Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad popups and infection warning pops Chrome only


  • This topic is locked This topic is locked
2 replies to this topic

#1 Tarphy

Tarphy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 05 July 2015 - 03:13 PM

I have an issue with the Chrome browser. I get these pop-ups that say Ads by happysale. Sometimes they are almost browser sized and sometimes they are these little thumbnail sized ads. The larger ones are usually accompanied by a pop-up that warns me my computer is infected and that I should call the number provided and shut down my computer. The infection warning is a text as well as voice and is always much louder than normal sounds. I try to click the X to close it but another opens in its place with a new voice, but the other voice just continuues repeating itself. This hasn't happened while using Firefox, only Chrome. I have tried anti-malware bites, iobit malware, trendmicro and one other random free remover that I can't remember right now. I'm here because obviously none of them worked. I hope that we can get this fixed. I also ran a HijackThis scan and have that log saved if you need it as well.

 

Here is my FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Lori (administrator) on MOM on 05-07-2015 14:48:09
Running from C:\Users\Lori\Downloads
Loaded Profiles: Lori (Available Profiles: Lori)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\SPNativeMessage.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Trend Micro Inc.) C:\Users\Lori\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13877464 2015-07-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-43736663-4047551010-4035861022-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-43736663-4047551010-4035861022-1001\...\Run: [BitTorrent] => C:\Users\Lori\AppData\Roaming\BitTorrent\BitTorrent.exe [1696104 2015-06-06] (BitTorrent Inc.)
HKU\S-1-5-21-43736663-4047551010-4035861022-1001\...\MountPoints2: E - "E:\setup.exe"
HKU\S-1-5-21-43736663-4047551010-4035861022-1001\...\MountPoints2: F - "F:\Autorun.exe"
HKU\S-1-5-21-43736663-4047551010-4035861022-1001\...\MountPoints2: {c5082c9c-bdf9-11e3-824c-806e6f6e6963} - "D:\_AUTORUN\AUTORUN.EXE"
HKU\S-1-5-21-43736663-4047551010-4035861022-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [589312 2014-10-28] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\S-1-5-21-43736663-4047551010-4035861022-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.coupons.com/
SearchScopes: HKU\S-1-5-21-43736663-4047551010-4035861022-1001 -> {29E1A81D-A6DC-4BA0-AD07-1F4FB702BED8} URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-07-02] (IObit)
BHO: No Name -> {30A3E364-778F-491A-8611-AE8675E63932} ->  No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: No Name -> {D5C3D408-4820-45BE-A3E0-41F9C75F6CE8} ->  No File
BHO-x32: No Name -> {30A3E364-778F-491A-8611-AE8675E63932} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-19] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll [2015-04-02] (Perfect World Entertainment Inc)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO-x32: No Name -> {D5C3D408-4820-45BE-A3E0-41F9C75F6CE8} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-19] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3DB4415C-B9A5-4EE8-8F32-832B74E4A68D}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9st1u.default
FF NewTab: hxxp://search.swagbucks.com/?f=51
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Swagbucks
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.swagbucks.com/?f=51
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-19] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll [2015-04-02] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-43736663-4047551010-4035861022-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lori\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-19] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9st1u.default\user.js [2015-07-03]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9st1u.default\searchplugins\bingp.xml [2014-06-07]
FF SearchPlugin: C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9st1u.default\searchplugins\swagbucks.xml [2015-02-05]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9st1u.default\Extensions\iobitascsurfingprotection@iobit.com [2015-07-02]
FF Extension: No Name - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9st1u.default\Extensions\trash [2015-06-16]
FF Extension: SwagButton - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9st1u.default\Extensions\shopearn@prodege.com.xpi [2015-02-25]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-06]
CHR Extension: (Google Drive) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-06]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2015-07-02]
CHR Extension: (YouTube) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-06]
CHR Extension: (Google Search) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-06]
CHR Extension: (SwagButton) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-03-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-05]
