Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome infected by unfindable adware!


  • This topic is locked This topic is locked
31 replies to this topic

#1 Bonscottmc

Bonscottmc

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide, Australia
  • Local time:07:54 PM

Posted 25 August 2015 - 05:57 AM

I've been getting random adware or whatever it's called popping up in Chrome on and off. Mainly popups, random hyperlinked words, popups from clicking on blank spaces and audio ads playing from nowhere. They appear to come and go at times.. I linked a couple of screenshots from my computer. Here's some noticeable names I've seen on the ads if they help - Ads by DNSUnlocker, Enhanced Shopping Assistant, and Best Price Ninja. I'm currently using Internet Explorer to post this atm because they were making Bleeping Computer unusable on Chrome just before. I did quickly check back with Chrome again and what do you know, they've disappeared... Losing my marbles here.


http://i.imgur.com/YaeE1NR.png

http://i.imgur.com/KYyG87b.png


I've uninstalled extensions. There's no suspicious processes in Chromes task manager. A full scan with Malwarebytes shows nothing. I've tried the ESET online scanner, AdwCleaner, HitmanPro, and Spybot, but they show nothing either...

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015
Ran by Bon-Scott (administrator) on PC-THESTRANGE2 (25-08-2015 19:54:46)
Running from D:\My Documents\Downloads
Loaded Profiles: Bon-Scott (Available Profiles: Bon-Scott & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
() C:\GIGABYTE FORCE\GIGABYTE FORCE.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
() C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRCrawler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-10-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-27] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-11-05] (Alienware)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [4593968 2013-11-16] ()
HKLM-x32\...\Run: [GMouse] => C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE [667648 2011-11-08] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\C2MP\CodecUACManager.exe [60416 2015-03-06] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-101829640-3760190246-2592586367-1002\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\C2MP\UpdateChecker.exe"
HKU\S-1-5-21-101829640-3760190246-2592586367-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-04-05]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2015-03-06]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-04-05]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{F9D8E17A-8670-4D39-AFBE-9B599BB85B1A}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\SYSTEM32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\SYSTEM32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-101829640-3760190246-2592586367-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-101829640-3760190246-2592586367-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-au
HKU\S-1-5-21-101829640-3760190246-2592586367-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alienwarearena.com/welcome-au
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-101829640-3760190246-2592586367-1002 -> DefaultScope {F7A2008A-681D-4C01-A891-A47696A25B74} URL =
SearchScopes: HKU\S-1-5-21-101829640-3760190246-2592586367-1002 -> {F7A2008A-681D-4C01-A891-A47696A25B74} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-24] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{1EC14DCF-EB39-4E55-A996-C6E6CB4F9DB6}: [DhcpNameServer] 192.168.43.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-24] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-25] (Google Inc.)
FF Plugin HKU\S-1-5-21-101829640-3760190246-2592586367-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-07-24] ()
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-07-01]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2015-03-14]

