
2015-06-21 12:07 - 2015-06-21 12:08 - 27155924 _____ C:\Users\Monica\Downloads\Windows8.1-KB2962409-x86.msu
2015-06-20 18:46 - 2015-06-20 18:46 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-06-20 10:23 - 2015-06-20 10:23 - 00051200 _____ C:\windows\system32\kdbsdk64.dll
2015-06-20 10:18 - 2015-06-20 10:18 - 00038912 _____ C:\windows\SysWOW64\kdbsdk32.dll
2015-06-19 16:36 - 2015-06-19 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu X
2015-06-19 16:35 - 2015-06-19 16:36 - 00000000 ____D C:\Users\Monica\AppData\Roaming\StartMenuX
2015-06-19 16:35 - 2015-06-19 16:36 - 00000000 ____D C:\Program Files\Start Menu X
2015-06-19 16:35 - 2015-06-19 16:35 - 00000000 ____D C:\ProgramData\StartMenuX
2015-06-19 11:13 - 2015-06-19 11:14 - 00468376 _____ C:\windows\Minidump\061915-51593-01.dmp
2015-06-18 23:20 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-06-18 23:20 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\WiFiDisplay.dll
2015-06-18 23:14 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\windows\system32\GeofenceMonitorService.dll
2015-06-18 23:14 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\GeofenceMonitorService.dll
2015-06-18 23:04 - 2015-05-15 18:01 - 00133288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-06-18 23:04 - 2015-05-15 17:05 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-06-18 23:04 - 2015-05-15 16:47 - 00355328 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-06-18 23:04 - 2015-05-15 15:42 - 03682304 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-06-18 23:04 - 2015-05-15 15:32 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-06-18 23:04 - 2015-05-15 15:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-06-18 23:04 - 2015-05-15 15:28 - 02223104 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-06-18 23:04 - 2015-05-15 15:28 - 00408064 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-06-18 23:04 - 2015-05-15 15:28 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-06-18 23:04 - 2015-05-15 15:27 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-06-18 23:04 - 2015-05-15 15:21 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-06-18 23:04 - 2015-05-15 15:21 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-06-18 23:04 - 2015-05-15 15:19 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-06-18 23:04 - 2015-05-15 15:19 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-06-18 23:03 - 2015-05-15 16:23 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-06-18 22:47 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-06-18 22:47 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2015-06-18 22:47 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-06-18 22:47 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2015-06-18 22:19 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023x.sys
2015-06-18 22:19 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2015-06-18 22:19 - 2015-04-23 13:01 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rndismpx.sys
2015-06-18 22:15 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-18 22:15 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-06-18 22:15 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2015-06-18 22:15 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2015-06-18 22:06 - 2015-05-11 20:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-06-18 22:06 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\windows\system32\fhcpl.dll
2015-06-18 22:04 - 2015-04-30 21:13 - 06521800 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2015-06-18 22:04 - 2015-04-30 21:13 - 01488000 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-06-18 22:04 - 2015-04-30 21:13 - 00261376 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2015-06-18 21:49 - 2015-04-28 09:13 - 00513480 _____ C:\windows\SysWOW64\locale.nls
2015-06-18 21:49 - 2015-04-28 09:13 - 00513480 _____ C:\windows\system32\locale.nls
2015-06-18 21:43 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-06-18 21:43 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2015-06-18 21:39 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-06-18 21:29 - 2015-05-01 19:33 - 00410739 _____ C:\windows\system32\ApnDatabase.xml
2015-06-18 21:28 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2015-06-18 21:21 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\windows\system32\Windows.Data.Pdf.dll
2015-06-18 21:20 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Data.Pdf.dll
2015-06-18 20:03 - 2015-06-18 20:03 - 00000000 ____D C:\Users\Monica\AppData\Roaming\SUBLASTER
2015-06-18 20:03 - 2015-06-18 20:03 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subliminal Blaster 4
2015-06-18 20:03 - 2015-06-18 20:03 - 00000000 ____D C:\SB
2015-06-18 19:32 - 2015-06-18 19:32 - 00000000 ____D C:\Users\Monica\AppData\Local\Mind of a Winner
2015-06-18 19:30 - 2015-06-18 19:30 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subliminal Messages
2015-06-18 19:30 - 2015-06-18 19:30 - 00000000 ____D C:\Program Files X86
2015-06-18 17:56 - 2015-06-18 17:56 - 00003432 _____ C:\bootsqm.dat
2015-06-18 13:17 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-06-18 13:17 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-06-18 13:17 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-06-18 13:17 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-06-18 13:17 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-06-18 13:17 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-06-18 13:17 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-06-18 13:17 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-06-18 13:15 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-06-18 13:15 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-06-18 13:15 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-06-18 13:15 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-06-18 13:15 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-06-18 13:15 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-06-18 13:15 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-06-18 13:15 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-06-18 13:15 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-06-18 13:15 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-06-18 13:15 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-06-18 13:15 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-06-18 13:15 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-06-18 13:15 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-06-18 13:15 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-06-18 13:15 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-06-18 13:15 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-06-18 13:15 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-06-18 13:15 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-06-18 13:15 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-06-18 13:15 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-06-18 13:15 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-06-18 13:15 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-06-18 13:15 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-06-18 13:15 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-06-18 13:15 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-06-18 13:15 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-06-18 13:15 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-06-18 13:15 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-06-18 13:15 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-06-18 13:15 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-06-18 13:14 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-06-18 13:14 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-06-18 13:14 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-06-18 13:14 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-06-18 13:14 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-06-18 13:14 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-06-18 13:14 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-06-18 13:14 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-06-18 13:14 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-06-18 13:13 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-06-18 13:12 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-06-18 13:12 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-06-18 13:06 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-06-18 13:06 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-06-17 20:05 - 2015-06-17 20:05 - 00000000 ____D C:\windows\SysWOW64\RTCOM
2015-06-17 20:03 - 2013-11-05 18:48 - 03710552 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2015-06-17 20:03 - 2013-11-03 09:11 - 02587864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO64.dll
2015-06-17 20:03 - 2013-10-27 15:29 - 01021656 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
2015-06-17 20:03 - 2013-10-08 18:12 - 02103040 _____ (Waves Audio Ltd.) C:\windows\system32\WavesGUILib64.dll
2015-06-17 20:03 - 2013-10-06 09:05 - 02810072 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
2015-06-17 20:03 - 2013-04-23 15:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
2015-06-17 20:03 - 2011-12-19 13:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtlCPAPI64.dll
2015-06-17 20:03 - 2011-11-21 14:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoLDR64.dll
2015-06-17 20:03 - 2011-09-01 12:21 - 00221024 _____ (Synopsys, Inc.) C:\windows\system32\SFNHK64.dll
2015-06-17 20:03 - 2011-09-01 12:21 - 00081248 _____ (Synopsys, Inc.) C:\windows\system32\SFCOM64.dll
2015-06-17 20:03 - 2011-09-01 12:21 - 00078688 _____ (Synopsys, Inc.) C:\windows\system32\SFAPO64.dll
2015-06-17 20:03 - 2010-11-07 05:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP64A.dll
2015-06-17 20:03 - 2010-11-07 05:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL64A.dll
2015-06-17 20:03 - 2010-11-02 16:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll
2015-06-17 20:03 - 2010-07-21 14:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\SysWOW64\SFCOM.dll
2015-06-17 20:03 - 2010-07-10 19:28 - 00180048 _____ (Sonic Focus, Inc.) C:\windows\system32\SFProc64.dll
2015-06-17 20:03 - 2010-07-10 19:28 - 00086352 _____ (Sonic Focus, Inc.) C:\windows\system32\SFComm64.dll
2015-06-17 20:03 - 2010-07-10 19:28 - 00083792 _____ (Sonic Focus, Inc.) C:\windows\system32\SFSAPO64.dll
2015-06-17 20:03 - 2010-07-10 19:28 - 00082768 _____ (Sonic Focus, Inc.) C:\windows\system32\SFHAPO64.dll
2015-06-17 20:03 - 2010-07-10 19:28 - 00082768 _____ (Sonic Focus, Inc.) C:\windows\system32\SFDAPO64.dll
2015-06-17 20:03 - 2009-11-23 07:55 - 00518896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSX64.dll
2015-06-17 20:03 - 2009-11-23 07:55 - 00211184 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSH64.dll
2015-06-17 20:03 - 2009-11-23 07:55 - 00198896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSHP64.dll
2015-06-17 20:03 - 2009-11-23 07:55 - 00155888 _____ (SRS Labs, Inc.) C:\windows\system32\SRSWOW64.dll
2015-06-17 20:02 - 2013-11-05 14:59 - 38747648 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoRes64.dat
2015-06-17 20:02 - 2013-11-05 14:41 - 00682709 _____ C:\windows\system32\Drivers\RTAIODAT.DAT
2015-06-17 20:02 - 2013-11-03 17:26 - 00153304 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll
2015-06-17 20:02 - 2013-10-17 14:41 - 01286360 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
2015-06-17 20:02 - 2013-10-01 15:10 - 00617176 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll
2015-06-17 20:02 - 2010-11-07 05:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT64.dll
2015-06-17 20:02 - 2010-11-07 05:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA64.dll
2015-06-17 20:02 - 2010-11-07 05:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED64A.dll
2015-06-17 20:02 - 2010-11-07 05:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG64A.dll
2015-06-17 20:01 - 2013-10-15 01:43 - 00209096 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll
2015-06-17 20:01 - 2013-10-10 10:47 - 00113576 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll
2015-06-17 20:01 - 2013-10-08 18:12 - 02036992 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ64.dll
2015-06-17 20:01 - 2013-10-08 18:12 - 01012992 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPOShell64.dll
2015-06-17 20:01 - 2013-08-04 16:11 - 02743328 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll
2015-06-17 20:01 - 2012-03-07 09:47 - 00108640 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAR64.dll
2015-06-17 20:01 - 2010-09-26 07:34 - 00318808 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO20.dll
2015-06-17 19:46 - 2013-08-15 20:13 - 03859968 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athwbx.sys
2015-06-17 19:24 - 2015-06-17 19:24 - 00000000 ____D C:\Users\Monica\AppData\Roaming\WinBatch
2015-06-17 18:32 - 2013-08-01 14:34 - 00035672 _____ (COMPAL ELECTRONIC INC.) C:\windows\system32\Drivers\LPCFilter.sys
2015-06-17 15:39 - 2015-06-17 15:39 - 00000965 _____ C:\Users\Monica\Desktop\CBS.log - Shortcut.lnk
2015-06-16 15:57 - 2015-06-16 16:11 - 00000000 ____D C:\SFCFix
2015-06-16 13:17 - 2015-06-16 16:11 - 00000000 ____D C:\Users\Monica\AppData\Local\niemiro
2015-06-15 20:40 - 2015-06-22 19:18 - 1435506520 _____ C:\windows\MEMORY.DMP
2015-06-15 20:40 - 2015-06-15 20:41 - 00415712 _____ C:\windows\Minidump\061515-50500-01.dmp
2015-06-15 13:16 - 2015-06-24 19:18 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-15 13:16 - 2015-06-15 13:16 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-15 13:16 - 2015-06-15 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-15 13:15 - 2015-06-15 13:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-15 13:15 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-06-15 13:15 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-06-15 13:15 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-06-15 12:51 - 2015-06-15 12:51 - 00000000 ____D C:\ProgramData\EmailNotifier
2015-06-15 12:48 - 2015-06-15 12:48 - 00000000 ____D C:\Program Files\Malwarebytes
2015-06-15 12:30 - 2015-06-15 12:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-15 12:30 - 2015-06-15 12:30 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Malwarebytes
2015-06-15 11:30 - 2015-06-15 11:30 - 00000000 ____D C:\Program Files\DIFX
2015-06-15 11:29 - 2015-06-17 18:32 - 00004894 _____ C:\windows\DPINST.LOG
2015-06-15 11:29 - 2015-01-22 00:51 - 00301784 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RtsP2Stor.sys
2015-06-15 11:29 - 2014-10-20 04:50 - 00083160 _____ (Realtek Semiconductor.) C:\windows\system32\RtCRX64.dll
2015-06-14 22:54 - 2015-06-14 22:54 - 00000000 ____D C:\ProgramData\BSD
2015-06-14 22:36 - 2015-06-25 11:21 - 02038945 _____ C:\windows\WindowsUpdate.log
2015-06-14 22:35 - 2015-06-25 11:05 - 00004861 _____ C:\windows\setupact.log
2015-06-14 22:35 - 2015-06-14 22:35 - 00000000 _____ C:\windows\setuperr.log
2015-06-14 22:34 - 2015-06-21 21:43 - 00078756 _____ C:\windows\PFRO.log
2015-06-14 22:10 - 2015-06-14 22:10 - 00000000 ____D C:\Users\Monica\AppData\Local\PackageAware
2015-06-14 22:10 - 2014-07-24 07:48 - 00036736 _____ (The OpenVPN Project) C:\windows\system32\Drivers\pwftap.sys
2015-06-14 21:59 - 2015-06-14 21:59 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Auslogics
2015-06-14 21:52 - 2015-06-18 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-06-14 21:52 - 2015-06-18 12:48 - 00000000 ____D C:\Program Files (x86)\Auslogics
2015-06-14 21:42 - 2015-06-14 21:42 - 00001172 _____ C:\Users\Public\Desktop\AusLogics BoostSpeed.lnk
2015-06-14 21:42 - 2015-06-14 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AusLogics BoostSpeed
2015-06-14 21:41 - 2015-06-14 21:42 - 00000000 ____D C:\Program Files (x86)\AusLogics BoostSpeed
2015-06-14 21:20 - 2015-06-14 21:20 - 00028163 _____ C:\Users\Monica\Downloads\Auslogics BoostSpeed Premium 7.9.0 DC 07.05.htm
2015-06-14 19:26 - 2015-06-14 21:57 - 00000000 ____D C:\ProgramData\Auslogics
2015-06-13 21:08 - 2015-06-13 21:08 - 00000000 ____D C:\Users\Monica\AppData\Local\Microsoft_Corporation
2015-06-12 18:22 - 2015-06-12 18:22 - 00002062 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2015-06-12 18:22 - 2015-06-12 18:22 - 00000000 ____D C:\ProgramData\Visan
2015-06-12 18:22 - 2015-06-12 18:22 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-06-12 18:22 - 2015-06-12 18:22 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2015-06-12 18:19 - 2015-06-12 18:19 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-06-12 18:18 - 2015-06-12 18:18 - 00002293 _____ C:\Users\Public\Desktop\HP Officejet 4630 series.lnk
2015-06-12 18:18 - 2015-06-12 18:18 - 00000000 ____D C:\Users\Monica\AppData\Roaming\HpUpdate
2015-06-12 18:18 - 2014-07-21 16:31 - 00763912 _____ (Hewlett-Packard Development Company, LP) C:\windows\system32\HPDiscoPMC611.dll
2015-06-12 18:14 - 2015-06-12 18:14 - 00000000 ____D C:\ProgramData\HP
2015-06-12 18:13 - 2015-06-12 18:20 - 00000000 ____D C:\Program Files (x86)\HP
2015-06-12 18:13 - 2015-06-12 18:13 - 00000000 ____D C:\Program Files\HP
2015-06-12 18:10 - 2015-06-12 18:10 - 00000057 _____ C:\ProgramData\Ament.ini
2015-06-12 17:57 - 2015-06-12 18:22 - 00000000 ____D C:\Users\Monica\AppData\Local\HP
2015-06-12 15:36 - 2015-06-12 15:36 - 00032667 _____ C:\ProgramData\1434137700.bdinstall.bin
2015-06-10 23:11 - 2015-06-10 23:11 - 00001764 _____ C:\Users\Monica\Desktop\Applicant-Checklist.pdf - Shortcut.lnk
2015-06-09 12:36 - 2015-06-09 12:36 - 00000000 ____D C:\ProgramData\ProcessLasso
2015-06-09 12:34 - 2015-06-09 12:34 - 00000000 ____D C:\Users\Monica\AppData\Roaming\ProcessLasso
2015-06-08 22:13 - 2015-06-08 22:13 - 00001975 _____ C:\Users\Monica\Desktop\MV_Tag_and_or_Title_Application.pdf.lnk
2015-06-05 17:31 - 2015-06-05 17:31 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Aspell
2015-06-05 12:18 - 2015-06-05 12:18 - 00001795 _____ C:\Users\Monica\Desktop\2289808_228_20150528_2.pdf - Shortcut.lnk
2015-06-05 12:13 - 2015-06-05 12:13 - 00001631 _____ C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Foxit Advanced PDF Editor.lnk
2015-06-05 12:10 - 2015-06-05 12:10 - 00000000 ____D C:\Program Files\Foxit Software
2015-06-04 22:48 - 2015-06-04 22:48 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Buku Dominoes
2015-06-03 20:03 - 2015-04-20 22:49 - 00333656 _____ (Total Defense, Inc.) C:\windows\system32\isafprod64.dll
2015-06-03 20:03 - 2015-04-20 22:49 - 00268120 _____ (Total Defense, Inc.) C:\windows\SysWOW64\Isafprod.dll
2015-06-03 20:03 - 2015-04-20 22:47 - 00141656 _____ (Computer Associates International, Inc.) C:\windows\system32\Isafeif64.dll
2015-06-03 20:03 - 2015-04-20 22:47 - 00128856 _____ (Computer Associates International, Inc.) C:\windows\SysWOW64\Isafeif.dll
2015-06-03 20:03 - 2015-04-20 22:47 - 00104280 _____ (Computer Associates International, Inc.) C:\windows\system32\Vetredir64.dll
2015-06-03 20:03 - 2015-04-20 22:47 - 00096088 _____ (Computer Associates International, Inc.) C:\windows\SysWOW64\Vetredir.dll
2015-06-03 19:59 - 2015-06-03 19:59 - 02539576 _____ () C:\windows\SysWOW64\winsflt_x64.dll
2015-06-03 19:59 - 2015-03-05 10:49 - 00292920 _____ C:\windows\SysWOW64\winsfinst_x64.exe
2015-06-03 19:59 - 2015-03-05 10:45 - 03214904 _____ () C:\windows\system32\mdmc3cfa.rra
2015-06-03 19:58 - 2002-01-01 13:02 - 00007440 _____ (Microsoft Corporation) C:\windows\SysWOW64\sporder.dll
2015-06-03 19:57 - 2015-06-03 19:57 - 00000000 ____D C:\Program Files\Total Defense
2015-06-03 19:56 - 2015-06-03 19:56 - 00000000 ____D C:\ProgramData\CA
2015-06-03 19:55 - 2015-06-03 20:04 - 00000000 ____D C:\ProgramData\TotalDefense
2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3AC4.tmp
2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3A46.tmp
2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE556.tmp
2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE4D8.tmp
2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD8098.tmp
2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD7FFB.tmp
2015-06-02 13:56 - 2015-04-16 02:17 - 00325464 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2015-06-02 13:56 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\authz.dll
2015-06-02 13:56 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\authz.dll
2015-06-02 13:56 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-06-02 13:56 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-06-02 13:56 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\rgb9rast.dll
2015-06-02 13:56 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-06-02 13:56 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-06-02 13:56 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-06-02 13:56 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-06-02 13:56 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-06-02 13:56 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-06-02 13:56 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-06-02 13:56 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2015-06-02 13:56 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2015-06-02 13:56 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2015-06-02 13:56 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2015-06-02 13:56 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2015-06-02 13:56 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2015-06-02 13:56 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\compstui.dll
2015-06-02 13:56 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\puiobj.dll
2015-06-02 13:56 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\puiobj.dll
2015-06-02 13:56 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-06-02 13:56 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\rastapi.dll
2015-06-02 13:56 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastapi.dll
2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFB6A.tmp
2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFAEC.tmp
2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD9468.tmp
2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD93DA.tmp
2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD318C.tmp
2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD310E.tmp
2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD47AE.tmp
2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD4730.tmp
2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE8DA.tmp
2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE86B.tmp
2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8821.tmp
2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8793.tmp
2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1B22.tmp
2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1A85.tmp
2015-06-02 13:35 - 2015-06-10 11:47 - 00000000 ____D C:\Users\Monica\Crack
2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBAA8.tmp
2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBA2A.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF238.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE9A6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE18B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDBB6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB349.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8C10.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8084.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET6F55.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4060.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET3432.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET29F0.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET13B4.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF646.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF016.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE57A.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE10C.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETB6FA.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET90BB.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET83F6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET7874.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET442F.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET3755.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET2DC0.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET1784.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETF588.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETEF29.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETE4CC.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETDEB9.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETB64C.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET900D.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET8339.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET76CC.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET4333.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET36B7.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET2CC4.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET16C6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETF5E7.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETEF98.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETE51B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETDF17.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETB69B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET906B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET8397.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET773A.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET43D1.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET3706.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET2D51.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET1725.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF7BE.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF101.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE5C9.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE1D9.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETB759.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET9119.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET8455.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET7A0B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET447F.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET37B4.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET2E2E.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET17E3.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF5C6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF4CB.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF3C0.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEC58.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE2C6.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDCE1.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB4C2.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8DF6.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET81BF.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET733F.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET418B.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET353D.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B2A.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET14EF.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF43E.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETED24.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE334.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDD5F.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB531.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8E94.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET824C.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET73EC.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4209.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET35BB.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B99.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET157C.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETF4EB.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETEE7D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETE3C2.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETDE1B.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETB5CE.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET8F6F.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET82CA.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET7525.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET42B5.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET3649.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET2C46.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET1639.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF313.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEA72.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE238.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDC73.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB416.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8D4A.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8131.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET707F.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET40FD.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET34CF.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2AAC.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET1461.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF81D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF170.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE618.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE237.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETB7A8.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET9168.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET84F2.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET7C7D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET44CE.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET3803.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET2E8D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET1841.tmp
2015-06-02 13:19 - 2015-06-02 13:19 - 00000000 ____D C:\Users\Monica\AppData\Local\GWX
2015-05-31 16:44 - 2015-05-31 16:44 - 00000000 ____D C:\Users\Monica\AppData\Roaming\MagicIndie
2015-05-31 11:25 - 2015-05-31 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pistonsoft Text to Speech Converter
2015-05-31 11:25 - 2015-05-31 11:25 - 00000000 ____D C:\Program Files (x86)\Pistonsoft Text to Speech Converter
2015-05-27 18:56 - 2015-06-25 11:14 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4116287391-1936068046-2123032155-1001
2015-05-27 18:50 - 2015-05-27 18:50 - 00000000 ____D C:\Users\Monica\Documents\Vibosoft files
2015-05-27 18:50 - 2015-05-27 18:50 - 00000000 ____D C:\Users\Monica\Documents\Vibosoft
2015-05-27 18:50 - 2015-05-27 18:50 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Vibosoft
2015-05-27 18:50 - 2015-05-27 18:50 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vibosoft
2015-05-27 18:49 - 2015-05-27 18:49 - 00000000 ____D C:\Program Files (x86)\Vibosoft
2015-05-27 12:08 - 2015-05-27 12:08 - 00000000 ____D C:\ProgramData\FreshGames
2015-05-26 10:50 - 2015-05-27 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
2015-05-26 10:50 - 2015-05-26 10:50 - 00000000 ____D C:\ProgramData\com.gamehouse.acid
2015-05-26 10:46 - 2015-05-27 12:07 - 00000000 ____D C:\Users\Monica\AppData\Local\com.gamehouse.acid