CHR Extension: (Google Wallet) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-06]
CHR Extension: (Adblock Pro) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\npiddopaakjjggkianiobcjbigpnfiib [2015-07-02]
CHR Extension: (Gmail) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88584 2015-04-02] (Perfect World Entertainment Inc)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 1394843d; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\BorderlineEdit\BorderlineEdit.dll",serv
S4 Service KMSELDI;  [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [11944 2015-07-02] (Advanced Micro Devices Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-02] (REALiX™)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 phaudlwr; C:\Windows\system32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies)
S3 SPC620; C:\Windows\system32\drivers\SPC620.sys [581120 2007-09-28] (Philips                                                     )
S3 SPC620m; C:\Windows\system32\drivers\SPC620m.sys [8192 2007-09-28] (Philips                                                     )
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-04-06] (Basil Projects)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 14:48 - 2015-07-05 14:48 - 00016078 _____ C:\Users\Lori\Downloads\FRST.txt
2015-07-05 14:47 - 2015-07-05 14:48 - 00000000 ____D C:\FRST
2015-07-05 14:46 - 2015-07-05 14:46 - 02112512 _____ (Farbar) C:\Users\Lori\Downloads\FRST64.exe
2015-07-05 14:19 - 2015-07-05 14:23 - 00008484 _____ C:\Users\Lori\Downloads\hijackthis.log
2015-07-05 14:17 - 2015-07-05 14:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lori\Downloads\HijackThis.exe
2015-07-05 13:57 - 2015-07-05 13:57 - 00236080 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2015-07-05 13:56 - 2015-07-05 13:56 - 00353086 _____ C:\Users\Lori\AppData\Local\census.cache
2015-07-05 13:56 - 2015-07-05 13:56 - 00180964 _____ C:\Users\Lori\AppData\Local\ars.cache
2015-07-05 13:49 - 2015-07-05 13:49 - 00000010 _____ C:\Users\Lori\AppData\Local\sponge.last.runtime.cache
2015-07-05 13:40 - 2015-07-05 13:40 - 02494944 _____ (Trend Micro Inc.) C:\Users\Lori\Downloads\HousecallLauncher64.exe
2015-07-05 13:40 - 2015-07-05 13:40 - 00000036 _____ C:\Users\Lori\AppData\Local\housecall.guid.cache
2015-07-05 13:40 - 2013-09-27 21:56 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-07-05 13:11 - 2015-07-05 14:01 - 00000696 _____ C:\Windows\setupact.log
2015-07-05 13:11 - 2015-07-05 13:11 - 00000000 _____ C:\Windows\setuperr.log
2015-07-05 13:09 - 2015-07-05 14:00 - 00007540 _____ C:\Windows\PFRO.log
2015-07-03 00:55 - 2015-07-03 00:55 - 71884800 _____ C:\Windows\system32\config\SOFTWARE.iobit
2015-07-03 00:55 - 2015-07-03 00:55 - 00258048 _____ C:\Windows\system32\config\DEFAULT.iobit
2015-07-03 00:55 - 2015-07-03 00:55 - 00036864 _____ C:\Windows\system32\config\SAM.iobit
2015-07-03 00:55 - 2015-07-03 00:55 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
2015-07-02 22:06 - 2015-07-05 13:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-02 21:26 - 2015-07-02 21:26 - 00002319 _____ C:\Users\Lori\Desktop\Chrome App Launcher.lnk
2015-07-02 21:26 - 2015-07-02 21:26 - 00000000 ____D C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-02 21:01 - 2015-07-02 21:01 - 00011944 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\amdide64.sys
2015-07-02 20:59 - 2015-07-02 20:59 - 00881368 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2015-07-02 20:59 - 2015-07-02 20:59 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-07-02 20:58 - 2015-07-02 20:58 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-07-02 20:58 - 2015-07-02 20:58 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-07-02 20:58 - 2015-07-02 20:58 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-07-02 20:57 - 2015-07-02 20:57 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-07-02 20:57 - 2015-07-02 20:57 - 00000000 ____D C:\Program Files\Realtek
2015-07-02 20:56 - 2015-07-02 20:56 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-07-02 20:56 - 2015-07-02 20:56 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 12975360 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 12834736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 06242576 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-07-02 20:56 - 2015-07-02 20:56 - 05706688 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 05234952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 04464344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-07-02 20:56 - 2015-07-02 20:56 - 03262184 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 03218800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 03182104 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 02847448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 02789808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-07-02 20:56 - 2015-07-02 20:56 - 02532568 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 02048372 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-07-02 20:56 - 2015-07-02 20:56 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01933584 