Chrome:
=======
CHR Profile: C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-25]
CHR Extension: (Google Drive) - C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-25]
CHR Extension: (YouTube) - C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-25]
CHR Extension: (Google Search) - C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-25]
CHR Extension: (Google Sheets) - C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-25]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-08-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-25]
CHR Extension: (FireMobileSimulator for Google Chrome™) - C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkihbloiacgiofaejgagokalpeflnmbe [2015-08-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-25]
CHR Extension: (Click&Clean App) - C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-08-25]
CHR Extension: (Gmail) - C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-25]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-04-15] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2013-08-07] (CyberLink)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-23] (Dell Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-02] (iolo technologies, LLC)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-07-24] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [288472 2013-09-14] (Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-04-15] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2014-04-05] (Broadcom Corporation)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-14] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-23] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-11] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-11] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-12] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [163536 2013-03-21] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-19] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [83456 2013-08-07] (STMicroelectronics)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-25 19:54 - 2015-08-25 19:55 - 00000000 ____D C:\FRST
2015-08-25 19:31 - 2015-08-25 19:31 - 00002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-25 19:31 - 2015-08-25 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-25 19:30 - 2015-08-25 19:36 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-25 19:30 - 2015-08-25 19:35 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-25 19:30 - 2015-08-25 19:30 - 00003906 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-25 19:30 - 2015-08-25 19:30 - 00003670 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-25 06:24 - 2015-08-25 06:24 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-08-25 06:24 - 2015-08-25 06:24 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2015-08-25 05:48 - 2015-08-25 05:48 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-25 05:44 - 2015-08-25 06:25 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-25 05:44 - 2015-08-25 06:24 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-25 05:36 - 2015-08-25 05:36 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-25 05:06 - 2015-08-25 05:06 - 00023112 _____ C:\WINDOWS\system32\Drivers\hitmanpro35.sys
2015-08-25 05:03 - 2015-08-25 05:03 - 00000000 ____D C:\ProgramData\Hitman Pro
2015-08-24 22:20 - 2015-08-24 22:20 - 00000000 ____D C:\Users\Bon-Scott\AppData\Roaming\XRay Engine
2015-08-22 19:05 - 2015-08-22 19:05 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-19 14:23 - 2015-08-11 10:50 - 25191936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-19 14:23 - 2015-08-11 09:50 - 19871232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-15 11:06 - 2015-08-15 11:06 - 00000780 _____ C:\Users\Bon-Scott\Desktop\Adobe Photoshop CC 2015.lnk
2015-08-15 11:05 - 2015-08-15 11:05 - 00000780 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2015-08-15 10:44 - 2015-08-15 10:44 - 00000866 _____ C:\Users\Bon-Scott\Desktop\S.T.A.L.K.E.R - Call Of Pripyat.lnk
2015-08-15 10:44 - 2015-08-15 10:44 - 00000000 ____D C:\Users\Bon-Scott\AppData\Roaming\S.T.A.L.K.E.R - Call Of Pripyat
2015-08-15 10:13 - 2015-08-15 10:13 - 00000905 _____ C:\Users\Bon-Scott\Desktop\S.T.A.L.K.E.R - Clear Sky.lnk
2015-08-15 10:13 - 2015-08-15 10:13 - 00000000 ____D C:\Users\Bon-Scott\AppData\Roaming\S.T.A.L.K.E.R - Clear Sky
2015-08-15 09:58 - 2015-08-15 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-08-15 09:58 - 2015-08-15 09:58 - 00000947 _____ C:\Users\Bon-Scott\Desktop\S.T.A.L.K.E.R - Shadow of Chernobyl.lnk
2015-08-15 09:58 - 2015-08-15 09:58 - 00000000 ____D C:\Users\Bon-Scott\AppData\Roaming\S.T.A.L.K.E.R - Shadow of Chernobyl
2015-08-14 17:37 - 2015-08-14 17:37 - 00002151 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-08-14 17:37 - 2015-08-07 13:52 - 00573048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-08-14 17:36 - 2015-08-07 20:36 - 42840184 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 37819000 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 22520624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 18540336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 16630096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 15510112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 14928048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 13656016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 12179496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 11076216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-08-14 17:36 - 2015-08-07 20:36 - 02937648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 02624816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 01898104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435560.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 01558832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435560.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 01063216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 01059960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 00985208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 00931448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 00512720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 00421544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 00408184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-08-14 17:36 - 2015-08-07 20:36 - 00364152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-08-13 14:47 - 2015-08-13 14:47 - 00000000 ____D C:\Program Files\The Matrix Trilogy Screensaver
