Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable To Install or Update Software Due To "File Not Found" Related Errors


  • This topic is locked This topic is locked
11 replies to this topic

#1 Archengeia

Archengeia

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 18 July 2014 - 11:26 PM

I have been having an issue as of late with more than one program where the installer acts like it cannot access or cannot find the very files it just downloaded to install.  At first I only saw this with a game I was grabbing for my sister, no big issue, but I've been seeing it hit a few more programs over time, including Adobe Reader's updater and Skype's as well.  For some direct text the exact error I get from Adobe is:

"System cannot find the file specified.  Error: 2."

And the error from Skype is:

"Installing Skype failed; code 2.  The system cannot find the file specified."

Have tried several scans and forced admin rights as well as taking ownership over specific directories to no avail.

 

Previously posted here: http://www.bleepingcomputer.com/forums/t/541304/unable-to-install-various-software-due-to-file-not-found-related-errors/

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 23 July 2014 - 11:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541514 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Archengeia

Archengeia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 24 July 2014 - 01:19 AM

As requested, adding a new copy of the DDS logs.  And yes I still have access to my Windows 7 CD.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 26 July 2014 - 08:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

"File Not Found"


The Search errors and indexing are tied together. Your Attach.txt file is reporting this error.
The Windows Search service terminated unexpectedly. It has done this xx time(s).

Turn off the Windows search.

How to:

http://www.sevenforums.com/tutorials/25343-windows-search-turn-off.html
Windows 7: Windows Search - Turn On or Off

Later when all is well you can re-enable it and see if the problem is solved.
===

I would like to see the logs from these scans.


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#5 Archengeia

Archengeia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 26 July 2014 - 11:34 AM

After completing all of the above tasks as instructed I was able to install / update every software I was having issues with normally.  Thank you so much for you help.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 26 July 2014 - 01:03 PM

Glad we could help.

If you want me to check for other issues/malware please run the tools I suggested and I will review your logs.

#7 Archengeia

Archengeia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 26 July 2014 - 01:26 PM