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01739992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01559744 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01499984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01413776 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01365768 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 01104040 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00995120 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00979280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00943784 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00858256 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00734376 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00684176 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00555664 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.DLL
2015-07-02 20:56 - 2015-07-02 20:56 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00454288 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00435856 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00369296 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00336144 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00329360 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00329360 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00328816 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00284944 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00250536 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00213432 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaemaxapo64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00168816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00096568 _____ C:\Windows\system32\audioLibVc.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-07-02 20:56 - 2015-07-02 20:56 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-07-02 20:54 - 2015-07-02 21:00 - 00000000 ____D C:\Windows\LastGood.Tmp
2015-07-02 20:54 - 2015-07-02 20:54 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 15864064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 12852152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-02 20:54 - 2015-07-02 20:54 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-02 20:54 - 2015-07-02 20:54 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-02 20:53 - 2015-07-02 20:53 - 42719888 _____ C:\Windows\system32\nvcompiler.dll
2015-07-02 20:53 - 2015-07-02 20:53 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-07-02 20:53 - 2015-07-02 20:53 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-07-02 20:44 - 2015-07-05 13:13 - 00002862 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Lori)
2015-07-02 20:44 - 2015-07-02 20:44 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-07-02 20:44 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2015-07-02 20:44 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2015-07-02 20:42 - 2015-07-02 20:42 - 00000000 ____D C:\Users\Lori\AppData\Roaming\ProductData
2015-07-02 20:41 - 2015-07-05 13:40 - 00000284 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Lori.job
2015-07-02 20:41 - 2015-07-05 13:14 - 00002382 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Lori
2015-07-02 20:41 - 2015-07-05 13:14 - 00000000 ____D C:\ProgramData\ProductData
2015-07-02 20:41 - 2015-07-02 20:44 - 00000000 ____D C:\Users\Lori\AppData\Roaming\IObit
2015-07-02 20:41 - 2015-07-02 20:41 - 00001244 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-07-02 20:41 - 2015-07-02 20:41 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2015-07-02 20:41 - 2015-07-02 20:41 - 00000000 ____D C:\Users\Lori\AppData\Roaming\Apple Computer
2015-07-02 20:41 - 2015-07-02 20:41 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-07-02 20:40 - 2015-07-05 13:27 - 00000000 ____D C:\Program Files (x86)\IObit
2015-07-02 20:40 - 2015-07-05 13:14 - 00000000 ____D C:\ProgramData\IObit
2015-07-02 20:39 - 2015-07-02 20:40 - 47736096 _____ (IObit) C:\Users\Lori\Downloads\advanced-systemcare-setup.exe
2015-06-30 13:50 - 2015-06-30 13:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-06-29 20:15 - 2015-06-29 20:20 - 00005120 _____ C:\Users\Lori\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-28 02:18 - 2015-06-28 02:18 - 00002220 _____ C:\Users\Lori\Documents\searching.txt
2015-06-19 15:47 - 2015-06-19 15:47 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-19 15:47 - 2015-06-19 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-18 04:16 - 2015-06-18 04:16 - 00000687 _____ C:\awh16C1.tmp
2015-06-12 23:48 - 2015-06-12 23:50 - 125237248 _____ C:\Users\Lori\Downloads\rt3_coast_to_coast_eng(1).exe
2015-06-12 23:47 - 2015-06-12 23:47 - 00000771 _____ C:\Users\Lori\Downloads\105_106_RT3_Vista_Fix.zip
2015-06-12 21:52 - 2015-06-12 21:52 - 00000000 ____D C:\Users\Lori\AppData\Local\9555
2015-06-12 21:51 - 2015-06-12 21:51 - 00000840 _____ C:\Users\Public\Desktop\Railroad Tycoon 3.lnk
2015-06-12 21:51 - 2015-06-12 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Railroad Tycoon 3
2015-06-12 21:49 - 2015-06-12 23:52 - 00000000 ____D C:\Program Files (x86)\Railroad Tycoon 3
2015-06-12 21:38 - 2015-06-12 21:38 - 02202773 _____ C:\Users\Lori\Downloads\RT3_103_ENG.exe