2015-08-13 14:36 - 2015-08-13 14:36 - 00017926 _____ C:\WINDOWS\SysWOW64\Sun Village NV.log
2015-08-13 14:36 - 2015-08-13 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
2015-08-13 14:36 - 2015-08-13 14:36 - 00000000 ____D C:\Program Files (x86)\Sun Village NV 3D Screensaver
2015-08-13 14:36 - 2009-11-17 13:35 - 00587776 _____ (3Planesoft) C:\WINDOWS\SysWOW64\Sun_Village_NV_3D_Screensaver.scr
2015-08-13 14:32 - 2015-08-13 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Another Matrix Screen Saver
2015-08-13 14:32 - 2015-08-13 14:32 - 00000000 ____D C:\Program Files (x86)\Another Matrix Screen Saver
2015-08-12 12:10 - 2015-08-25 19:44 - 00000000 ____D C:\Users\Bon-Scott\AppData\Local\ClassicShell
2015-08-12 12:10 - 2015-08-12 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-08-12 12:10 - 2015-08-12 12:10 - 00000000 ____D C:\Program Files\Classic Shell
2015-08-12 11:29 - 2015-08-12 11:43 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-12 11:15 - 2015-08-12 11:15 - 00000000 ___HD C:\$Windows.~BT
2015-08-12 10:57 - 2015-08-12 10:57 - 00000933 _____ C:\Users\Bon-Scott\Desktop\Alan Wake's American Nightmare.lnk
2015-08-12 10:57 - 2015-08-12 10:57 - 00000000 ____D C:\Users\Bon-Scott\AppData\Roaming\Alan Wake's American Nightmare
2015-08-12 10:57 - 2015-08-12 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alan Wake's American Nightmare
2015-08-12 10:51 - 2015-08-12 14:24 - 00000793 _____ C:\Users\Bon-Scott\Desktop\Alan Wake.lnk
2015-08-12 10:51 - 2015-08-12 10:51 - 00000000 ____D C:\Users\Bon-Scott\AppData\Roaming\Alan Wake
2015-08-12 10:51 - 2015-08-12 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alan Wake
2015-08-12 09:59 - 2015-07-30 23:34 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:59 - 2015-07-30 23:18 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:52 - 2015-07-19 11:28 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 09:52 - 2015-07-19 04:21 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 09:52 - 2015-07-19 04:01 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 09:52 - 2015-07-19 04:01 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 09:52 - 2015-07-19 04:01 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 09:52 - 2015-07-19 03:59 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 09:52 - 2015-07-19 03:59 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 09:52 - 2015-07-19 03:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 09:52 - 2015-07-19 03:58 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 09:52 - 2015-07-19 03:42 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 09:52 - 2015-07-19 03:40 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 09:52 - 2015-07-19 03:39 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 09:51 - 2015-07-29 08:54 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-12 09:51 - 2015-07-28 23:54 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-12 09:51 - 2015-07-28 23:54 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-12 09:51 - 2015-07-28 23:54 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-12 09:51 - 2015-07-28 23:54 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-12 09:51 - 2015-07-28 23:54 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-12 09:51 - 2015-07-28 23:54 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-12 09:51 - 2015-07-17 06:06 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 09:51 - 2015-07-17 06:06 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 09:51 - 2015-07-17 06:05 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 09:51 - 2015-07-17 05:56 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 09:51 - 2015-07-17 05:53 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 09:51 - 2015-07-17 05:51 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 09:51 - 2015-07-17 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 09:51 - 2015-07-17 05:21 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 09:51 - 2015-07-17 05:20 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 09:51 - 2015-07-17 05:15 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 09:51 - 2015-07-17 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 09:51 - 2015-07-17 05:11 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 09:51 - 2015-07-17 05:09 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 09:51 - 2015-07-17 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 09:51 - 2015-07-17 05:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 09:51 - 2015-07-17 05:04 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 09:51 - 2015-07-17 05:02 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 09:51 - 2015-07-17 04:44 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 09:51 - 2015-07-17 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 09:51 - 2015-07-17 04:42 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 09:51 - 2015-07-17 04:42 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 09:51 - 2015-07-17 04:40 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 09:51 - 2015-07-17 04:36 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 09:51 - 2015-07-17 04:31 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 09:51 - 2015-07-17 04:22 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 09:51 - 2015-07-17 04:19 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 09:51 - 2015-07-17 04:12 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 09:51 - 2015-07-17 04:08 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 09:51 - 2015-07-17 04:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 09:51 - 2015-07-16 09:59 