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-25 11:27 - 2015-02-09 23:28 - 00008192 _____ C:\windows\SysWOW64\WDPABKP.dat
2015-06-25 11:21 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness
2015-06-25 11:16 - 2015-02-09 22:34 - 00000000 ____D C:\Users\Monica\AppData\Roaming\DMCache
2015-06-25 11:05 - 2013-08-22 11:36 - 00000000 ____D C:\windows\Registration
2015-06-25 11:05 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-25 11:04 - 2014-03-05 11:56 - 00065536 _____ C:\windows\system32\spu_storage.bin
2015-06-25 11:02 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sru
2015-06-25 11:01 - 2015-02-09 23:36 - 00000000 __RDO C:\Users\Monica\SkyDrive
2015-06-25 11:00 - 2015-02-11 00:52 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-25 09:05 - 2013-08-24 17:38 - 00891984 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-25 09:05 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\NDF
2015-06-24 22:16 - 2015-05-14 19:06 - 00052224 ___SH C:\Users\Monica\Desktop\Thumbs.db
2015-06-24 15:06 - 2013-08-22 11:20 - 00000000 ____D C:\windows\CbsTemp
2015-06-24 06:01 - 2015-02-11 00:52 - 00004176 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 05:44 - 2013-08-22 11:36 - 00000000 ____D C:\windows\rescache
2015-06-24 00:08 - 2015-04-16 18:23 - 00000028 _____ C:\windows\popcinfo.dat
2015-06-23 11:41 - 2015-04-15 10:14 - 00000000 ____D C:\Users\Monica\Desktop\Today App
2015-06-23 11:28 - 2015-02-09 22:34 - 00000000 ____D C:\Users\Monica\Downloads\Compressed
2015-06-22 20:42 - 2015-02-11 20:50 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Hoyle Card Games 2012
2015-06-22 20:40 - 2015-03-30 14:48 - 00000000 ____D C:\ProgramData\AMD
2015-06-22 20:37 - 2015-02-15 00:12 - 00000000 ____D C:\Program Files\AMD
2015-06-22 19:21 - 2015-02-09 20:54 - 00000000 ____D C:\Users\Monica
2015-06-22 19:18 - 2015-03-30 16:22 - 00000000 ____D C:\windows\Minidump
2015-06-21 21:27 - 2013-08-22 10:44 - 00443680 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ToastData
2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-21 21:00 - 2013-08-22 11:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-21 20:56 - 2013-08-22 15:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-21 20:56 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-06-21 20:56 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-06-21 20:56 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-06-21 20:56 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-21 20:56 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-21 20:55 - 2013-08-22 11:36 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2015-06-21 20:55 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\sppui
2015-06-21 20:55 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\setup
2015-06-21 20:55 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\migwiz
2015-06-21 20:55 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\inetsrv
2015-06-21 20:55 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\Com
2015-06-21 20:55 - 2013-08-22 09:36 - 00000000 ____D C:\windows\SysWOW64\oobe
2015-06-21 20:55 - 2013-08-22 09:36 - 00000000 ____D C:\windows\SysWOW64\Dism
2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\WinStore
2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sr-Latn-RS
2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sk-SK
2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\lv-LV
2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\hr-HR
2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\et-EE
2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\en-GB
2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\Com
2015-06-21 20:50 - 2013-08-22 11:36 - 00000000 ____D C:\windows\MediaViewer
2015-06-21 20:50 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\Sysprep
2015-06-21 20:50 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\oobe
2015-06-21 20:49 - 2015-04-07 22:11 - 00000000 ___SD C:\windows\system32\GWX
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\zh-HK
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\WinBioPlugIns
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\uk-UA
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\tr-TR
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\th-TH
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sr-Latn-CS
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sppui
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sl-SI
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\setup
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\ro-RO
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\lt-LT
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\inetsrv
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\he-IL
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\bg-BG
2015-06-21 20:49 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\ar-SA
2015-06-21 20:49 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-06-21 20:48 - 2013-08-22 11:36 - 00000000 ___SD C:\windows\system32\dsc
2015-06-21 20:48 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\SystemResetPlatform
2015-06-21 20:48 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\migwiz
2015-06-21 20:48 - 2013-08-22 09:36 - 00000000 ____D C:\windows\system32\Dism
2015-06-21 20:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\PolicyDefinitions
2015-06-21 20:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\IME
2015-06-21 20:42 - 2013-08-22 11:36 - 00000000 ____D C:\windows\FileManager
2015-06-21 20:42 - 2013-08-22 09:36 - 00000000 ____D C:\windows\servicing
2015-06-21 20:41 - 2013-08-22 11:36 - 00000000 ____D C:\windows\Camera
2015-06-21 20:41 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-06-21 20:41 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-06-21 20:41 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-06-21 20:41 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-21 20:40 - 2013-08-22 11:36 - 00000000 ____D C:\windows\SysWOW64\InputMethod
2015-06-21 20:40 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\WindowsPowerShell
2015-06-21 20:16 - 2013-08-22 11:36 - 00195072 _____ (Microsoft Corporation) C:\windows\SysWOW64\msclmd.dll
2015-06-21 20:15 - 2013-08-22 11:36 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\msclmd.dll
2015-06-20 23:18 - 2015-04-01 09:34 - 00002394 _____ C:\windows\System32\Tasks\Uninstaller_SkipUac_Monica
2015-06-20 23:18 - 2015-04-01 09:34 - 00000292 _____ C:\windows\Tasks\Uninstaller_SkipUac_Monica.job
2015-06-20 19:05 - 2015-03-13 21:03 - 00000000 ___RD C:\Users\Monica\Dropbox
2015-06-19 23:19 - 2015-03-02 12:24 - 00000000 ____D C:\Users\Monica\Desktop\General
2015-06-19 23:02 - 2013-08-22 11:38 - 00792568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-06-19 23:02 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 20:49 - 2015-02-11 01:20 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Hoyle Puzzle and Board Games
2015-06-18 13:35 - 2015-02-11 03:07 - 00000000 ____D C:\windows\system32\MRT
2015-06-18 13:14 - 2015-02-11 03:07 - 140135120 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-06-17 21:33 - 2015-02-09 20:56 - 00000000 ____D C:\Users\Monica\AppData\Local\Packages
2015-06-17 21:28 - 2013-08-22 09:25 - 00000236 _____ C:\windows\win.ini
2015-06-17 20:43 - 2015-02-11 15:13 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2015-06-17 20:06 - 2015-02-11 00:51 - 00000000 ____D C:\Users\Monica\AppData\Local\Adobe
2015-06-17 20:00 - 2014-03-05 12:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-17 19:55 - 2014-03-05 12:11 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-17 19:47 - 2014-03-05 12:13 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
2015-06-17 19:23 - 2014-03-05 12:11 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-06-17 19:15 - 2013-09-03 00:57 - 00000000 ____D C:\SWSETUP
2015-06-17 19:11 - 2015-02-10 00:58 - 00000000 ____D C:\Users\Monica\AppData\Local\Hewlett-Packard
2015-06-17 17:50 - 2015-02-26 18:21 - 00000374 _____ C:\windows\system32\Drivers\etc\hosts.ics
2015-06-16 17:40 - 2015-02-10 01:14 - 00000459 _____ C:\Users\Monica\AppData\Roaming\Weather Meter_Settings.ini
2015-06-15 20:31 - 2015-02-09 23:58 - 00000000 ____D C:\Users\Monica\Discovered
2015-06-15 14:13 - 2015-02-09 23:21 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Azureus
2015-06-14 21:23 - 2015-02-09 23:21 - 00000000 ____D C:\Program Files\Vuze
2015-06-13 12:26 - 2015-03-19 23:21 - 00000000 ____D C:\Program Files (x86)\IObit
2015-06-12 18:22 - 2014-03-05 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-06-12 18:22 - 2014-03-05 12:07 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-06-12 15:53 - 2015-02-09 22:34 - 00000000 ____D C:\Users\Monica\AppData\Roaming\IDM
2015-06-12 15:44 - 2015-03-19 23:21 - 00000000 ____D C:\Users\Monica\AppData\Roaming\IObit
2015-06-12 15:39 - 2015-02-10 22:50 - 00000000 ____D C:\Program Files\Bitdefender
2015-06-12 14:40 - 2013-08-22 09:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-06-08 17:26 - 2015-02-09 22:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-06 12:12 - 2015-04-07 23:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-06 11:53 - 2015-03-19 23:21 - 00000000 ____D C:\ProgramData\ProductData
2015-06-04 22:48 - 2015-02-09 22:01 - 00000000 ____D C:\Program Files (x86)\GAMES
2015-06-04 11:56 - 2015-02-09 22:34 - 00000000 ____D C:\Users\Monica\Downloads\Video
2015-06-01 15:01 - 2015-03-11 00:05 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2015-06-01 14:01 - 2015-03-13 21:01 - 00000000 ____D C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-31 16:22 - 2015-02-09 23:46 - 00000000 ____D C:\Users\Monica\.rainlendar2
2015-05-31 11:36 - 2015-05-17 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playrix Entertainment
2015-05-31 11:30 - 2015-05-17 21:13 - 00000000 ____D C:\Program Files (x86)\Playrix Entertainment
2015-05-27 12:07 - 2015-05-23 18:44 - 00000000 ____D C:\ProgramData\Trymedia