2015-06-12 21:36 - 2015-06-12 21:36 - 00003114 _____ C:\Windows\System32\Tasks\{D6F2B709-1439-495C-B719-EB621C3131DD}
2015-06-12 21:35 - 2015-06-12 21:35 - 02232832 _____ C:\Users\Lori\Downloads\RT3_105_eng.exe
2015-06-12 20:26 - 2015-06-12 20:26 - 00003142 _____ C:\Windows\System32\Tasks\{65D1C707-F664-4623-80B3-5C0935737E29}
2015-06-12 18:40 - 2015-06-12 18:40 - 00003142 _____ C:\Windows\System32\Tasks\{FF0A5CE8-AC99-4B7A-AEEB-8B3C209203C6}
2015-06-12 18:11 - 2015-06-19 01:32 - 00043520 _____ C:\Windows\SysWOW64\CmdLineExt03.dll
2015-06-12 18:07 - 2015-06-12 18:10 - 00000000 ____D C:\Program Files\railroad tycoon 3
2015-06-09 17:58 - 2015-06-09 18:00 - 00000000 ____D C:\ProgramData\11957683098593254999
2015-06-09 17:37 - 2015-07-05 09:47 - 00000024 _____ C:\Users\Lori\AppData\Roaming\appdataFr25.bin
2015-06-09 16:33 - 2015-05-27 09:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 16:33 - 2015-05-25 08:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 16:33 - 2015-05-25 08:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 16:33 - 2015-05-22 08:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-09 16:33 - 2015-05-21 08:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-09 16:33 - 2015-05-21 08:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-09 16:33 - 2015-05-21 08:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-09 16:33 - 2015-05-21 08:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-09 16:33 - 2015-05-21 08:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-09 16:33 - 2015-05-21 08:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-09 16:33 - 2015-04-24 21:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 16:33 - 2015-04-24 21:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 16:33 - 2015-04-16 17:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-09 16:33 - 2015-04-16 01:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-09 16:33 - 2015-04-13 17:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-09 16:33 - 2015-04-13 17:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-09 16:33 - 2015-04-09 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-09 16:33 - 2015-04-09 19:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-09 16:33 - 2015-04-08 17:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-09 16:33 - 2015-04-08 17:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-09 16:33 - 2015-04-01 17:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-09 16:33 - 2015-04-01 17:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-09 16:33 - 2015-03-31 23:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-09 16:33 - 2015-03-31 23:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-09 16:33 - 2015-03-31 23:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-09 16:33 - 2015-03-31 23:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-09 16:33 - 2015-03-31 22:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-09 16:33 - 2015-03-31 22:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-09 16:33 - 2015-03-31 22:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-09 16:33 - 2015-03-31 21:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-09 16:33 - 2015-03-31 21:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-09 16:33 - 2015-03-31 21:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-09 16:33 - 2015-03-31 21:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-09 16:33 - 2015-03-31 21:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-09 16:33 - 2015-03-31 21:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-09 16:33 - 2015-03-19 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-09 16:33 - 2015-03-19 22:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-09 16:33 - 2015-03-19 21:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-09 16:33 - 2015-03-19 21:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-09 16:33 - 2015-03-01 20:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-09 16:33 - 2015-03-01 20:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-09 16:32 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 16:32 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 16:32 - 2015-05-22 22:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 16:32 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 16:32 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 16:32 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 16:32 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 16:32 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 16:32 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 16:32 - 2015-05-22 21:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 16:32 - 2015-05-22 21:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 16:32 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 16:32 - 2015-05-22 21:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 16:32 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 16:32 - 2015-05-22 21:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 16:32 - 2015-05-22 21:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 16:32 