If you've the time I'd appreciate it, if not I understand.  Linking all 3 TXT reports from the aforementioned tools.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by The Bastion (administrator) on THEBASTION-PC on 26-07-2014 12:55:01
Running from C:\Downloads
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Akamai Technologies, Inc.) C:\Users\The Bastion\AppData\Local\Akamai\netsession_win.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Akamai Technologies, Inc.) C:\Users\The Bastion\AppData\Local\Akamai\netsession_win.exe
(Curse) C:\Users\The Bastion\AppData\Local\Apps\2.0\2AEQ75WT.T14\5ERDWTH9.HHN\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SteelSeries) C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(SteelSeries) C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe [1376896 2012-04-12] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2011-10-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.)
HKLM-x32\...\Run: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] => C:\Program Files (x86)\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe [1993216 2011-08-18] (SteelSeries)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [SMessaging] => C:\Users\The Bastion\AppData\Local\Strongvault Online Backup\SMessaging.exe
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1019824649-1795009633-3567411040-1000\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-1019824649-1795009633-3567411040-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-1019824649-1795009633-3567411040-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-04-23] ()
HKU\S-1-5-21-1019824649-1795009633-3567411040-1000\...\Run: [NCsoft Launcher] => C:\NCSoft\Launcher\NCLauncher.exe /Minimized
HKU\S-1-5-21-1019824649-1795009633-3567411040-1000\...\Run: [Akamai NetSession Interface] => C:\Users\The Bastion\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1019824649-1795009633-3567411040-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-1019824649-1795009633-3567411040-1000\...\MountPoints2: {7dde72b4-22cb-11e2-aca5-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1019824649-1795009633-3567411040-1000\...\MountPoints2: {b7ce5c9c-22d1-11e2-8d7a-806e6f6e6963} - E:\OblivionLauncher.exe
Startup: C:\Users\The Bastion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x663660E0FBFDCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\The Bastion\AppData\Roaming\Mozilla\Firefox\Profiles\c8271gm7.default
FF Homepage: https://drive.google.com/?pli=1&authuser=0#my-drive
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\The Bastion\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\The Bastion\AppData\Roaming\Mozilla\Firefox\Profiles\c8271gm7.default\Extensions\LogMeInClient@logmein.com [2014-06-07]
FF Extension: Adblock Plus - C:\Users\The Bastion\AppData\Roaming\Mozilla\Firefox\Profiles\c8271gm7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-01]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\The Bastion\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\The Bastion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-30]
CHR Extension: (Google Search) - C:\Users\The Bastion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-30]
CHR Extension: (AdBlock) - C:\Users\The Bastion\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-10-30]
CHR Extension: (Hangouts) - C:\Users\The Bastion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-05-31]
CHR Extension: (Google Wallet) - C:\Users\The Bastion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\The Bastion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-11-11] (Adobe Systems) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-06-26] (Perfect World Entertainment Inc)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] () [File not signed]
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [1473664 2012-04-09] (ASUSTeK Computer Inc.)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-12-29] (BitRaider, LLC)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-11-14] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-04-15] (BioWare)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [233328 2012-01-23] (DTS, Inc)