==================== Files in the root of some directories =======

2015-04-11 12:09 - 2015-04-11 12:22 - 298812648 _____ () C:\Program Files\PhotoDirector_5.0.5724.51476_GM5_HE_LE_HE_PTD141222-01.exe
2015-02-10 01:14 - 2015-06-16 17:40 - 0000459 _____ () C:\Users\Monica\AppData\Roaming\Weather Meter_Settings.ini
2015-02-10 23:07 - 2015-02-10 23:07 - 0581824 _____ () C:\ProgramData\1423622981.bdinstall.bin
2015-04-20 19:41 - 2015-04-20 19:41 - 0324960 _____ () C:\ProgramData\1429573007.bdinstall.bin
2015-04-20 19:41 - 2015-04-20 19:41 - 0049287 _____ () C:\ProgramData\1429573245.bdinstall.bin
2015-06-12 15:36 - 2015-06-12 15:36 - 0032667 _____ () C:\ProgramData\1434137700.bdinstall.bin
2015-06-12 18:10 - 2015-06-12 18:10 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\Monica\advanced-systemcare-setup.exe


Some files in TEMP:
====================
C:\Users\Monica\AppData\Local\Temp\$$$EOUI.exe
C:\Users\Monica\AppData\Local\Temp\$$$HRLM.exe
C:\Users\Monica\AppData\Local\Temp\$$$TKEL.exe
C:\Users\Monica\AppData\Local\Temp\$$$WOFV.exe
C:\Users\Monica\AppData\Local\Temp\raptrpatch.exe
C:\Users\Monica\AppData\Local\Temp\raptr_stub.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{f10c3a02-f77f-11e4-8282-806e6f6e6963}
{f10c3a03-f77f-11e4-8282-806e6f6e6963}
{f10c3a04-f77f-11e4-8282-806e6f6e6963}
{7b2b78c8-1200-11e5-82b3-806e6f6e6963}
{7b2b78c9-1200-11e5-82b3-806e6f6e6963}
{7b2b78ca-1200-11e5-82b3-806e6f6e6963}
{ccbc006c-12ee-11e5-82b5-806e6f6e6963}
{ccbc006d-12ee-11e5-82b5-806e6f6e6963}
{ccbc006e-12ee-11e5-82b5-806e6f6e6963}
timeout 0

