Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware from a re-direct when using Chrome on Windows 8.1


  • This topic is locked This topic is locked
9 replies to this topic

#1 sooba

sooba

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 22 February 2015 - 10:49 PM

Hi Guys, 

 

I appreciate any assistance. I clicked a link for a video game stats website and it redirected me through about 4 different sites landing on a website that downloaded something and prevented me from closing Chrome, it also ran some audio beeping sound. I'm terrified of logging into my bank or email because of this so any help is most appreciated: (I r

 

----------------------- FRST LOG BELOW ----------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2015
Ran by bob (administrator) on SNAKE on 22-02-2015 22:39:59
Running from C:\Users\bob\Downloads
Loaded Profiles: bob (Available profiles: bob)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Scarlet.Crush Productions) C:\Program Files\ScarletCrush\bin\ScpService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Joyent, Inc) C:\Windows\Prey\versions\1.3.6\bin\node.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.3.6\node_modules\triggers\bin\lightevt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\bob\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\bob\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\bob\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-22] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\Run: [Akamai NetSession Interface] => C:\Users\bob\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\Run: [Google Update] => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-20] (Google Inc.)
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\Run: [GoogleChromeAutoLaunch_C51BAAF6F62210A752148098D8E87FEB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\Run: [AdobeBridge] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-905794016-3625390106-1284391612-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\bob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-905794016-3625390106-1284391612-1001: @talk.google.com/O1DPlugin -> C:\Users\bob\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-905794016-3625390106-1284391612-1001: @tools.google.com/Google Update;version=3 -> C:\Users\bob\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-905794016-3625390106-1284391612-1001: @tools.google.com/Google Update;version=9 -> C:\Users\bob\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-905794016-3625390106-1284391612-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\bob\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\bob\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-25]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13]
CHR Extension: (Google Drive) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-01-22]
CHR Extension: (Adblock Plus) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-28]
CHR Extension: (Google Search) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13]
CHR Extension: (Google Play Music) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-01-05]
CHR Extension: (Google Wallet) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR Extension: (Hover Zoom) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-01-13]
CHR Extension: (Auto-Reload) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid [2014-01-13]
CHR Extension: (ScriptSafe) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-03-16]
CHR Extension: (Gmail) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2015-01-04] (Fork, Ltd.) [File not signed]
R2 Ds3Service; C:\Program Files\ScarletCrush\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2013-10-17] (Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2013-04-08] (Reprise Software Inc.) [File not signed]
R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-14] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2014-01-12] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [469264 2013-06-20] (Intel Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-22 22:39 - 2015-02-22 22:40 - 00017484 _____ () C:\Users\bob\Downloads\FRST.txt
2015-02-22 22:39 - 2015-02-22 22:40 - 00000000 ____D () C:\FRST
2015-02-22 22:39 - 2015-02-22 22:39 - 02087424 _____ (Farbar) C:\Users\bob\Downloads\FRST64 (1).exe
2015-02-22 22:37 - 2015-02-22 22:37 - 02087424 _____ (Farbar) C:\Users\bob\Downloads\FRST64.exe
2015-02-22 18:28 - 2015-02-22 18:28 - 04082707 _____ () C:\Users\bob\Desktop\petrolpump.zip
2015-02-22 18:26 - 2015-02-22 18:26 - 23015266 _____ () C:\Users\bob\Desktop\petrol pump top.psd
2015-02-22 17:56 - 2015-02-22 17:56 - 32738810 _____ () C:\Users\bob\Downloads\Dirty_Plastic.psd
2015-02-22 17:23 - 2015-02-22 17:23 - 00072420 _____ () C:\Users\bob\Downloads\Pump Top.obj
2015-02-22 17:23 - 2015-02-22 17:23 - 00010779 _____ () C:\Users\bob\Downloads\Map__1040_Checker.tga
2015-02-22 17:23 - 2015-02-22 17:23 - 00000408 _____ () C:\Users\bob\Downloads\Pump Top.mtl
2015-02-22 16:38 - 2015-02-22 17:25 - 00000000 ____D () C:\Users\bob\Desktop\tmp
2015-02-22 16:12 - 2015-02-22 16:14 - 00024088 _____ () C:\Users\bob\Downloads\Gas.dwg
2015-02-22 16:11 - 2015-02-22 16:11 - 00000033 _____ () C:\Users\bob\AppData\Roaming\AdobeWLCMCache.dat
2015-02-22 16:08 - 2015-02-22 16:08 - 00001511 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2015-02-22 16:08 - 2015-02-22 16:08 - 00000000 ____D () C:\ProgramData\ALM
2015-02-22 15:19 - 2015-02-22 15:19 - 00260309 _____ () C:\Users\bob\Downloads\Gas.ai
2015-02-20 22:16 - 2015-02-20 22:16 - 00000000 ____D () C:\Users\bob\AppData\Local\Steam
2015-02-20 20:04 - 2015-02-22 17:19 - 04509696 _____ () C:\Users\bob\Downloads\Untitled01.max
2015-02-20 20:04 - 2015-02-22 17:13 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-20 20:04 - 2015-02-20 20:04 - 00000000 ____D () C:\Users\bob\AppData\Local\LogMeIn
2015-02-20 19:54 - 2015-02-22 17:13 - 00000000 ____D () C:\Users\bob\AppData\Local\LogMeInIgnition
2015-02-20 19:54 - 2015-02-20 19:54 - 04973216 _____ (LogMeIn, Inc.) C:\Users\bob\Downloads\LogMeIn Client (1).exe