R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-07-10] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [390672 2012-09-12] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\Windows\System32\DRIVERS\ASUSstpt.sys [24648 2011-09-15] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [141896 2011-09-15] (MCCI Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-27] (DT Soft Ltd)
R3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [23040 2010-12-17] (Sagatek Co. Ltd.)
U4 Amon;
U4 Apvxd;
U4 Apvxdw in;
U4 Apvxdwin;
U4 Atrack;
U4 AvconsoleE XE;
U4 avgcc3 2;
U4 avgcc32;
U4 avgser v9;
U4 avgserv9;
U4 AVG_CC;
U4 AVPCC;
U4 AVPCC Service;
U4 BlackI ce Utility;
U4 BlackIce Utility;
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
U4 CcApp;
U4 CcRegVfy;
U4 ConfigSafe;
U4 CPD_EX E;
U4 CPD_EXE;
U4 Defwat ch;
U4 Defwatch;
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
U4 dvpapi 9x;
U4 dvpapi9x;
U4 F-StopW;
U4 Fix-it;
U4 Fix-it AV;
U4 Freedo m;
U4 Freedom;
U4 iamapp;
U4 Look 'n' Stop;
U4 McAfee Firewall;
U4 McAfee Winguage;
U4 McAfee.Ins tantUpdate.Monitor;
U4 McAfee.Instant Update.Monitor;
U4 McAfeeViru sScanService;
U4 McAfeeVirusSca nService;
U4 NAV Agent;
U4 NAV Configuration Wizard;
U4 NAV DefAlert;
U4 Nod32C C;
U4 Nod32CC;
U4 NOD32P OP3;
U4 NOD32POP3;
U4 Norton Auto-Protect;
U4 Norton eMail Protect;
U4 Norton Navigaton Loader;
U4 Norton Program Event Checker;
U4 Norton Program Scheduler;
U4 NPS Event Checker;
U4 Panda Scheduler;
U4 ScanInicio;
U4 SharedAcce ss;
U4 SymTra y - Norton SystemWorks;
U4 SymTray - Norton SystemWorks;
U4 Tiny Personal Firewall;
U4 TrueVector;
U4 VirusS can Online;
U4 VirusScan Online;
U4 ZoneAl arm;
U4 ZoneAlarm;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 12:54 - 2014-07-26 12:55 - 00000000 ____D () C:\FRST
2014-07-26 12:26 - 2014-07-26 12:27 - 00000000 ____D () C:\AdwCleaner
2014-07-26 02:01 - 2014-07-26 02:01 - 00000000 ____D () C:\ProgramData\Skype
2014-07-26 01:56 - 2014-07-26 01:56 - 00003090 _____ () C:\Windows\System32\Tasks\{06917E1A-17A1-4CB2-8601-807E62BA2355}
2014-07-24 02:17 - 2014-07-24 02:17 - 00031299 _____ () C:\Users\The Bastion\Desktop\Attach2.txt
2014-07-24 02:17 - 2014-07-24 02:17 - 00020140 _____ () C:\Users\The Bastion\Desktop\DDS2.txt
2014-07-23 17:46 - 2014-07-23 17:46 - 00000000 ____D () C:\Users\The Bastion\AppData\Roaming\Code Force Limited
2014-07-22 12:50 - 2014-07-22 12:50 - 00000000 ____D () C:\Users\The Bastion\AppData\Local\Akamai
2014-07-19 22:01 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-19 22:01 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-19 22:01 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-19 22:01 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-19 22:00 - 2014-07-19 22:01 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 00:23 - 2014-07-19 00:23 - 00023087 _____ () C:\Attach.txt
2014-07-19 00:23 - 2014-07-19 00:23 - 00020260 _____ () C:\DDS.txt
2014-07-19 00:22 - 2014-07-24 02:17 - 00031299 _____ () C:\Users\The Bastion\Desktop\attach.txt
2014-07-19 00:22 - 2014-07-24 02:16 - 00020140 _____ () C:\Users\The Bastion\Desktop\dds.txt
2014-07-17 10:26 - 2014-07-17 10:26 - 00003090 _____ () C:\Windows\System32\Tasks\{25CE3EF6-BEEA-4312-B4F5-D4220AED9177}
2014-07-17 10:18 - 2014-07-17 10:18 - 00000876 _____ () C:\Exe.reg
2014-07-16 11:46 - 2014-07-16 11:46 - 00003090 _____ () C:\Windows\System32\Tasks\{0AF31BEA-B779-4DB2-9F28-7CDC20DB3F85}
2014-07-14 19:44 - 2014-07-14 19:44 - 00000000 ____D () C:\ProgramData\EA Core
2014-07-12 19:10 - 2014-07-12 19:10 - 00000087 _____ () C:\Windows\NetwkCfg.txt
2014-07-12 19:08 - 2014-07-12 19:08 - 00000000 _____ () C:\wizard.txt
2014-07-11 17:15 - 2014-07-11 17:15 - 00001179 _____ () C:\Users\Public\Desktop\World of Warcraft Beta.lnk
2014-07-11 17:15 - 2014-07-11 17:15 - 00001179 _____ () C:\ProgramData\Desktop\World of Warcraft Beta.lnk
2014-07-11 17:15 - 2014-07-11 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Beta
2014-07-11 17:13 - 2014-07-26 01:18 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Beta
2014-07-11 02:52 - 2014-07-11 02:52 - 00000000 ____D () C:\Users\The Bastion\Documents\Mount&Blade Savegames
2014-07-11 02:51 - 2014-07-11 03:11 - 00000000 ____D () C:\Users\The Bastion\AppData\Roaming\Mount&Blade