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
integrityservices Enable
default {current}
resumeobject {3ac473bd-a48a-11e3-bd39-c57cb637ed7d}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Firmware Application (101fffff)
-------------------------------
identifier {7b2b78c8-1200-11e5-82b3-806e6f6e6963}
description UEFI: IPv6 Realtek PCIe GBE Family Controller

Firmware Application (101fffff)
-------------------------------
identifier {7b2b78c9-1200-11e5-82b3-806e6f6e6963}
description USB Floppy/CD

Firmware Application (101fffff)
-------------------------------
identifier {7b2b78ca-1200-11e5-82b3-806e6f6e6963}
description Hard Drive

Firmware Application (101fffff)
-------------------------------
identifier {ccbc006c-12ee-11e5-82b5-806e6f6e6963}
description UEFI:CD/DVD Drive

Firmware Application (101fffff)
-------------------------------
identifier {ccbc006d-12ee-11e5-82b5-806e6f6e6963}
description UEFI:Removable Device

Firmware Application (101fffff)
-------------------------------
identifier {ccbc006e-12ee-11e5-82b5-806e6f6e6963}
description UEFI:Network Device

Firmware Application (101fffff)
-------------------------------
identifier {f10c3a02-f77f-11e4-8282-806e6f6e6963}
description USB Floppy/CD

Firmware Application (101fffff)
-------------------------------
identifier {f10c3a03-f77f-11e4-8282-806e6f6e6963}
description USB Hard Drive

Firmware Application (101fffff)
-------------------------------
identifier {f10c3a04-f77f-11e4-8282-806e6f6e6963}
description UEFI: IPv4 Realtek PCIe GBE Family Controller

Windows Boot Loader
-------------------
identifier {3ac473b9-a48a-11e3-bd39-c57cb637ed7d}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3ac473ba-a48a-11e3-bd39-c57cb637ed7d}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-us
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3ac473ba-a48a-11e3-bd39-c57cb637ed7d}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {3ac473bb-a48a-11e3-bd39-c57cb637ed7d}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3ac473bc-a48a-11e3-bd39-c57cb637ed7d}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3ac473bc-a48a-11e3-bd39-c57cb637ed7d}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \windows\system32\winload.efi
description Windows 8.1
locale en-US
inherit {bootloadersettings}
recoverysequence {3ac473bb-a48a-11e3-bd39-c57cb637ed7d}
integrityservices Enable
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \windows
resumeobject {3ac473bd-a48a-11e3-bd39-c57cb637ed7d}
nx OptIn
bootmenupolicy Standard

Resume from Hibernate
---------------------
identifier {3ac473bd-a48a-11e3-bd39-c57cb637ed7d}
device partition=C:
path \windows\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {3ac473bb-a48a-11e3-bd39-c57cb637ed7d}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume2
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {3ac473ba-a48a-11e3-bd39-c57cb637ed7d}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {3ac473bc-a48a-11e3-bd39-c57cb637ed7d}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi



LastRegBack: 2015-06-24 04:07

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Monica at 2015-06-25 11:31:16
Running from C:\Users\Monica\Downloads\Programs
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4116287391-1936068046-2123032155-500 - Administrator - Disabled)
Guest (S-1-5-21-4116287391-1936068046-2123032155-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4116287391-1936068046-2123032155-1005 - Limited - Enabled)
kingken (S-1-5-21-4116287391-1936068046-2123032155-1006 - Limited - Enabled)
Monica (S-1-5-21-4116287391-1936068046-2123032155-1001 - Administrator - Enabled) => C:\Users\Monica

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1stFlip FlipBook Creator version 1.01.152 (HKLM-x32\...\{6682CF58-7828-4195-8009-F84C3CBF4E2E}_is1) (Version: 1.01.152 - 1stflip, Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{D328A547-552F-4B3D-AF00-6E1D2BE62702}) (Version: 13.0.0 - Helmut Buhler)
ACPsoft PDF Converter (HKLM-x32\...\ACPsoft PDF Converter) (Version: 2.0 - ACPsoft)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Adoreshare M4V Converter Genius (HKLM-x32\...\Adoreshare M4V Converter Genius) (Version: - Adoreshare, Inc.)
********* Audio Converter 6.3.20 (HKLM-x32\...\{4061F26E-B6D6-443c-994B-01194541A2D7}_is1) (Version: 6.3.20 - ********* Studio)
AMD Catalyst Install Manager (HKLM\...\{453294E1-F95E-C930-7517-BDC9209ADE10}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Apowersoft Screen Capture Pro V1.1.3 (HKLM-x32\...\{eaee5526-f8bd-4d74-a24c-50e5b5f36521}_is1) (Version: 1.1.3 - APOWERSOFT LIMITED)
Auslogics BoostSpeed Premium (HKLM-x32\...\Auslogics BoostSpeed Premium 7.9.0.0) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bookworm (HKLM-x32\...\33cb11b38a46f4ff839ff5541899f1ff) (Version: - GameHouse)
Brink of Consciousness Dorian Gray Syndrome (HKLM-x32\...\Brink of Consciousness Dorian Gray Syndrome_is1) (Version: 1.0 - Playrix Entertainment)
Buku Dominoes (HKLM-x32\...\Buku DominoesFinal) (Version: Final - Game Owl)
Cobi Treasure Deluxe (HKLM-x32\...\Cobi Treasure DeluxeFinal) (Version: Final - AllSmartGames)
Coolmuster ePub Converter (HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Coolmuster ePub Converter) (Version: 2.1.13 - Coolmuster)
Crystalinx (HKLM-x32\...\CrystalinxFinal) (Version: Final - AllSmartGames)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5724.0 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.5724.0 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
EMET 4.1 Update 1 (HKLM-x32\...\{6A09FEB2-691C-456B-B982-2F6D21B19602}) (Version: 4.1.1 - Microsoft Corporation)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
GameHouse Games Collection: Mad Caps (HKLM-x32\...\Mad Caps) (Version: - )
GiliSoft Screen Recorder 6.1.0 (HKLM-x32\...\{2F9CCB8C-8584-45CF-B916-E8C98F6497A4}_is1) (Version: 6.1.0 - GiliSoft International LLC.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Puzzle and Board Games 2012 (HKLM-x32\...\Hoyle Puzzle and Board Games 20121.0) (Version: 1.0 - Foxy Games)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MyDriveConnect 4.0.2.2123 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.2.2123 - TomTom)
Myths of the World - The Heart of Desolation Collectors Edition (HKLM-x32\...\Myths of the World - The Heart of Desolation Collectors EditionFinal) (Version: Final - Game Owl)
Online Games Manager v1.30 (HKLM-x32\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Pahelika Rrevelations (HKLM-x32\...\Pahelika Rrevelations_is1) (Version: 1.0 - Playrix Entertainment)
PhotoScissors 2.0 (HKLM\...\{664FCCAE-8187-4EC5-B191-758C040C999C}_is1) (Version: - teorex)
Picture Collage Maker 4.1.2 (HKLM-x32\...\{D53599B0-AA76-4CC6-B9EF-CC2F27B56F24}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Pistonsoft Text to Speech Converter 1.26.0 (HKLM-x32\...\Pistonsoft Text to Speech Converter_is1) (Version: - Pistonsoft)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7084 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Reflections of Life 2 - Equilibrium Collector's Edition (HKLM-x32\...\Reflections of Life 2 - Equilibrium Collector's EditionFinal) (Version: Final - Game Owl)
RonyaSoft Poster Designer (Poster Forge) 2.02 (HKLM-x32\...\RonyaSoft Poster Designer (Poster Forge)) (Version: 2.02 - RonyaSoft)
Skypeâ„¢ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Start Menu X version 5.46 (HKLM\...\{3E494002-985C-4908-B72C-5B4DD15BE090}_is1) (Version: 5.46 - OrdinarySoft)
Subliminal Blaster Powered 4 (HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Subliminal Blaster Powered 4) (Version: 4.0.1.0 - Subliminal Blaster Project Team)
Subliminal Messages (HKLM-x32\...\{5583D2D0-C960-441C-ACA7-3A0E06C471EC}) (Version: 1.1.2.0 - Mind of Winner)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Taken Souls - Blood Ritual Collector's Edition (HKLM-x32\...\Taken Souls - Blood Ritual Collector's EditionFinal) (Version: Final - Game-Owl.com)
ThunderSoft Flash Gallery Creator (1.8.4.0) (HKLM-x32\...\ThunderSoft Flash Gallery Creator_is1) (Version: 1.8.4.0 - ThunderSoft)
TTS (HKLM-x32\...\{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}) (Version: 1.0.0.0 - ZoomCommerce Co., Ltd.)
Vibosoft PDF Password Remover (HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\Vibosoft PDF Password Remover) (Version: 2.1.10 - Vibosoft)
Video Converter (HKLM-x32\...\Video Converter) (Version: - Tenorshare, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}) (Version: 1.1.1.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F6FE3205-7737-4772-9017-C7ACD8A5561C}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
Windows Driver Package - Compal Electronics, INC. (LPCFilter) System (07/17/2013 1.0.64.7) (HKLM\...\BFB1E8A5D4648875943225EF2EAD7388E4A14B63) (Version: 07/17/2013 1.0.64.7 - Compal Electronics, INC.)
Windows Driver Package - Realtek Semiconduct Corp. (RSP2STOR) MTD (02/10/2015 6.3.9600.29086) (HKLM\...\253AFE669EBEDDCFF791E15B40F76D608394EE4C) (Version: 02/10/2015 6.3.9600.29086 - Realtek Semiconduct Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Word Mojo Gold (HKLM-x32\...\d6f17c74aa0b49ddbd783e38d926a528) (Version: - GameHouse)
Word Travels (HKLM-x32\...\Word Travels1.0) (Version: 1.0 - AllSmartGames)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

03-06-2015 19:59:01 Installed CA Parental Controls
11-06-2015 12:55:27 Scheduled Checkpoint
12-06-2015 14:56:46 IObit Uninstaller restore point
15-06-2015 11:23:55 Driver-auto-backup 6/15/2015
16-06-2015 19:52:18 Driver-auto-backup 6/16/2015
17-06-2015 18:34:17 HPSF Applying updates
17-06-2015 18:57:55 Installed HP Support Solutions Framework
25-06-2015 00:06:30 6/25/15