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 09:51 - 2015-07-16 09:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 09:51 - 2015-07-16 09:59 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 09:51 - 2015-07-16 09:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 09:51 - 2015-07-11 03:24 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 09:51 - 2015-07-07 19:10 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 09:51 - 2015-07-07 19:10 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 09:51 - 2015-07-07 19:10 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-12 09:51 - 2015-07-02 07:49 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 09:51 - 2015-07-02 07:46 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 09:51 - 2015-07-02 07:07 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 09:51 - 2015-07-02 07:05 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 09:51 - 2015-06-13 02:33 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 09:51 - 2015-06-13 02:06 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 09:51 - 2015-06-10 03:57 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-12 09:49 - 2015-07-30 00:07 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 09:49 - 2015-07-30 00:00 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 09:49 - 2015-07-29 23:53 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 09:49 - 2015-07-25 04:27 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 09:49 - 2015-07-25 04:27 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 09:49 - 2015-07-25 04:22 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 09:49 - 2015-07-25 02:57 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 09:49 - 2015-07-25 02:53 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 09:49 - 2015-07-15 07:29 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-12 09:49 - 2015-07-15 07:29 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-12 09:49 - 2015-07-15 07:29 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-12 09:49 - 2015-07-14 12:52 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 09:49 - 2015-07-14 12:51 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 09:49 - 2015-07-14 05:16 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 09:49 - 2015-07-14 05:15 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 09:49 - 2015-07-11 03:49 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 09:49 - 2015-07-11 03:12 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 09:49 - 2015-07-11 02:44 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 09:49 - 2015-07-11 02:43 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 09:49 - 2015-07-11 02:17 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 09:49 - 2015-07-11 02:01 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 09:49 - 2015-07-10 02:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 09:49 - 2015-07-10 02:43 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 09:49 - 2015-07-10 02:00 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 09:49 - 2015-06-12 05:42 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-12 09:49 - 2015-06-12 05:42 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 09:49 - 2015-05-12 09:54 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-11 13:26 - 2015-08-11 13:26 - 00000222 _____ C:\Users\Bon-Scott\Desktop\the static speaks my name.url
2015-08-09 09:32 - 2015-08-09 09:32 - 00289216 _____ (IvoSoft) C:\WINDOWS\system32\StartMenuHelper64.dll
2015-08-09 09:32 - 2015-08-09 09:32 - 00247744 _____ (IvoSoft) C:\WINDOWS\SysWOW64\StartMenuHelper32.dll
2015-08-01 17:19 - 2015-08-01 17:19 - 00000000 ____D C:\NVIDIA
2015-08-01 17:11 - 2015-08-01 17:21 - 00001395 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-08-01 17:09 - 2015-08-01 17:11 - 00000000 ____D C:\Users\Bon-Scott\AppData\Local\NVIDIA
2015-08-01 17:09 - 2015-07-24 13:51 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-08-01 17:09 - 2015-07-24 13:51 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-08-01 17:09 - 2015-07-24 13:51 - 01423304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-08-01 17:09 - 2015-07-24 13:51 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-08-01 17:09 - 2015-07-03 13:58 - 00069992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-08-01 17:09 - 2015-07-03 13:58 - 00065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-08-01 17:09 - 2015-07-03 13:58 - 00047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-08-01 16:52 - 2015-08-07 20:36 - 14673920 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-08-01 16:52 - 2015-07-25 08:58 - 00460976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvstusb.sys
2015-08-01 16:52 - 2015-07-25 08:58 - 00204648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-08-01 16:52 - 2015-07-25 08:58 - 00040280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-08-01 16:42 - 2015-07-23 13:36 - 01898128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435362.dll
2015-08-01 16:42 - 2015-07-23 13:36 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435362.dll
2015-08-01 16:39 - 2015-06-27 08:51 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-25 19:53 - 2015-01-15 01:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-25 19:43 - 2014-04-05 09:07 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2015-08-25 19:42 - 2015-01-14 21:32 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-101829640-3760190246-2592586367-1002
2015-08-25 19:40 - 2014-04-05 09:03 - 00883448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-25 19:37 - 2015-03-12 22:19 - 01609347 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-25 19:37 - 2014-04-05 09:01 - 00003278 _____ C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2015-08-25 19:36 - 2015-03-14 18:44 - 00009604 _____ C:\WINDOWS\PFRO.log
2015-08-25 19:36 - 2015-03-12 22:19 - 00018575 _____ C:\WINDOWS\setupact.log
2015-08-25 19:36 - 2015-01-14 22:10 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-25 19:36 - 2014-04-05 09:03 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-25 19:36 - 2013-08-23 00:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-25 19:31 - 2015-01-14 21:35 - 00000000 ____D C:\Users\Bon-Scott\AppData\Local\Google