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 16:32 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 16:32 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 16:32 - 2015-05-22 14:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 16:32 - 2015-05-22 14:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 16:32 - 2015-05-22 14:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 16:32 - 2015-05-22 13:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 16:32 - 2015-05-22 13:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 16:32 - 2015-05-22 13:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 16:32 - 2015-05-22 13:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 16:32 - 2015-05-22 13:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 16:32 - 2015-05-22 13:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 16:32 - 2015-05-22 13:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 16:32 - 2015-05-22 13:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 16:32 - 2015-05-22 13:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 16:32 - 2015-05-22 13:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 16:32 - 2015-05-22 13:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 16:32 - 2015-05-22 13:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 16:32 - 2015-05-22 12:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 16:32 - 2015-05-22 12:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 16:32 - 2015-05-22 12:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 16:32 - 2015-05-22 12:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 16:32 - 2015-05-22 12:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 16:32 - 2015-05-21 11:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-06 16:42 - 2015-06-06 16:42 - 00661456 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110.dll
2015-06-06 16:41 - 2015-06-06 16:41 - 00000000 ____D C:\ProgramData\TEMP
2015-06-06 16:41 - 2015-02-17 11:20 - 00021040 _____ (Dll-Files.com) C:\Windows\system32\roboot64.exe
2015-06-06 16:40 - 2015-06-06 16:40 - 05400184 _____ (Dll-Files.com ) C:\Users\Lori\Downloads\dffsetup-msvcp110.exe
2015-06-06 16:24 - 2015-06-06 16:24 - 06554576 _____ (Microsoft Corporation) C:\Users\Lori\Downloads\vcredist_x86.exe
2015-06-06 16:10 - 2015-06-06 16:10 - 00000000 ____D C:\Users\Lori\AppData\Local\Stardock
2015-06-06 16:10 - 2015-06-06 16:10 - 00000000 ____D C:\ProgramData\Stardock
2015-06-06 16:04 - 2015-06-06 16:04 - 00000000 ____D C:\Users\Lori\AppData\Roaming\Steam
2015-06-06 16:03 - 2015-06-18 12:34 - 00000000 ____D C:\Program Files (x86)\BorderlineEdit
2015-06-06 16:03 - 2015-06-06 16:03 - 00001256 _____ C:\Users\Public\Desktop\Galactic Civilizations III.lnk
2015-06-06 16:03 - 2015-06-06 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Galactic Civilizations III
2015-06-06 15:38 - 2015-06-06 16:03 - 00000000 ____D C:\Program Files (x86)\Galactic Civilizations III
2015-06-06 03:09 - 2015-06-06 03:30 - 00000000 ____D C:\Users\Lori\Downloads\Galactic Civilizations III [SimpleSetup]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 14:41 - 2014-04-07 07:05 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-05 14:25 - 2014-04-06 19:29 - 01978944 _____ C:\Windows\WindowsUpdate.log
2015-07-05 14:07 - 2014-04-06 19:46 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-43736663-4047551010-4035861022-1001
2015-07-05 14:01 - 2014-04-06 20:56 - 00000000 ___DO C:\Users\Lori\SkyDrive
2015-07-05 14:00 - 2014-04-07 07:05 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-05 14:00 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-05 13:59 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-05 13:57 - 2014-04-06 21:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-05 13:57 - 2014-04-06 19:37 - 00000000 ____D C:\Users\Lori
2015-07-05 13:57 - 2014-04-06 19:35 - 00000000 ____D C:\Program Files\KMSpico
2015-07-05 13:23 - 2015-03-31 10:56 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-05 13:22 - 2015-03-31 10:57 - 00000000 ____D C:\Users\Lori\AppData\Roaming\Opera Software
2015-07-05 13:22 - 2015-03-31 10:57 - 00000000 ____D C:\Users\Lori\AppData\Local\Opera Software
2015-07-05 13:11 - 2014-04-06 19:46 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-05 13:09 - 2014-04-06 21:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 13:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-05 09:14 - 2014-06-14 15:56 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DFC5BB59-41A1-4475-9620-F856CA18B342}
2015-07-05 05:08 - 2014-04-09 00:51 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-05 03:33 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-04 23:32 - 2014-09-12 18:01 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-03 00:56 - 2015-04-16 16:04 - 00000000 ____D C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sim Tower
2015-07-03 00:56 - 2014-06-14 16:07 - 00000000 ____D C:\Users\Lori\AppData\Roaming\BitTorrent
2015-07-03 00:56 - 2014-04-06 22:09 - 00000000 ____D C:\Windows\Panther