2014-07-10 01:11 - 2014-07-10 01:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-10 01:02 - 2014-07-20 11:44 - 00000000 ____D () C:\Users\The Bastion\Documents\Assassin's Creed III
2014-07-09 15:13 - 2014-07-09 21:53 - 01096548 _____ () C:\PingTest.txt
2014-07-08 17:12 - 2014-07-08 17:12 - 00000000 ____D () C:\Users\The Bastion\AppData\Local\Turbine,_Inc
2014-07-08 16:54 - 2014-07-08 16:54 - 00000000 ____D () C:\Program Files (x86)\Decal Plugins
2014-07-08 16:52 - 2014-07-08 16:56 - 00000000 ____D () C:\Games
2014-07-08 16:48 - 2014-07-08 16:48 - 00000766 _____ () C:\Users\Public\Desktop\Asheron's Call - Wintersebb.lnk
2014-07-08 16:48 - 2014-07-08 16:48 - 00000766 _____ () C:\ProgramData\Desktop\Asheron's Call - Wintersebb.lnk
2014-07-08 16:40 - 2014-07-09 00:54 - 00000000 ____D () C:\Asheron's Call
2014-07-08 16:39 - 2014-07-08 16:39 - 00001519 _____ () C:\Users\Public\Desktop\Decal 3.0.lnk
2014-07-08 16:39 - 2014-07-08 16:39 - 00001519 _____ () C:\ProgramData\Desktop\Decal 3.0.lnk
2014-07-08 16:38 - 2014-07-08 17:07 - 00000000 ____D () C:\Decal
2014-07-07 18:42 - 2014-07-07 19:46 - 00187669 _____ () C:\MondayText.txt
2014-07-07 16:30 - 2014-07-07 16:36 - 00000049 _____ () C:\Users\The Bastion\Desktop\TimeWarner.txt
2014-07-07 12:25 - 2014-07-07 16:20 - 00690303 _____ () C:\Users\The Bastion\pingtest.txt
2014-07-04 16:12 - 2014-07-04 16:12 - 00000586 _____ () C:\Users\The Bastion\Desktop\Glyph.lnk
2014-07-04 16:12 - 2014-07-04 16:12 - 00000000 ____D () C:\Users\The Bastion\AppData\Local\Glyph
2014-07-04 16:12 - 2014-07-04 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-07-04 16:12 - 2014-07-04 16:12 - 00000000 ____D () C:\ProgramData\Glyph
2014-07-04 16:12 - 2014-07-04 16:12 - 00000000 ____D () C:\Glyph
2014-06-30 14:01 - 2014-07-25 13:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 14:01 - 2014-06-30 14:01 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-30 14:01 - 2014-06-30 14:01 - 00001114 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-30 14:01 - 2014-06-30 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-30 14:01 - 2014-06-30 14:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 14:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-30 14:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-29 16:23 - 2014-06-29 16:23 - 00003090 _____ () C:\Windows\System32\Tasks\{FAF77F7C-076D-46FB-B427-9B133A8C193F}
2014-06-27 10:11 - 2014-06-27 10:11 - 00003090 _____ () C:\Windows\System32\Tasks\{BF15CECB-6F16-400C-9171-64CEDE73EDBD}
2014-06-26 13:45 - 2014-06-26 13:45 - 00003090 _____ () C:\Windows\System32\Tasks\{160BDDAB-E11C-4870-A6B7-5A91CDD0BFEA}
2014-06-26 13:45 - 2014-06-26 13:45 - 00003090 _____ () C:\Windows\System32\Tasks\{09568DD3-2422-4976-96DF-6AE9711FBEEF}
2014-06-26 12:27 - 2014-06-26 12:31 - 00000008 _____ () C:\Users\The Bastion\Documents\mt-e_hook.txt
2014-06-26 12:27 - 2014-06-26 12:29 - 00000007 _____ () C:\Users\The Bastion\Documents\mt-x_hook.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-26 12:55 - 2014-07-26 12:54 - 00000000 ____D () C:\FRST
2014-07-26 12:55 - 2013-04-23 00:36 - 00000000 ____D () C:\Users\The Bastion\AppData\Local\PMB Files
2014-07-26 12:36 - 2012-10-30 16:53 - 00000000 _____ () C:\Windows\Path.idx
2014-07-26 12:36 - 2009-07-14 00:45 - 00014752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 12:36 - 2009-07-14 00:45 - 00014752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 12:35 - 2009-07-14 01:13 - 00765916 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-26 12:32 - 2012-10-30 15:56 - 01748476 _____ () C:\Windows\WindowsUpdate.log
2014-07-26 12:31 - 2012-10-30 17:33 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-26 12:31 - 2012-10-30 16:48 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-07-26 12:30 - 2014-06-01 13:48 - 00000000 ____D () C:\Users\The Bastion\AppData\Local\Deployment
2014-07-26 12:29 - 2014-02-19 10:01 - 00032919 _____ () C:\Windows\setupact.log
2014-07-26 12:29 - 2012-10-30 17:33 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-26 12:29 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-26 12:28 - 2012-10-30 16:26 - 00119788 _____ () C:\Windows\PFRO.log
2014-07-26 12:27 - 2014-07-26 12:26 - 00000000 ____D () C:\AdwCleaner