2015-08-25 19:31 - 2015-01-14 21:35 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-25 19:30 - 2015-01-14 21:35 - 00000000 ____D C:\Users\Bon-Scott\AppData\Local\Deployment
2015-08-25 19:30 - 2013-08-23 01:06 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-25 19:27 - 2015-03-14 18:45 - 00000000 ____D C:\Program Files (x86)\DAP
2015-08-25 19:25 - 2015-01-16 19:36 - 24941568 _____ C:\Users\Bon-Scott\AppData\Local\SageThumbs.db3
2015-08-25 06:00 - 2013-08-23 01:06 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-25 05:03 - 2015-01-14 21:57 - 00000000 ____D C:\Users\Bon-Scott\AppData\Roaming\uTorrent
2015-08-23 20:03 - 2013-08-23 01:06 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-22 19:58 - 2015-03-12 22:22 - 00000000 ____D C:\AdwCleaner
2015-08-22 19:58 - 2013-08-22 22:55 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-22 19:16 - 2015-04-16 16:57 - 00000000 ____D C:\ProgramData\PCDr
2015-08-22 19:15 - 2015-01-14 22:59 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2015-08-22 19:15 - 2014-04-05 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2015-08-19 14:23 - 2013-08-23 00:50 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-19 02:01 - 2014-04-05 09:07 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-15 16:59 - 2015-01-14 21:25 - 00000000 ____D C:\Users\Bon-Scott
2015-08-15 15:34 - 2015-01-14 22:45 - 00000810 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-08-15 15:34 - 2015-01-14 22:45 - 00000000 ____D C:\Program Files\Speccy
2015-08-15 11:06 - 2015-01-14 21:25 - 00000000 ____D C:\Users\Bon-Scott\AppData\Local\VirtualStore
2015-08-15 11:05 - 2015-01-20 18:16 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-08-15 11:05 - 2015-01-20 18:15 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-15 11:05 - 2015-01-14 21:25 - 00000000 ____D C:\Users\Bon-Scott\AppData\Roaming\Adobe
2015-08-15 11:04 - 2015-01-20 18:05 - 00000000 ____D C:\ProgramData\Adobe
2015-08-14 18:12 - 2013-08-23 01:06 - 00000000 ____D C:\WINDOWS\rescache
2015-08-14 17:37 - 2015-01-15 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-14 17:37 - 2014-04-05 09:08 - 00000000 ____D C:\Temp
2015-08-14 17:37 - 2014-04-05 09:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-13 23:23 - 2015-04-12 17:07 - 00000000 ___RD C:\Users\Bon-Scott\Creative Cloud Files
2015-08-13 23:23 - 2015-01-15 01:01 - 00000000 ____D C:\Users\Bon-Scott\AppData\Local\Adobe
2015-08-13 23:17 - 2015-06-01 19:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-12 17:26 - 2015-01-20 18:22 - 00001090 _____ C:\Users\Bon-Scott\Desktop\Adobe Photoshop CC 2014.lnk
2015-08-12 13:53 - 2015-01-15 01:01 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-12 12:07 - 2015-01-14 21:39 - 00000000 ____D C:\Users\Bon-Scott\AppData\Roaming\ClassicShell
2015-08-12 11:36 - 2013-08-23 01:06 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-12 11:15 - 2014-04-05 09:27 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-12 11:10 - 2013-08-23 00:14 - 00355336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-12 11:09 - 2013-08-23 01:06 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 11:09 - 2013-08-23 01:06 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 11:09 - 2013-08-23 01:06 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-12 11:09 - 2013-08-23 01:06 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-12 09:58 - 2015-01-14 22:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-12 09:56 - 2015-01-14 22:40 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-12 09:55 - 2015-04-15 21:39 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-12 09:55 - 2015-01-15 03:07 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-12 09:55 - 2013-08-23 01:06 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 09:55 - 2013-08-23 01:06 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 13:26 - 2015-01-14 22:30 - 00000000 ____D C:\Users\Bon-Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-08-11 12:51 - 2014-05-04 05:09 - 00000000 ____D C:\Users\Bon-Scott\AppData\Local\Packages
2015-08-08 23:25 - 2013-08-23 01:08 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 23:25 - 2013-08-23 01:08 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 20:36 - 2015-06-01 19:38 - 17124832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-08-07 20:36 - 2015-06-01 19:38 - 12513288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-08-07 20:36 - 2015-06-01 19:38 - 03518248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-08-07 20:36 - 2015-06-01 19:38 - 03106384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-08-07 20:36 - 2014-04-05 09:02 - 00112760 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-08-07 20:36 - 2014-04-05 09:02 - 00105080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-08-07 20:36 - 2014-04-05 09:02 - 00033050 _____ C:\WINDOWS\system32\nvinfo.pb
2015-08-07 14:04 - 2014-04-05 09:03 - 06883448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-08-07 14:04 - 2014-04-05 09:03 - 03492144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-08-07 14:04 - 2014-04-05 09:03 - 02558768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-08-07 14:04 - 2014-04-05 09:03 - 00937592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-08-07 14:04 - 2014-04-05 09:03 - 00385328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-08-07 14:04 - 2014-04-05 09:03 - 00062768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-08-03 19:42 - 2015-01-15 01:14 - 05133709 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-08-01 17:09 - 2014-04-05 09:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-08-01 17:09 - 2014-04-05 09:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-01 17:06 - 2015-01-15 01:14 - 00000000 ____D C:\Users\Bon-Scott\AppData\Local\NVIDIA Corporation
2015-08-01 16:47 - 2013-08-23 01:06 - 00000000 ___RD C:\WINDOWS\ToastData
2015-08-01 16:47 - 2013-08-23 01:06 - 00000000 ____D C:\WINDOWS\WinStore