2015-07-02 20:58 - 2014-03-21 01:02 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-07-02 20:55 - 2014-07-30 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-02 20:54 - 2014-04-06 19:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-07-02 20:54 - 2014-03-21 01:03 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-07-02 20:54 - 2014-03-21 01:03 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-02 20:54 - 2014-03-21 01:02 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-07-02 20:53 - 2014-03-21 01:02 - 03379680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-30 23:39 - 2015-04-23 12:27 - 00000899 _____ C:\Users\Lori\Documents\results.txt
2015-06-24 13:21 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-23 18:57 - 2014-04-06 21:12 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-19 22:02 - 2015-03-13 09:28 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-19 22:02 - 2015-03-13 09:28 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 15:47 - 2014-10-14 22:44 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-19 15:47 - 2014-07-13 12:20 - 00000000 ____D C:\ProgramData\Oracle
2015-06-19 15:39 - 2015-03-31 10:59 - 00000000 __SHD C:\Users\Lori\AppData\Local\EmieBrowserModeList
2015-06-19 15:39 - 2014-06-14 15:56 - 00000000 __SHD C:\Users\Lori\AppData\Local\EmieUserList
2015-06-19 15:39 - 2014-06-14 15:56 - 00000000 __SHD C:\Users\Lori\AppData\Local\EmieSiteList
2015-06-18 12:38 - 2014-10-16 21:44 - 00000000 ____D C:\Users\Lori\AppData\Local\Adobe
2015-06-13 09:33 - 2015-03-31 10:38 - 00000000 ____D C:\Users\Lori\AppData\Local\Torch
2015-06-12 23:56 - 2014-06-14 21:28 - 00000000 ____D C:\Users\Lori\Downloads\temp unzips
2015-06-12 21:49 - 2014-06-15 08:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-10 03:41 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-06-10 01:51 - 2013-08-22 09:44 - 00362544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 01:43 - 2014-12-12 10:00 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 01:43 - 2014-07-09 02:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 01:43 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-10 01:43 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-09 19:13 - 2014-04-10 05:09 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 19:03 - 2014-04-10 05:08 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-06 16:42 - 2012-11-05 19:20 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2015-06-06 16:25 - 2014-08-15 23:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-06 16:04 - 2014-09-13 12:35 - 00000000 ____D C:\Users\Lori\Documents\My Games

==================== Files in the root of some directories =======

2015-06-09 17:37 - 2015-07-05 09:47 - 0000024 _____ () C:\Users\Lori\AppData\Roaming\appdataFr25.bin
2015-07-05 13:56 - 2015-07-05 13:56 - 0180964 _____ () C:\Users\Lori\AppData\Local\ars.cache
2015-07-05 13:56 - 2015-07-05 13:56 - 0353086 _____ () C:\Users\Lori\AppData\Local\census.cache
2015-06-29 20:15 - 2015-06-29 20:20 - 0005120 _____ () C:\Users\Lori\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-05 13:40 - 2015-07-05 13:40 - 0000036 _____ () C:\Users\Lori\AppData\Local\housecall.guid.cache
2014-04-07 16:38 - 2014-07-01 23:04 - 0007606 _____ () C:\Users\Lori\AppData\Local\resmon.resmoncfg
2015-07-05 13:49 - 2015-07-05 13:49 - 0000010 _____ () C:\Users\Lori\AppData\Local\sponge.last.runtime.cache
2015-07-02 20:58 - 2015-07-02 20:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Lori\AppData\Local\Temp\ASCSetup_158300109.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-28 05:54

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 08 July 2015 - 09:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
HKU\S-1-5-21-43736663-4047551010-4035861022-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.coupons.com/
BHO: No Name -> {30A3E364-778F-491A-8611-AE8675E63932} ->  No File
BHO: No Name -> {D5C3D408-4820-45BE-A3E0-41F9C75F6CE8} ->  No File
BHO-x32: No Name -> {30A3E364-778F-491A-8611-AE8675E63932} ->  No File
BHO-x32: No Name -> {D5C3D408-4820-45BE-A3E0-41F9C75F6CE8} ->  No File
FF user.js: detected! => C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9st1u.default\user.js [2015-07-03]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9st1u.default\searchplugins\bingp.xml [2014-06-07]
FF SearchPlugin: C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9st1u.default\searchplugins\swagbucks.xml [2015-02-05]
FF Extension: SwagButton - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9st1u.default\Extensions\shopearn@prodege.com.xpi [2015-02-25]
CHR Extension: (SwagButton) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-03-10]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
S4 Service KMSELDI;  [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
Task: {F1699A44-9578-4C6D-AD83-236CB77501DB} - \AutoPico Daily Restart No Task File <==== ATTENTION
C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\7eu9st1u.default\Extensions\shopearn@prodege.com.xpi
C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Get the latest version of AdwCleaner and run it.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:29 PM

Posted 13 July 2015 - 07:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users