2014-07-26 12:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-26 02:58 - 2012-11-27 00:03 - 00000000 ____D () C:\Users\The Bastion\AppData\Roaming\Skype
2014-07-26 02:17 - 2013-10-10 01:44 - 00000000 ____D () C:\Users\The Bastion\AppData\Local\Battle.net
2014-07-26 02:01 - 2014-07-26 02:01 - 00000000 ____D () C:\ProgramData\Skype
2014-07-26 02:01 - 2014-02-03 23:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-26 01:56 - 2014-07-26 01:56 - 00003090 _____ () C:\Windows\System32\Tasks\{06917E1A-17A1-4CB2-8601-807E62BA2355}
2014-07-26 01:18 - 2014-07-11 17:13 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Beta
2014-07-25 18:43 - 2012-10-15 06:53 - 00000000 ____D () C:\World of Warcraft
2014-07-25 13:40 - 2014-06-30 14:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-25 11:47 - 2012-11-03 11:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-25 08:40 - 2012-10-30 16:53 - 00003039 _____ () C:\Windows\MB.idx
2014-07-24 15:20 - 2013-10-10 01:44 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-24 02:17 - 2014-07-24 02:17 - 00031299 _____ () C:\Users\The Bastion\Desktop\Attach2.txt
2014-07-24 02:17 - 2014-07-24 02:17 - 00020140 _____ () C:\Users\The Bastion\Desktop\DDS2.txt
2014-07-24 02:17 - 2014-07-19 00:22 - 00031299 _____ () C:\Users\The Bastion\Desktop\attach.txt
2014-07-24 02:16 - 2014-07-19 00:22 - 00020140 _____ () C:\Users\The Bastion\Desktop\dds.txt
2014-07-23 17:46 - 2014-07-23 17:46 - 00000000 ____D () C:\Users\The Bastion\AppData\Roaming\Code Force Limited
2014-07-23 17:46 - 2012-10-30 17:49 - 00000000 ____D () C:\Users\The Bastion\Documents\My Games
2014-07-23 17:44 - 2012-10-30 18:07 - 00787260 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-23 13:15 - 2012-10-30 16:03 - 00000000 ____D () C:\Users\The Bastion
2014-07-22 14:08 - 2013-10-10 01:44 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-22 13:20 - 2012-10-18 01:53 - 00000000 ____D () C:\The Lord of the Rings Online
2014-07-22 12:50 - 2014-07-22 12:50 - 00000000 ____D () C:\Users\The Bastion\AppData\Local\Akamai
2014-07-21 00:12 - 2012-11-01 12:02 - 00000000 ____D () C:\Users\The Bastion\AppData\Roaming\uTorrent
2014-07-20 17:24 - 2013-06-14 21:24 - 00000000 ____D () C:\Users\The Bastion\AppData\Roaming\Audacity
2014-07-20 11:44 - 2014-07-10 01:02 - 00000000 ____D () C:\Users\The Bastion\Documents\Assassin's Creed III
2014-07-19 22:22 - 2013-10-22 10:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-19 22:01 - 2014-07-19 22:00 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-19 22:01 - 2012-11-08 01:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-19 00:23 - 2014-07-19 00:23 - 00023087 _____ () C:\Attach.txt
2014-07-19 00:23 - 2014-07-19 00:23 - 00020260 _____ () C:\DDS.txt
2014-07-17 10:26 - 2014-07-17 10:26 - 00003090 _____ () C:\Windows\System32\Tasks\{25CE3EF6-BEEA-4312-B4F5-D4220AED9177}
2014-07-17 10:18 - 2014-07-17 10:18 - 00000876 _____ () C:\Exe.reg
2014-07-16 18:19 - 2013-03-09 22:01 - 00000000 ____D () C:\ProgramData\Origin
2014-07-16 17:47 - 2013-03-10 20:24 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-16 17:47 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-16 13:45 - 2013-03-09 22:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-16 11:46 - 2014-07-16 11:46 - 00003090 _____ () C:\Windows\System32\Tasks\{0AF31BEA-B779-4DB2-9F28-7CDC20DB3F85}
2014-07-15 13:44 - 2014-02-02 13:58 - 00000000 ____D () C:\Writings
2014-07-15 13:03 - 2012-10-30 17:44 - 00000945 _____ () C:\Users\The Bastion\Documents\NeverWhere.txt
2014-07-15 11:22 - 2013-07-15 22:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 11:22 - 2013-07-15 22:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-15 11:15 - 2009-07-14 01:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-14 19:44 - 2014-07-14 19:44 - 00000000 ____D () C:\ProgramData\EA Core
2014-07-13 21:26 - 2013-11-23 22:45 - 00000000 ____D () C:\RIFT
2014-07-12 19:10 - 2014-07-12 19:10 - 00000087 _____ () C:\Windows\NetwkCfg.txt
2014-07-12 19:08 - 2014-07-12 19:08 - 00000000 _____ () C:\wizard.txt
2014-07-11 17:15 - 2014-07-11 17:15 - 00001179 _____ () C:\Users\Public\Desktop\World of Warcraft Beta.lnk