==================== Files in the root of some directories =======

2015-01-20 19:01 - 2015-01-20 19:01 - 0000000 _____ () C:\Users\Bon-Scott\AppData\Roaming\programs.vc
2015-01-20 19:02 - 2015-01-20 19:02 - 0000051 _____ () C:\Users\Bon-Scott\AppData\Roaming\resetid.vc
2015-01-16 19:36 - 2015-08-25 19:25 - 24941568 _____ () C:\Users\Bon-Scott\AppData\Local\SageThumbs.db3
2014-04-05 09:00 - 2014-04-05 09:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-05 09:07 - 2014-04-05 09:07 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-04-05 09:05 - 2014-04-05 09:06 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-04-05 09:06 - 2014-04-05 09:06 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-04-05 09:06 - 2014-04-05 09:07 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-04-05 09:05 - 2014-04-05 09:05 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-21 22:13

==================== End of FRST.txt ============================


 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 26 August 2015 - 09:19 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\C2MP\CodecUACManager.exe [60416 2015-03-06] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2015-03-06]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files (x86)\DAP\daplinkchecker [2015-03-14]
S3 btmaux; \SystemRoot\system32\DRIVERS\btmaux.sys [X]
C:\Windows\SysWOW64\C2MP
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
C:\Program Files (x86)\DAP
Task: {2303FF98-FA32-402B-8FD3-72E255E0DC46} - System32\Tasks\SBWUpdateTask_Time_1c6fcd87-ECF4BB223B4E => C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\ [2015-03-14] (Speedbit Ltd.) <==== ATTENTION
Task: {CEDEEB10-AC65-4026-A1EA-2AB4EBE61D9E} - System32\Tasks\SBWUpdateTask_Logon_1c6fcd87-ECF4BB223B4E => C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2015-03-14] (Speedbit Ltd.) <==== ATTENTION
C:\Program Files (x86)\Common Files\Speedbit
AlternateDataStreams: C:\ProgramData\Temp:56E2E879
AlternateDataStreams: C:\ProgramData\Temp:8EFFFE8D
AlternateDataStreams: C:\Users\Bon-Scott\OneDrive:ms-properties

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

How is the computer running now?

#3 Bonscottmc

Bonscottmc
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide, Australia
  • Local time:07:54 PM

Posted 30 August 2015 - 08:51 AM

It actually disappeared completely again for a few days, then tonight it has come back again... Followed your instructions, ran FRST, removed everything AdwCleaner found. reset Chromes settings, but it's still there..  - http://i.imgur.com/gknAhIR.png

Haven't noticed the random hyperlinked words yet, but the random popups from clicking are still there at times too.