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-06-14 22:54 - 00000852 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 lm.auslogics.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09FA7F86-DCBD-4B31-BAB6-7AB69CF045A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1180BA1E-B2EA-4BA6-A3FF-3957129D0C9B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1DDFC460-1D5C-48DE-8A8C-B6A125961D88} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {42D6C018-FAD6-44F4-9817-A1560ACC0D20} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {430076CF-838D-4432-A449-1D98D80DCD04} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-06-18] (Microsoft Corporation)
Task: {467E68AB-4B6F-48DB-B85C-3954AF085512} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6581C5C0-C9DD-4DAC-822C-BB1504EEE43C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {6E19930A-1B41-4E60-BC74-4B23900BF8EC} - System32\Tasks\Uninstaller_SkipUac_Monica => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-04-01] (IObit)
Task: {6FEE490B-0DAD-4F94-A1B6-563389E5F995} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {87C35758-1A5B-4093-AB93-97C6398FCEA6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {8C7430D6-8277-443E-B42B-E0847453C436} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {C87E7A29-5E7C-4286-BE33-999ED79995ED} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {E4F6F5B5-10D2-4A87-A4CC-CD79C6F38B28} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E900B40B-53AB-4270-ADD0-A1D714180665} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {FB2322DA-06A4-45EE-9C63-CAB07A16B1FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Uninstaller_SkipUac_Monica.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-28 17:23 - 2014-05-28 17:23 - 00098512 _____ () C:\Program Files (x86)\EMET 4.1\EMET_CE64.DLL
2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-06-20 03:06 - 2015-06-20 03:06 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-14 11:30 - 2013-10-14 11:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-08-27 12:32 - 2015-06-18 19:32 - 00984576 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\SubliminalMessages.exe
2015-06-18 20:03 - 2013-08-18 13:54 - 07244800 _____ () C:\SB\SB4\SB4.exe
2015-02-09 22:01 - 2014-05-28 16:23 - 00131280 _____ () C:\Program Files (x86)\EMET 4.1\HelperLib.dll
2015-02-09 22:01 - 2014-05-28 16:23 - 00044752 _____ () C:\Program Files (x86)\EMET 4.1\ReportingSubsystem.dll
2014-05-28 17:23 - 2014-05-28 17:23 - 00348160 _____ () C:\Program Files (x86)\EMET 4.1\DevExpress.UserSkins.HighContrast.dll
2015-02-09 22:01 - 2014-05-28 16:23 - 00039632 _____ () C:\Program Files (x86)\EMET 4.1\TrayIconSubsystem.dll
2015-02-09 22:01 - 2014-05-28 16:23 - 00059080 _____ () C:\Program Files (x86)\EMET 4.1\PKIPinningSubsystem.dll
2015-06-20 03:06 - 2015-06-20 03:06 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-03-05 12:17 - 2013-08-05 03:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 19:48 - 2013-08-05 19:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-04-28 13:53 - 2015-04-28 13:53 - 00140288 _____ () C:\Program Files (x86)\MyDrive Connect\quazip.dll
2014-09-11 11:06 - 2014-09-11 11:06 - 00878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2014-09-11 11:05 - 2014-09-11 11:05 - 00036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 11:06 - 2014-09-11 11:06 - 00038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 11:14 - 2014-09-11 11:14 - 00032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 11:05 - 2014-09-11 11:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 11:14 - 2014-09-11 11:14 - 00027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 11:05 - 2014-09-11 11:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 11:14 - 2014-09-11 11:14 - 00381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 11:05 - 2014-09-11 11:05 - 00204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 11:14 - 2014-09-11 11:14 - 00218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 11:08 - 2014-09-11 11:08 - 00015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 11:14 - 2014-09-11 11:14 - 00015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 11:15 - 2014-09-11 11:15 - 00307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 11:15 - 2014-09-11 11:15 - 00014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 11:15 - 2014-09-11 11:15 - 00252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
2013-04-17 21:18 - 2013-04-17 21:18 - 00544817 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\libgcc_s_dw2-1.dll
2013-04-17 21:19 - 2013-04-17 21:19 - 00989805 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\libstdc++-6.dll
2013-04-22 19:03 - 2013-04-22 19:03 - 03369922 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\icuin51.dll
2013-04-22 19:03 - 2013-04-22 19:03 - 01978690 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\icuuc51.dll
2013-04-22 19:03 - 2013-04-22 19:03 - 22378434 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\icudt51.dll
2013-12-08 21:14 - 2013-12-08 21:14 - 01269760 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\platforms\qwindows.dll
2013-12-08 21:13 - 2013-12-08 21:13 - 00261120 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qjpeg.dll
2013-12-08 21:13 - 2013-12-08 21:13 - 00051200 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qgif.dll
2013-12-08 21:13 - 2013-12-08 21:13 - 00052224 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qico.dll
2013-12-08 21:23 - 2013-12-08 21:23 - 00381952 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qmng.dll
2013-12-08 21:23 - 2013-12-08 21:23 - 00046592 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qtga.dll
2013-12-08 21:23 - 2013-12-08 21:23 - 00442368 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qtiff.dll
2013-12-08 21:23 - 2013-12-08 21:23 - 00045056 _____ () C:\Program Files X86\Mind of Winner\Subliminal Messages\plugins\imageformats\qwbmp.dll
2014-05-28 17:23 - 2014-05-28 17:23 - 00089808 _____ () C:\Program Files (x86)\EMET 4.1\EMET_CE.DLL
2015-02-09 23:42 - 2005-01-05 14:47 - 01132272 _____ () C:\Program Files (x86)\GameHouse Games Collection\Cubis Gold 2\cubis2.exe
2015-02-09 23:42 - 2005-01-05 14:47 - 00036864 _____ () C:\Program Files (x86)\GameHouse Games Collection\Cubis Gold 2\cubis2res.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Monica\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Monica\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Monica\Downloads\install_flashplayer17x32au_mssd_aaa_aih.exe:BDU
AlternateDataStreams: C:\Users\Monica\Downloads\md64-win-mp240-1_02-ej.exe:BDU
AlternateDataStreams: C:\Users\Monica\Downloads\mpnx_2_0-win-2_05-ea23_2.exe:BDU
AlternateDataStreams: C:\Users\Monica\Downloads\Shockwave_Installer_Slim(1).exe:BDU
AlternateDataStreams: C:\Users\Monica\Downloads\Shockwave_Installer_Slim.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: swprv => 2
MSCONFIG\Services: VSS => 2
MSCONFIG\Services: WPCSvc => 3
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\StartupApproved\Run: => "ApowersoftScreenCapture"
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\...\StartupApproved\Run: => "GmailNotifierPro"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B8D74365-A030-44F4-AB73-1480C864CFB6}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{A1C14F7F-E464-4B2D-BE86-68ABC18692C7}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8943CA2D-B251-4136-9FAC-E20BCC5F8A06}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{50ED3F80-DC8F-4C15-9C79-9EE43C1A4DD9}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{2C498563-9271-497B-BF21-60D2BA77CED0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{49061BC2-EF6A-40C5-B70A-F35CB4DF2D6D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{FE3F5A85-EBB9-49ED-8358-07665742CFEE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{698145CF-F707-46C5-9AA1-3D019538985A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{3E0BAD63-6BD7-4B9D-8D71-8354BB486782}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{52C1962E-C00A-4EBC-B4F6-0793511A3218}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B9118846-7ABC-4F3C-9255-CA45C2FA26F6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{04501231-1A7D-4A14-93F6-7639571F42AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B9FB83D-F79C-4B48-A450-7C39D9422659}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1467B84E-A83D-437E-A379-4CAD77B85857}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{678E64CE-3C97-401F-ADBD-7510E088100B}] => (Allow) LPort=2869
FirewallRules: [{4F3094BC-5FB2-4176-ADC4-1B1E291745BF}] => (Allow) LPort=1900
FirewallRules: [{8CC2F4ED-5651-4378-B752-05C974BCDA68}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{38728DCF-CDA5-45FC-8998-F6489ADC88FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E099D64F-C7D0-4E24-B18A-AA340B36D37D}] => (Allow) C:\windows\system32\mstsc.exe
FirewallRules: [{A2EE38C1-9224-4CF5-94DE-E0A0AB75D4E8}] => (Allow) C:\windows\system32\mstsc.exe
FirewallRules: [{C0DD09B2-92B9-48CB-86C5-2D99DEFE57DD}] => (Allow) C:\windows\system32\mstsc.exe
FirewallRules: [{EBAE1002-72F4-4109-AF89-B99FE203C631}] => (Allow) C:\windows\system32\mstsc.exe
FirewallRules: [{81AA45C0-03E3-4BB2-BAF5-26B024FC6225}] => (Allow) LPort=139
FirewallRules: [{8F4690A3-53DC-4D98-A647-0FBFF00892EC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{13E0FD47-B1EC-4DE6-B46F-CE898F6F112A}C:\program files (x86)\photobie\photobie.exe] => (Block) C:\program files (x86)\photobie\photobie.exe
FirewallRules: [UDP Query User{4C397365-32E4-4778-9744-7D82FBEF27D9}C:\program files (x86)\photobie\photobie.exe] => (Block) C:\program files (x86)\photobie\photobie.exe
FirewallRules: [{A39BB7C9-31F0-4EF9-9FA0-D4FA4B55DDBF}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{9A6CEB10-0347-4043-A078-E9D7C07E233D}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{7F391B22-10E2-4D2C-BB7D-DB10EDE17107}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{654D86B7-0932-4175-A0E4-0CF4C3A71C38}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{EC2F5E38-4AC2-46A7-B40E-8334A5301FB7}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Capture Pro\Apowersoft Screen Capture Pro.exe
FirewallRules: [{D16C11B3-F7D8-4464-A5B8-72D167157806}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Capture Pro\Apowersoft Screen Capture Pro.exe
FirewallRules: [{378F57D0-E4E4-4CDE-A08F-4EFA4B71A8FC}] => (Allow) %ProgramFiles% (x86)\GameHouse Games Collection\Flip Words\FlipWords.exe
FirewallRules: [{F79A9F28-1FED-4DD4-AEAC-9EDC257F1312}] => (Allow) %ProgramFiles% (x86)\GameHouse Games Collection\Holiday Express\Holiday Express.exe
FirewallRules: [{282377A1-94C1-46A0-B730-6D4A8F40BD74}] => (Allow) %ProgramFiles% (x86)\GameHouse Games Collection\Puzzle Express\PuzzleExpress.exe
FirewallRules: [TCP Query User{1AD09F6E-1E65-4F03-AB84-F27BC05DB000}C:\program files (x86)\gamehouse games collection\wheel of fortune\wheel of fortune.exe] => (Allow) C:\program files (x86)\gamehouse games collection\wheel of fortune\wheel of fortune.exe
FirewallRules: [UDP Query User{020D574A-F852-44F5-B6CF-E76DCEC70226}C:\program files (x86)\gamehouse games collection\wheel of fortune\wheel of fortune.exe] => (Allow) C:\program files (x86)\gamehouse games collection\wheel of fortune\wheel of fortune.exe
FirewallRules: [TCP Query User{40456585-8D10-4C88-86ED-BA01992CC9A4}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{5689F3BC-DA85-4C0F-AED4-96DB0874CC7E}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe
FirewallRules: [{FA26611A-E355-470E-B4CD-216AE1661AE1}] => (Allow) C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe
FirewallRules: [{65FF0813-1454-40EC-9769-D810222BEE52}] => (Allow) C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe
FirewallRules: [{431CAFEB-4E3A-4C18-AE5B-04558D7E4B1E}] => (Allow) C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe
FirewallRules: [{E6B3BCD2-4187-4A9C-8777-215EABF75A96}] => (Allow) C:\Program Files (x86)\Windows Sidebar\8GadgetPack.exe
FirewallRules: [{FAA9F237-533B-4A22-B503-3DBC56B73BC0}] => (Allow) LPort=139
FirewallRules: [{38B4CDDC-FB1D-4BC8-886B-FE81AF60E389}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{69109C08-DB40-4E7B-A76A-E81DD773DA23}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{1C9F5948-9F40-45E9-8DD1-35870E0F79E6}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{06C63FB0-82BD-40CF-A179-DB211B5DF65D}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{2E8A3D24-3427-43B4-A85E-4D2A22A2BC05}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{A3A5010D-2DED-4CB5-9D58-09CFCDCD80B3}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{AFC6AAC5-7B1A-4878-AF91-0A15ADBAD758}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{95CB3D3D-A24C-40F5-8DD5-5FED765990D6}] => (Allow) LPort=5357
FirewallRules: [{08A84A43-8677-4757-BC51-1997387D00DF}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E20AC796-6D02-426D-B66C-68C1BDF31A18}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{0EF23985-39AF-47AD-A6A8-3C792E430502}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{6566EF13-6F38-4645-9623-5C4391177214}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{4EB1A293-1B55-469A-8B31-32D0FD8126FF}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{9818653F-FDAF-4317-AE18-52C40A62EE2F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C5A761D0-6F8F-4E5E-B25D-C4355CFDECFE}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{62E02152-70AE-4F1C-9D87-CD2DADD3B7DF}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{81996D25-103E-49B7-B6B9-C1BFFDBEC513}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (06/25/2015 11:28:16 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (06/25/2015 11:28:13 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll4

Error: (06/25/2015 11:16:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (06/25/2015 11:16:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (06/25/2015 11:16:33 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (06/25/2015 11:16:33 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat


System errors:
=============
Error: (06/25/2015 11:21:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: AD2F1837.HPConnectedPhotopoweredbySnapfish.