2014-07-11 17:15 - 2014-07-11 17:15 - 00001179 _____ () C:\ProgramData\Desktop\World of Warcraft Beta.lnk
2014-07-11 17:15 - 2014-07-11 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Beta
2014-07-11 03:11 - 2014-07-11 02:51 - 00000000 ____D () C:\Users\The Bastion\AppData\Roaming\Mount&Blade
2014-07-11 03:02 - 2014-07-19 22:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-19 22:01 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-19 22:01 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-19 22:01 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-11 02:52 - 2014-07-11 02:52 - 00000000 ____D () C:\Users\The Bastion\Documents\Mount&Blade Savegames
2014-07-10 01:11 - 2014-07-10 01:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-10 01:10 - 2012-10-30 18:04 - 00358602 _____ () C:\Windows\DirectX.log
2014-07-10 01:02 - 2013-01-28 08:09 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-10 01:02 - 2013-01-28 08:09 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-09 21:53 - 2014-07-09 15:13 - 01096548 _____ () C:\PingTest.txt
2014-07-09 00:54 - 2014-07-08 16:40 - 00000000 ____D () C:\Asheron's Call
2014-07-08 17:12 - 2014-07-08 17:12 - 00000000 ____D () C:\Users\The Bastion\AppData\Local\Turbine,_Inc
2014-07-08 17:07 - 2014-07-08 16:38 - 00000000 ____D () C:\Decal
2014-07-08 16:56 - 2014-07-08 16:52 - 00000000 ____D () C:\Games
2014-07-08 16:54 - 2014-07-08 16:54 - 00000000 ____D () C:\Program Files (x86)\Decal Plugins
2014-07-08 16:48 - 2014-07-08 16:48 - 00000766 _____ () C:\Users\Public\Desktop\Asheron's Call - Wintersebb.lnk
2014-07-08 16:48 - 2014-07-08 16:48 - 00000766 _____ () C:\ProgramData\Desktop\Asheron's Call - Wintersebb.lnk
2014-07-08 16:40 - 2012-10-30 16:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-08 16:39 - 2014-07-08 16:39 - 00001519 _____ () C:\Users\Public\Desktop\Decal 3.0.lnk
2014-07-08 16:39 - 2014-07-08 16:39 - 00001519 _____ () C:\ProgramData\Desktop\Decal 3.0.lnk
2014-07-08 16:39 - 2012-12-20 06:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Decal 3.0
2014-07-07 19:46 - 2014-07-07 18:42 - 00187669 _____ () C:\MondayText.txt
2014-07-07 16:36 - 2014-07-07 16:30 - 00000049 _____ () C:\Users\The Bastion\Desktop\TimeWarner.txt
2014-07-07 16:20 - 2014-07-07 12:25 - 00690303 _____ () C:\Users\The Bastion\pingtest.txt
2014-07-06 17:27 - 2014-01-13 16:07 - 00000000 ____D () C:\Starbound
2014-07-05 17:33 - 2013-03-19 00:09 - 00000000 ____D () C:\Users\The Bastion\Documents\SimCity 4
2014-07-04 16:12 - 2014-07-04 16:12 - 00000586 _____ () C:\Users\The Bastion\Desktop\Glyph.lnk
2014-07-04 16:12 - 2014-07-04 16:12 - 00000000 ____D () C:\Users\The Bastion\AppData\Local\Glyph
2014-07-04 16:12 - 2014-07-04 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-07-04 16:12 - 2014-07-04 16:12 - 00000000 ____D () C:\ProgramData\Glyph
2014-07-04 16:12 - 2014-07-04 16:12 - 00000000 ____D () C:\Glyph
2014-06-30 14:01 - 2014-06-30 14:01 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-30 14:01 - 2014-06-30 14:01 - 00001114 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-30 14:01 - 2014-06-30 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-30 14:01 - 2014-06-30 14:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-30 14:01 - 2012-10-30 18:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-30 14:01 - 2012-10-30 18:12 - 00000000 ____D () C:\Users\The Bastion\AppData\Roaming\Malwarebytes
2014-06-30 14:01 - 2012-10-30 18:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-29 16:23 - 2014-06-29 16:23 - 00003090 _____ () C:\Windows\System32\Tasks\{FAF77F7C-076D-46FB-B427-9B133A8C193F}
2014-06-27 10:11 - 2014-06-27 10:11 - 00003090 _____ () C:\Windows\System32\Tasks\{BF15CECB-6F16-400C-9171-64CEDE73EDBD}
2014-06-26 13:45 - 2014-06-26 13:45 - 00003090 _____ () C:\Windows\System32\Tasks\{160BDDAB-E11C-4870-A6B7-5A91CDD0BFEA}
2014-06-26 13:45 - 2014-06-26 13:45 - 00003090 _____ () C:\Windows\System32\Tasks\{09568DD3-2422-4976-96DF-6AE9711FBEEF}
2014-06-26 12:33 - 2014-06-23 14:03 - 00000000 ____D () C:\Users\The Bastion\AppData\Local\Adobe
2014-06-26 12:31 - 2014-06-26 12:27 - 00000008 _____ () C:\Users\The Bastion\Documents\mt-e_hook.txt
2014-06-26 12:29 - 2014-06-26 12:27 - 00000007 _____ () C:\Users\The Bastion\Documents\mt-x_hook.txt