 

 

Attached Files



#4 Bonscottmc

Bonscottmc
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide, Australia
  • Local time:07:54 PM

Posted 30 August 2015 - 10:50 AM

I've noticed I can right click on the popup and go to inspect element.. Is there any way I can use this to find the source??





http://i.imgur.com/70Ry8lN.png

http://i.imgur.com/5KEnn1s.png



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 30 August 2015 - 01:25 PM

If this is only happening in Chrome do this.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Then remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.
<<<>>>

Keep me posted.

#6 Bonscottmc

Bonscottmc
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide, Australia
  • Local time:07:54 PM

Posted 30 August 2015 - 03:09 PM

I've tried that twice since starting this thread I believe, but it didn't help. I just cleared everything from my Chrome history and then reset the Chrome Sync and it appears to be gone for the meantime. Is it possible that something was somehow synced in with Chrome? 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 31 August 2015 - 07:31 AM


I've tried that twice since starting this thread I believe, but it didn't help


Did you remove and reinstall Chrome or just Clear the Cache?

===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

How is it now?

#8 Bonscottmc

Bonscottmc
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide, Australia
  • Local time:07:54 PM

Posted 31 August 2015 - 10:48 AM

I uninstalled and reinstalled twice, along with clearing all of Chromes cache etc numerous times. As I mentioned in the previous post, after clearing the cache and everything again AND resetting Chromes sync the adware has disappeared. It didn't remove the adware with the previous attempts of deleting the cache and stuff so I'm thinking it was something to do with the sync.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 31 August 2015 - 01:20 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 Bonscottmc

Bonscottmc
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide, Australia
  • Local time:07:54 PM

Posted 01 September 2015 - 04:24 AM

Ok, thank you. Thank you so much for your help  :grinner:



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 01 September 2015 - 07:45 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 03 September 2015 - 10:01 AM

This topic has been re-opened at the request of the person who originally posted.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 03 September 2015 - 10:03 AM

Please run the Zoek tool and post the log for my review.

Keep me posted.

#14 Bonscottmc

Bonscottmc
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide, Australia
  • Local time:07:54 PM

Posted 03 September 2015 - 10:39 AM

Thank you.


 

 
Zoek.exe v5.0.0.0 Updated 01-September-2015
Tool run by Bon-Scott on 04-Sep-15 at  0:15:04.08.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Bon-Scott\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
04-Sep-15 12:15:23 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Tensons deleted successfully
C:\Program Files\HitmanPro deleted successfully
C:\PROGRA~3\Hitman Pro deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\SpeedBit deleted successfully
C:\Users\Bon-Scott\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Bon-Scott\AppData\Local\Applian deleted successfully
C:\Users\Bon-Scott\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Bon-Scott\AppData\Local\EmieSiteList deleted successfully
C:\Users\Bon-Scott\AppData\Local\EmieUserList deleted successfully
C:\Users\Bon-Scott\AppData\Local\Jaksta_Technologies_Pty_L deleted successfully
C:\Users\Bon-Scott\AppData\Local\MediaShow deleted successfully
C:\Users\Bon-Scott\AppData\Local\softthinks deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Tensons not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~2\URLSnooper2 deleted
C:\Users\Bon-Scott\.android deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\wininit.ini deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"fiddlerhook@fiddler2.com"="C:\Program Files (x86)\Fiddler2\FiddlerHook" [01-Jul-15 05:10 PM]
 
==== Chromium Look ======================
 
Chrome Hotword Shared Module - Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{F7A2008A-681D-4C01-A891-A47696A25B74}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{F7A2008A-681D-4C01-A891-A47696A25B74} Unknown  Url="Not_Found"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-101829640-3760190246-2592586367-1002\Software\Microsoft\Internet Explorer\SearchScopes\{F7A2008A-681D-4C01-A891-A47696A25B74} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F7A2008A-681D-4C01-A891-A47696A25B74} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F7A2008A-681D-4C01-A891-A47696A25B74} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Bon-Scott\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bon-Scott\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Bon-Scott\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Bon-Scott\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Bon-Scott\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=29 folders=31 28157684 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Bon-Scott\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\BON-SC~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 04-Sep-15 at  0:22:33.82 ======================


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 03 September 2015 - 01:34 PM

How is it now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users