Error: (06/25/2015 11:21:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: AD2F1837.HPFileViewer.

Error: (06/25/2015 11:21:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: AMZNMobileLLC.KindleforWindows8.

Error: (06/25/2015 11:21:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.SkypeApp.

Error: (06/25/2015 11:21:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneVideo.

Error: (06/25/2015 11:07:16 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Device Setup Manager service hung on starting.

Error: (06/25/2015 11:06:25 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (06/25/2015 11:06:25 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (06/25/2015 11:06:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Encryption Provider Host Service service terminated with the following error:
%%1064

Error: (06/25/2015 11:06:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1


Microsoft Office:
=========================
Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (06/25/2015 11:30:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (06/25/2015 11:28:16 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (06/25/2015 11:28:13 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll4

Error: (06/25/2015 11:16:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (06/25/2015 11:16:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (06/25/2015 11:16:33 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (06/25/2015 11:16:33 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Monica\AppData\Local\Microsoft\Windows\\UsrClass.dat


CodeIntegrity Errors:
===================================
Date: 2015-06-25 05:15:10.050
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-25 05:14:59.800
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-25 05:14:53.675
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-25 05:14:47.925
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-25 05:14:42.003
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-25 05:14:36.144
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-25 05:14:30.300
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-25 05:14:24.597
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-25 05:14:18.550
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-06-25 05:14:12.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 21%
Total physical RAM: 7621.94 MB
Available physical RAM: 5964.96 MB
Total Pagefile: 15301.94 MB
Available Pagefile: 12886.64 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:919.9 GB) (Free:708.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:10.13 GB) (Free:1.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0C299522)

Partition: GPT Partition Type.

==================== End of log ============================


Results of screen317's Security Check version 1.004
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 18.0.0.194
Mozilla Firefox (38.0.5)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


I saw that it were a lot of registry corrupt files :eek:. Did these scans fix them all, or I must take another step to do it? I deleted the file in question, and nothing bad happened. Until now I have not had any program with problems. I don't know how to read these results. May you explain to me about their meannings?

Once again, thank you very very much for all the help that you are giving to me :thumbsup2:. Before to talk with you, I was looking for troubleshootings because the PC was critically slow, the right click was so long to open windows, or they was freezing the PC, and all the applications that I opened stop working in a few secons. Now, I have gain a little more of responsiveness, and the start up was faster. However, I continue having problems with explorer.exe response, and still the right click is taking a lot of time to react. I hope that with your help I can get back my PC health. I could refresh the system, but I am trying to avoid that as much as I can, because I have a lot of programs that I could not get fully functional if I reinstall them. I have a backup external HDD, but I am recently moved, and yet I could not find it. :grin1:

:rose:
 
Hi, Monka.

The two tools I had you run are to provide information for me to research and analyze. You aren't expected to understand the information. While I spend some time researching some of the items in the logs, there are two things that you can do.

1. Uninstall IObit. Based on IOBit's past practices, I wouldn't run it on my computer. See the following for additional information:
-- IOBit Steals Malwarebytes' Intellectual Property
-- IOBit’s Denial of Theft Unconvincing
-- IOBit Theft Conclusion

2. At least until your computer is restored to good working condition, please uninstall Vuze. P2P programs form a direct conduit on to your computer. They have always been a target of malware writers. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. Use of P2P programs can result in Identity Theft.

Restart your computer after uninstalling those two programs and let me know when its complete. In the meantime, I'll be further reviewing your logs and will provide additional instructions.
 
Corrine said:
Hi, Monka.

The two tools I had you run are to provide information for me to research and analyze. You aren't expected to understand the information. While I spend some time researching some of the items in the logs, there are two things that you can do.

1. Uninstall IObit. Based on IOBit's past practices, I wouldn't run it on my computer. See the following for additional information:
-- IOBit Steals Malwarebytes' Intellectual Property
-- IOBit’s Denial of Theft Unconvincing
-- IOBit Theft Conclusion

2. At least until your computer is restored to good working condition, please uninstall Vuze. P2P programs form a direct conduit on to your computer. They have always been a target of malware writers. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. Use of P2P programs can result in Identity Theft.

Restart your computer after uninstalling those two programs and let me know when its complete. In the meantime, I'll be further reviewing your logs and will provide additional instructions.
Click to expand...
--------------------------------------------------------------------------------------------


I recently deleted all the IOBit programs, as they were being very intrusive. I just leaved the Uninstaller because helps a lot deleting the leftovers. If you know other one that securely clean the leftovers from the registry, I'll happy to use it. By now, I'll delete only Vuze, although I only have it open when I need to download a file, and close it again as soon as I finish, because I know that through the torrents are delivered a lot of viruses.
 
The very issue with registry cleaners, optimizers, etc. is that they do more harm than good. In fact, that is specifically why Malwarebytes is adding them to detection: Registry Cleaners: Digital Snake Oil | Malwarebytes Unpacked. Windows is a closed source system. Developers of registry cleaners do not have the core code of Windows 7 and Windows 8 and are not working on definitive information, but rather they are going on past knowledge and experience. Automatic cleaners will usually have to do some guesswork.

Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix. Registry cleaners cannot distinguish between good and bad. If you run a registry cleaner, it will delete all those keys which are obsolete and sitting idle; but in reality, those keys may well be needed by some programs or windows at a later time. If you run any other registry cleaner and do not know precisely what you are doing, you will have problems down the road. There are no gains to be had from using a registry cleaner and the risk is great.

Taking it one4 step further, Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities

As to Vuze or any P2P program, just because it is only open when you need to download a file does not mean that what you are getting with the file being downloaded isn't infected. Perhaps that is where the mysterious efnnouse.exe came from.

However, it is your computer, your choice.
 
Ok, now let's move on to the cleanup.

1. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: 
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
SearchScopes: HKLM -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3AC4.tmp
2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3A46.tmp
2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE556.tmp
2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE4D8.tmp
2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD8098.tmp
2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD7FFB.tmp
2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFB6A.tmp
2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFAEC.tmp
2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD9468.tmp
2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD93DA.tmp
2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD318C.tmp
2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD310E.tmp
2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD47AE.tmp
2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD4730.tmp
2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE8DA.tmp
2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE86B.tmp
2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8821.tmp
2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8793.tmp
2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1B22.tmp
2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1A85.tmp
2015-06-02 13:35 - 2015-06-10 11:47 - 00000000 ____D C:\Users\Monica\Crack
2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBAA8.tmp
2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBA2A.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF238.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE9A6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE18B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDBB6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB349.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8C10.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8084.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET6F55.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4060.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET3432.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET29F0.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET13B4.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF646.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF016.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE57A.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE10C.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETB6FA.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET90BB.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET83F6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET7874.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET442F.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET3755.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET2DC0.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET1784.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETF588.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETEF29.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETE4CC.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETDEB9.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETB64C.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET900D.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET8339.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET76CC.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET4333.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET36B7.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET2CC4.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET16C6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETF5E7.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETEF98.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETE51B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETDF17.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETB69B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET906B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET8397.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET773A.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET43D1.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET3706.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET2D51.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET1725.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF7BE.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF101.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE5C9.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE1D9.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETB759.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET9119.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET8455.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET7A0B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET447F.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET37B4.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET2E2E.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET17E3.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF5C6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF4CB.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF3C0.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEC58.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE2C6.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDCE1.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB4C2.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8DF6.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET81BF.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET733F.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET418B.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET353D.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B2A.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET14EF.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF43E.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETED24.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE334.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDD5F.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB531.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8E94.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET824C.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET73EC.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4209.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET35BB.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B99.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET157C.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETF4EB.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETEE7D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETE3C2.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETDE1B.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETB5CE.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET8F6F.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET82CA.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET7525.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET42B5.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET3649.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET2C46.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET1639.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF313.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEA72.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE238.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDC73.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB416.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8D4A.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8131.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET707F.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET40FD.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET34CF.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2AAC.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET1461.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF81D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF170.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE618.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE237.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETB7A8.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET9168.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET84F2.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET7C7D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET44CE.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET3803.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET2E8D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET1841.tmp
2015-02-10 23:07 - 2015-02-10 23:07 - 0581824 _____ () C:\ProgramData\1423622981.bdinstall.bin
2015-04-20 19:41 - 2015-04-20 19:41 - 0324960 _____ () C:\ProgramData\1429573007.bdinstall.bin
2015-04-20 19:41 - 2015-04-20 19:41 - 0049287 _____ () C:\ProgramData\1429573245.bdinstall.bin
2015-06-12 15:36 - 2015-06-12 15:36 - 0032667 _____ () C:\ProgramData\1434137700.bdinstall.bin
C:\Users\Monica\advanced-systemcare-setup.exe
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.

2. Please download Adware Cleaner by Xplode. Please save it to your desktop!
  • Close all open programs and internet browsers.
  • Double-click AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin. Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Logfile button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
 
Corrine said:
Ok, now let's move on to the cleanup.

1. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: 
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
SearchScopes: HKLM -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3AC4.tmp
2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3A46.tmp
2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE556.tmp
2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE4D8.tmp
2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD8098.tmp
2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD7FFB.tmp
2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFB6A.tmp
2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFAEC.tmp
2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD9468.tmp
2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD93DA.tmp
2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD318C.tmp
2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD310E.tmp
2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD47AE.tmp
2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD4730.tmp
2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE8DA.tmp
2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE86B.tmp
2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8821.tmp
2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8793.tmp
2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1B22.tmp
2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1A85.tmp
2015-06-02 13:35 - 2015-06-10 11:47 - 00000000 ____D C:\Users\Monica\Crack
2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBAA8.tmp
2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBA2A.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF238.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE9A6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE18B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDBB6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB349.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8C10.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8084.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET6F55.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4060.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET3432.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET29F0.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET13B4.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF646.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF016.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE57A.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE10C.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETB6FA.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET90BB.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET83F6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET7874.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET442F.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET3755.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET2DC0.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET1784.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETF588.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETEF29.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETE4CC.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETDEB9.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETB64C.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET900D.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET8339.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET76CC.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET4333.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET36B7.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET2CC4.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET16C6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETF5E7.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETEF98.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETE51B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETDF17.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETB69B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET906B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET8397.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET773A.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET43D1.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET3706.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET2D51.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET1725.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF7BE.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF101.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE5C9.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE1D9.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETB759.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET9119.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET8455.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET7A0B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET447F.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET37B4.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET2E2E.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET17E3.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF5C6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF4CB.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF3C0.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEC58.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE2C6.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDCE1.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB4C2.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8DF6.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET81BF.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET733F.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET418B.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET353D.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B2A.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET14EF.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF43E.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETED24.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE334.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDD5F.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB531.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8E94.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET824C.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET73EC.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4209.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET35BB.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B99.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET157C.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETF4EB.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETEE7D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETE3C2.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETDE1B.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETB5CE.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET8F6F.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET82CA.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET7525.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET42B5.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET3649.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET2C46.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET1639.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF313.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEA72.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE238.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDC73.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB416.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8D4A.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8131.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET707F.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET40FD.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET34CF.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2AAC.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET1461.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF81D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF170.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE618.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE237.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETB7A8.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET9168.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET84F2.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET7C7D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET44CE.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET3803.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET2E8D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET1841.tmp
2015-02-10 23:07 - 2015-02-10 23:07 - 0581824 _____ () C:\ProgramData\1423622981.bdinstall.bin
2015-04-20 19:41 - 2015-04-20 19:41 - 0324960 _____ () C:\ProgramData\1429573007.bdinstall.bin
2015-04-20 19:41 - 2015-04-20 19:41 - 0049287 _____ () C:\ProgramData\1429573245.bdinstall.bin
2015-06-12 15:36 - 2015-06-12 15:36 - 0032667 _____ () C:\ProgramData\1434137700.bdinstall.bin
C:\Users\Monica\advanced-systemcare-setup.exe
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.