Some content of TEMP:
====================
C:\Users\The Bastion\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\The Bastion\AppData\Local\Temp\drm_dialogs.dll
C:\Users\The Bastion\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_1055559077232786967.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_1227394826801966819.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_1296379402883249341.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_155313529004117829.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_1702594343685074787.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_1996861617622923422.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_2679556758244777425.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_271961325286067187.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_3048788568957593190.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_3407206537780266058.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_3525093948943497948.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_3835023207663705337.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_3846061777741834151.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_4398633371680541625.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_4429217230796231354.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_478144271437715449.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_5068727695270285994.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_5167279308423759428.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_5213595972141196325.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_6593524228090005271.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_6817505341064507670.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_7525146789616491701.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_7809070133474589338.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_805094944065303400.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_812127416264579902.dll
C:\Users\The Bastion\AppData\Local\Temp\JNativeHook_9217678889237723497.dll
C:\Users\The Bastion\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\The Bastion\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\The Bastion\AppData\Local\Temp\Quarantine.exe
C:\Users\The Bastion\AppData\Local\Temp\raptrpatch.exe
C:\Users\The Bastion\AppData\Local\Temp\SkypeSetup.exe
C:\Users\The Bastion\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\The Bastion\AppData\Local\Temp\_is6CE5.exe
C:\Users\The Bastion\AppData\Local\Temp\_is9491.exe
C:\Users\The Bastion\AppData\Local\Temp\_is981.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 12:43

==================== End Of Log ============================

Attached Files


Edited by nasdaq, 27 July 2014 - 06:34 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 27 July 2014 - 06:36 AM

All clean or malware.

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.


#9 Archengeia

Archengeia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 28 July 2014 - 09:29 AM

Finished TFC process as requested.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 28 July 2014 - 10:37 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 Archengeia

Archengeia
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 28 July 2014 - 10:39 AM

Thank you again for your time.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 AM

Posted 28 July 2014 - 12:00 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users