2. Please download Adware Cleaner by Xplode. Please save it to your desktop!
  • Close all open programs and internet browsers.
  • Double-click AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin. Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Logfile button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
Click to expand...

Here the fixlog. The adclean is going now. Thanks one more.

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Monica at 2015-06-26 19:13:45 Run:1
Running from C:\FRST
Loaded Profiles: Monica (Available Profiles: Monica)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
SearchScopes: HKLM -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {8B099BF3-C49C-4385-BEFC-99861C7BD332} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4116287391-1936068046-2123032155-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Electronics, Cars, Fashion, Collectibles, Coupons and More | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3AC4.tmp
2015-06-02 14:00 - 2015-06-02 14:00 - 00000000 _____ C:\windows\system32\OLD3A46.tmp
2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE556.tmp
2015-06-02 13:58 - 2015-06-02 13:58 - 00000000 _____ C:\windows\system32\OLDE4D8.tmp
2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD8098.tmp
2015-06-02 13:57 - 2015-06-02 13:57 - 00000000 _____ C:\windows\system32\OLD7FFB.tmp
2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFB6A.tmp
2015-06-02 13:49 - 2015-06-02 13:49 - 00000000 _____ C:\windows\system32\OLDFAEC.tmp
2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD9468.tmp
2015-06-02 13:47 - 2015-06-02 13:47 - 00000000 _____ C:\windows\system32\OLD93DA.tmp
2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD318C.tmp
2015-06-02 13:46 - 2015-06-02 13:46 - 00000000 _____ C:\windows\system32\OLD310E.tmp
2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD47AE.tmp
2015-06-02 13:43 - 2015-06-02 13:43 - 00000000 _____ C:\windows\system32\OLD4730.tmp
2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE8DA.tmp
2015-06-02 13:42 - 2015-06-02 13:42 - 00000000 _____ C:\windows\system32\OLDE86B.tmp
2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8821.tmp
2015-06-02 13:40 - 2015-06-02 13:40 - 00000000 _____ C:\windows\system32\OLD8793.tmp
2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1B22.tmp
2015-06-02 13:36 - 2015-06-02 13:36 - 00000000 _____ C:\windows\system32\OLD1A85.tmp
2015-06-02 13:35 - 2015-06-10 11:47 - 00000000 ____D C:\Users\Monica\Crack
2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBAA8.tmp
2015-06-02 13:34 - 2015-06-02 13:34 - 00000000 _____ C:\windows\system32\OLDBA2A.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF238.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE9A6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE18B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDBB6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB349.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8C10.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8084.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET6F55.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4060.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET3432.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET29F0.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 02702040 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET13B4.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF646.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETF016.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE57A.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETE10C.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SETB6FA.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET90BB.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET83F6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET7874.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET442F.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET3755.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET2DC0.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 01413776 _____ (Synopsys, Inc.) C:\windows\system32\SET1784.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETF588.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETEF29.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETE4CC.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETDEB9.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SETB64C.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET900D.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET8339.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET76CC.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET4333.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET36B7.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET2CC4.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00454288 _____ (Synopsys, Inc.) C:\windows\system32\SET16C6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETF5E7.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETEF98.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETE51B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETDF17.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SETB69B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET906B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET8397.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET773A.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET43D1.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET3706.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET2D51.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00369296 _____ (Synopsys, Inc.) C:\windows\system32\SET1725.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF7BE.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETF101.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE5C9.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETE1D9.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SETB759.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET9119.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET8455.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET7A0B.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET447F.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET37B4.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET2E2E.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00329360 _____ (Synopsys, Inc.) C:\windows\system32\SET17E3.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF5C6.tmp
2015-06-02 13:32 - 2015-06-02 13:32 - 00000000 _____ C:\windows\system32\OLDF4CB.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF3C0.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEC58.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE2C6.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDCE1.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB4C2.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8DF6.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET81BF.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET733F.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET418B.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET353D.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B2A.tmp
2015-06-02 13:31 - 2015-06-02 13:32 - 02907864 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET14EF.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF43E.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETED24.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE334.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDD5F.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB531.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8E94.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET824C.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET73EC.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET4209.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET35BB.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2B99.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03218800 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET157C.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETF4EB.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETEE7D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETE3C2.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETDE1B.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SETB5CE.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET8F6F.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET82CA.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET7525.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET42B5.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET3649.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET2C46.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 03182104 _____ (Fortemedia Corporation) C:\windows\system32\SET1639.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETF313.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETEA72.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETE238.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETDC73.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SETB416.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8D4A.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET8131.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET707F.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET40FD.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET34CF.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET2AAC.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 02846424 _____ (Realtek Semiconductor Corp.) C:\windows\system32\SET1461.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF81D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETF170.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE618.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETE237.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SETB7A8.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET9168.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET84F2.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET7C7D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET44CE.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET3803.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET2E8D.tmp
2015-06-02 13:31 - 2015-06-02 13:31 - 01559744 _____ (Conexant Systems Inc.) C:\windows\system32\SET1841.tmp
2015-02-10 23:07 - 2015-02-10 23:07 - 0581824 _____ () C:\ProgramData\1423622981.bdinstall.bin
2015-04-20 19:41 - 2015-04-20 19:41 - 0324960 _____ () C:\ProgramData\1429573007.bdinstall.bin
2015-04-20 19:41 - 2015-04-20 19:41 - 0049287 _____ () C:\ProgramData\1429573245.bdinstall.bin
2015-06-12 15:36 - 2015-06-12 15:36 - 0032667 _____ () C:\ProgramData\1434137700.bdinstall.bin
C:\Users\Monica\advanced-systemcare-setup.exe
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully
HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully
HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully
HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully
HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B099BF3-C49C-4385-BEFC-99861C7BD332}" => key removed successfully
HKCR\CLSID\{8B099BF3-C49C-4385-BEFC-99861C7BD332} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8B099BF3-C49C-4385-BEFC-99861C7BD332}" => key removed successfully
HKCR\Wow6432Node\CLSID\{8B099BF3-C49C-4385-BEFC-99861C7BD332} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B099BF3-C49C-4385-BEFC-99861C7BD332}" => key removed successfully
HKCR\CLSID\{8B099BF3-C49C-4385-BEFC-99861C7BD332} => key not found.
"HKU\S-1-5-21-4116287391-1936068046-2123032155-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
C:\windows\system32\OLD3AC4.tmp => moved successfully.
C:\windows\system32\OLD3A46.tmp => moved successfully.
C:\windows\system32\OLDE556.tmp => moved successfully.
C:\windows\system32\OLDE4D8.tmp => moved successfully.
C:\windows\system32\OLD8098.tmp => moved successfully.
C:\windows\system32\OLD7FFB.tmp => moved successfully.
C:\windows\system32\OLDFB6A.tmp => moved successfully.
C:\windows\system32\OLDFAEC.tmp => moved successfully.
C:\windows\system32\OLD9468.tmp => moved successfully.
C:\windows\system32\OLD93DA.tmp => moved successfully.
C:\windows\system32\OLD318C.tmp => moved successfully.
C:\windows\system32\OLD310E.tmp => moved successfully.
C:\windows\system32\OLD47AE.tmp => moved successfully.
C:\windows\system32\OLD4730.tmp => moved successfully.
C:\windows\system32\OLDE8DA.tmp => moved successfully.
C:\windows\system32\OLDE86B.tmp => moved successfully.
C:\windows\system32\OLD8821.tmp => moved successfully.
C:\windows\system32\OLD8793.tmp => moved successfully.
C:\windows\system32\OLD1B22.tmp => moved successfully.
C:\windows\system32\OLD1A85.tmp => moved successfully.
C:\Users\Monica\Crack => moved successfully.
C:\windows\system32\OLDBAA8.tmp => moved successfully.
C:\windows\system32\OLDBA2A.tmp => moved successfully.
C:\windows\system32\SETF238.tmp => moved successfully.
C:\windows\system32\SETE9A6.tmp => moved successfully.
C:\windows\system32\SETE18B.tmp => moved successfully.
C:\windows\system32\SETDBB6.tmp => moved successfully.
C:\windows\system32\SETB349.tmp => moved successfully.
C:\windows\system32\SET8C10.tmp => moved successfully.
C:\windows\system32\SET8084.tmp => moved successfully.
C:\windows\system32\SET6F55.tmp => moved successfully.
C:\windows\system32\SET4060.tmp => moved successfully.
C:\windows\system32\SET3432.tmp => moved successfully.
C:\windows\system32\SET29F0.tmp => moved successfully.
C:\windows\system32\SET13B4.tmp => moved successfully.
C:\windows\system32\SETF646.tmp => moved successfully.
C:\windows\system32\SETF016.tmp => moved successfully.
C:\windows\system32\SETE57A.tmp => moved successfully.
C:\windows\system32\SETE10C.tmp => moved successfully.
C:\windows\system32\SETB6FA.tmp => moved successfully.
C:\windows\system32\SET90BB.tmp => moved successfully.
C:\windows\system32\SET83F6.tmp => moved successfully.
C:\windows\system32\SET7874.tmp => moved successfully.
C:\windows\system32\SET442F.tmp => moved successfully.
C:\windows\system32\SET3755.tmp => moved successfully.
C:\windows\system32\SET2DC0.tmp => moved successfully.
C:\windows\system32\SET1784.tmp => moved successfully.
C:\windows\system32\SETF588.tmp => moved successfully.
C:\windows\system32\SETEF29.tmp => moved successfully.
C:\windows\system32\SETE4CC.tmp => moved successfully.
C:\windows\system32\SETDEB9.tmp => moved successfully.
C:\windows\system32\SETB64C.tmp => moved successfully.
C:\windows\system32\SET900D.tmp => moved successfully.
C:\windows\system32\SET8339.tmp => moved successfully.
C:\windows\system32\SET76CC.tmp => moved successfully.
C:\windows\system32\SET4333.tmp => moved successfully.
C:\windows\system32\SET36B7.tmp => moved successfully.
C:\windows\system32\SET2CC4.tmp => moved successfully.
C:\windows\system32\SET16C6.tmp => moved successfully.
C:\windows\system32\SETF5E7.tmp => moved successfully.
C:\windows\system32\SETEF98.tmp => moved successfully.
C:\windows\system32\SETE51B.tmp => moved successfully.
C:\windows\system32\SETDF17.tmp => moved successfully.
C:\windows\system32\SETB69B.tmp => moved successfully.
C:\windows\system32\SET906B.tmp => moved successfully.
C:\windows\system32\SET8397.tmp => moved successfully.
C:\windows\system32\SET773A.tmp => moved successfully.
C:\windows\system32\SET43D1.tmp => moved successfully.
C:\windows\system32\SET3706.tmp => moved successfully.
C:\windows\system32\SET2D51.tmp => moved successfully.
C:\windows\system32\SET1725.tmp => moved successfully.
C:\windows\system32\SETF7BE.tmp => moved successfully.
C:\windows\system32\SETF101.tmp => moved successfully.
C:\windows\system32\SETE5C9.tmp => moved successfully.
C:\windows\system32\SETE1D9.tmp => moved successfully.
C:\windows\system32\SETB759.tmp => moved successfully.
C:\windows\system32\SET9119.tmp => moved successfully.
C:\windows\system32\SET8455.tmp => moved successfully.
C:\windows\system32\SET7A0B.tmp => moved successfully.
C:\windows\system32\SET447F.tmp => moved successfully.
C:\windows\system32\SET37B4.tmp => moved successfully.
C:\windows\system32\SET2E2E.tmp => moved successfully.
C:\windows\system32\SET17E3.tmp => moved successfully.
C:\windows\system32\OLDF5C6.tmp => moved successfully.
C:\windows\system32\OLDF4CB.tmp => moved successfully.
C:\windows\system32\SETF3C0.tmp => moved successfully.
C:\windows\system32\SETEC58.tmp => moved successfully.
C:\windows\system32\SETE2C6.tmp => moved successfully.
C:\windows\system32\SETDCE1.tmp => moved successfully.
C:\windows\system32\SETB4C2.tmp => moved successfully.
C:\windows\system32\SET8DF6.tmp => moved successfully.
C:\windows\system32\SET81BF.tmp => moved successfully.
C:\windows\system32\SET733F.tmp => moved successfully.
C:\windows\system32\SET418B.tmp => moved successfully.
C:\windows\system32\SET353D.tmp => moved successfully.
C:\windows\system32\SET2B2A.tmp => moved successfully.
C:\windows\system32\SET14EF.tmp => moved successfully.
C:\windows\system32\SETF43E.tmp => moved successfully.
C:\windows\system32\SETED24.tmp => moved successfully.
C:\windows\system32\SETE334.tmp => moved successfully.
C:\windows\system32\SETDD5F.tmp => moved successfully.
C:\windows\system32\SETB531.tmp => moved successfully.
C:\windows\system32\SET8E94.tmp => moved successfully.
C:\windows\system32\SET824C.tmp => moved successfully.
C:\windows\system32\SET73EC.tmp => moved successfully.
C:\windows\system32\SET4209.tmp => moved successfully.
C:\windows\system32\SET35BB.tmp => moved successfully.
C:\windows\system32\SET2B99.tmp => moved successfully.
C:\windows\system32\SET157C.tmp => moved successfully.
C:\windows\system32\SETF4EB.tmp => moved successfully.
C:\windows\system32\SETEE7D.tmp => moved successfully.
C:\windows\system32\SETE3C2.tmp => moved successfully.
C:\windows\system32\SETDE1B.tmp => moved successfully.
C:\windows\system32\SETB5CE.tmp => moved successfully.
C:\windows\system32\SET8F6F.tmp => moved successfully.
C:\windows\system32\SET82CA.tmp => moved successfully.
C:\windows\system32\SET7525.tmp => moved successfully.
C:\windows\system32\SET42B5.tmp => moved successfully.
C:\windows\system32\SET3649.tmp => moved successfully.
C:\windows\system32\SET2C46.tmp => moved successfully.
C:\windows\system32\SET1639.tmp => moved successfully.
C:\windows\system32\SETF313.tmp => moved successfully.
C:\windows\system32\SETEA72.tmp => moved successfully.
C:\windows\system32\SETE238.tmp => moved successfully.
C:\windows\system32\SETDC73.tmp => moved successfully.
C:\windows\system32\SETB416.tmp => moved successfully.
C:\windows\system32\SET8D4A.tmp => moved successfully.
C:\windows\system32\SET8131.tmp => moved successfully.
C:\windows\system32\SET707F.tmp => moved successfully.
C:\windows\system32\SET40FD.tmp => moved successfully.
C:\windows\system32\SET34CF.tmp => moved successfully.
C:\windows\system32\SET2AAC.tmp => moved successfully.
C:\windows\system32\SET1461.tmp => moved successfully.
C:\windows\system32\SETF81D.tmp => moved successfully.
C:\windows\system32\SETF170.tmp => moved successfully.
C:\windows\system32\SETE618.tmp => moved successfully.
C:\windows\system32\SETE237.tmp => moved successfully.
C:\windows\system32\SETB7A8.tmp => moved successfully.
C:\windows\system32\SET9168.tmp => moved successfully.
C:\windows\system32\SET84F2.tmp => moved successfully.
C:\windows\system32\SET7C7D.tmp => moved successfully.
C:\windows\system32\SET44CE.tmp => moved successfully.
C:\windows\system32\SET3803.tmp => moved successfully.
C:\windows\system32\SET2E8D.tmp => moved successfully.
C:\windows\system32\SET1841.tmp => moved successfully.
C:\ProgramData\1423622981.bdinstall.bin => moved successfully.
C:\ProgramData\1429573007.bdinstall.bin => moved successfully.
C:\ProgramData\1429573245.bdinstall.bin => moved successfully.
C:\ProgramData\1434137700.bdinstall.bin => moved successfully.
"C:\Users\Monica\advanced-systemcare-setup.exe" => File/Folder not found.
EmptyTemp: => 1.9 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 19:31:35 ====

:rose:
 
This is the adclean logfile:

# AdwCleaner v4.207 - Logfile created 26/06/2015 at 19:56:41
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Monica - KENNY
# Running from : C:\Users\Monica\Desktop\adwcleaner_4.207.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\user.js
Folder Found : C:\Program Files (x86)\Scrabble Plus
Folder Found : C:\Program Files (x86)\Video Converter
Folder Found : C:\ProgramData\EmailNotifier
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Monica\AppData\Local\PackageAware
Folder Found : C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
Folder Found : C:\Users\Monica\AppData\Roaming\Scrabble Plus
Folder Found : C:\Users\Public\Documents\iWin

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Email Notifier
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1634 bytes] - [26/06/2015 19:56:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1693 bytes] ##########

Email Notifier is a Gmail process, that I think I will delete, because I really don't use it. I would like to know why is the Video Converter considered as an adware file. Scrableplus is one of my preferred games. I will not proceed with the deletion until you check it.
 
Hi, Monka.

The most recent results of detections of Video Converter are at VirusTotal. This is largely due to the inclusion of Conduit adware. If you wish to keep it, we can handle that. Just let me know.

We can check Scrabble Plus further. Please download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe

Important: Save it to your desktop.
  • Double-click CKScanner.exe (Right-click and select "Run as administrator" in Windows Vista/Windows 7).
  • Give permission if necessary, and click Search For Files.
  • After a very short time, when the cursor hour glass disappears, click Save List To File.
  • A message box will verify the file saved. Please run the program once only.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
 
Corrine said:
Hi, Monka.

The most recent results of detections of Video Converter are at VirusTotal. This is largely due to the inclusion of Conduit adware. If you wish to keep it, we can handle that. Just let me know.

We can check Scrabble Plus further. Please download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe

Important: Save it to your desktop.
  • Double-click CKScanner.exe (Right-click and select "Run as administrator" in Windows Vista/Windows 7).
  • Give permission if necessary, and click Search For Files.
  • After a very short time, when the cursor hour glass disappears, click Save List To File.
  • A message box will verify the file saved. Please run the program once only.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
Click to expand...

No it's fine. I will delete it. I was just curious. I will run the next scan now.
 
Ad removal log:

# AdwCleaner v4.207 - Logfile created 26/06/2015 at 22:24:32
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Monica - KENNY
# Running from : C:\Users\Monica\Desktop\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\EmailNotifier
Folder Deleted : C:\Users\Public\Documents\iWin
Folder Deleted : C:\Program Files (x86)\Video Converter
[x] Not Deleted : C:\Program Files (x86)\Scrabble Plus
Folder Deleted : C:\Users\Monica\AppData\Local\PackageAware
[x] Not Deleted : C:\Users\Monica\AppData\Roaming\Scrabble Plus
Folder Deleted : C:\Users\Monica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
File Deleted : C:\Users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\j69pi91f.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Email Notifier
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Converter

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [1776 bytes] - [26/06/2015 19:56:41]
AdwCleaner[S0].txt - [1731 bytes] - [26/06/2015 22:24:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1790 bytes] ##########

The PC is responding so much well. The right click on the desktop is faster, and also the opening of programs. However, I continue having issues with stop responding of applications and files at their opening, as well as the right click in Firefox, that make it unresponsive for a while before to open the popup window. I'll run the new scanner now.
 
I can't open the CKScanner because become unresponsive when I click to start the search.:noidea:
 
Corrine, I can't run the CKScanner because become unresponsive at opening.
 
Hi, Monka.

CKScanner was for something else. It won't help with the issues with stop responding of applications. You can delete it from your desktop.

1. Let's see if JRT picks up anything else. Please download Junkware Removal Tool to your desktop.
  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

2. Regarding the issue with applications responding, there are a number of corruptions listed in your log. Please perform a SFC (System File Checker) scan which will check and attempt to fix any corrupted files on your system.
  • Since you have Windows 8.1, from the desktop, right-click the Windows logo in the bottom-left corner and select Command Prompt (Admin).
  • At the command prompt, type the following line, and then press ENTER: sfc /scannow (note the space before the slash)
  • When the scan is complete, if no errors are found, restart your computer and post back
  • Please let me know in your next reply if the message does not say "Windows resource protection did not find any integrity violations".
 
Corrine said:
Hi, Monka.

CKScanner was for something else. It won't help with the issues with stop responding of applications. You can delete it from your desktop.

1. Let's see if JRT picks up anything else. Please download Junkware Removal Tool to your desktop.
  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

2. Regarding the issue with applications responding, there are a number of corruptions listed in your log. Please perform a SFC (System File Checker) scan which will check and attempt to fix any corrupted files on your system.
  • Since you have Windows 8.1, from the desktop, right-click the Windows logo in the bottom-left corner and select Command Prompt (Admin).
  • At the command prompt, type the following line, and then press ENTER: sfc /scannow (note the space before the slash)
  • When the scan is complete, if no errors are found, restart your computer and post back
  • Please let me know in your next reply if the message does not say "Windows resource protection did not find any integrity violations".
Click to expand...

Here is the JRT results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.9 (06.27.2015:2)
OS: Windows 8.1 x64
Ran by Monica on Sat 06/27/2015 at 11:48:59.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Failed to delete: [Task] C:\windows\system32\tasks\Uninstaller_SkipUac_Monica
Successfully deleted: [Task] C:\windows\tasks\Uninstaller_SkipUac_Monica.job



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Monica\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\Users\Monica\AppData\Roaming\software informer



~~~ FireFox






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/27/2015 at 12:50:59.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I will run SFC again to see if after all of these fixing is working now. I did it about 3 times a few days ago and the result were always the same: SFC encountered corrupt files, but couldn't repair it. Lets see how goes now.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top