2015-02-12 19:46 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 19:46 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 21:09 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 21:09 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 21:09 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 21:09 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-10 21:09 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-10 21:09 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 21:09 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 21:09 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-10 21:09 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 21:09 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 21:09 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 21:09 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 21:09 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 21:09 - 2014-12-08 18:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 21:09 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 21:09 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 21:09 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 21:09 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 21:09 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-10 21:09 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-10 21:09 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-10 21:09 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 21:09 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-10 21:09 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-10 21:09 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-10 21:09 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-10 21:09 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-10 21:08 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 21:08 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 21:08 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 21:08 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 21:08 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 21:08 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 21:08 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 21:08 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 21:08 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 21:08 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 21:08 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 21:08 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 21:08 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 21:08 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 21:08 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-10 21:08 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 21:08 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 21:08 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 21:08 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 21:08 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 21:08 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 21:08 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 21:08 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-10 21:08 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-10 21:08 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-10 21:08 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 21:08 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-10 21:08 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 21:08 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 21:08 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 21:08 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 21:08 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 21:08 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 21:08 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 21:08 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 21:08 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 21:08 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 21:08 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-06 21:40 - 2015-02-22 22:38 - 00192512 ___SH () C:\Users\bob\Desktop\Thumbs.db
2015-01-31 01:22 - 2015-01-31 01:22 - 00000000 ____D () C:\Users\bob\AppData\Roaming\Mozilla
2015-01-25 21:42 - 2015-01-25 21:42 - 00000000 ___RD () C:\Users\bob\Creative Cloud Files
2015-01-25 01:02 - 2015-01-25 01:02 - 00001046 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2015-01-25 01:00 - 2015-01-26 00:54 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-01-25 01:00 - 2015-01-26 00:54 - 00002230 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-01-25 01:00 - 2015-01-26 00:54 - 00002069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-01-25 01:00 - 2015-01-25 01:00 - 00002160 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2015-01-25 01:00 - 2015-01-25 01:00 - 00002046 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2015-01-25 00:52 - 2015-01-25 00:52 - 00001242 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
2015-01-25 00:37 - 2015-01-25 00:37 - 00001134 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk
2015-01-25 00:30 - 2015-01-25 00:30 - 00001122 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk
2015-01-25 00:23 - 2015-01-25 00:23 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2015-01-25 00:23 - 2015-01-25 00:23 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-25 00:23 - 2015-01-25 00:23 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-25 00:22 - 2015-01-25 00:22 - 00001044 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
2015-01-25 00:18 - 2015-01-25 00:18 - 00002101 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.7.1 64-bit.lnk
2015-01-25 00:18 - 2015-01-25 00:18 - 00002081 _____ () C:\Users\Public\Desktop\Lightroom 5.7.1 64-bit.lnk
2015-01-25 00:12 - 2015-02-22 16:08 - 00000000 ____D () C:\Program Files\Adobe
2015-01-25 00:12 - 2015-01-25 01:00 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-25 00:12 - 2015-01-25 00:12 - 00001056 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-01-24 23:59 - 2015-01-25 14:01 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-24 23:59 - 2015-01-25 00:59 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-24 23:59 - 2015-01-24 23:59 - 00001329 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-01-24 23:59 - 2015-01-24 23:59 - 00001317 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-01-24 23:08 - 2015-01-24 23:08 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-24 23:08 - 2015-01-24 23:08 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-24 23:08 - 2015-01-24 23:08 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-24 23:03 - 2015-01-24 23:03 - 00001093 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-01-24 23:03 - 2015-01-24 23:03 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-01-24 23:03 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-01-24 21:47 - 2015-01-24 21:47 - 00003494 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-a1_bob_11@hotmail.com
2015-01-24 20:22 - 2015-01-24 20:22 - 00007662 _____ () C:\Users\bob\AppData\Local\Resmon.ResmonCfg
2015-01-24 19:43 - 2014-04-15 18:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-01-24 19:43 - 2014-04-15 18:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-01-24 17:25 - 2015-01-24 17:25 - 00000000 ____D () C:\Users\bob\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2015-01-24 15:59 - 2015-01-24 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-01-24 15:59 - 2015-01-24 15:59 - 00000000 ____D () C:\Users\bob\AppData\Local\VS Revo Group
2015-01-24 15:59 - 2015-01-24 15:59 - 00000000 ____D () C:\Program Files\VS Revo Group
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-22 22:27 - 2014-01-20 01:19 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-905794016-3625390106-1284391612-1001UA.job
2015-02-22 22:26 - 2014-01-13 00:31 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-22 22:20 - 2014-11-08 19:20 - 00000931 _____ () C:\Windows\Tasks\EPSON XP-410 Series Update {B9AAB0B7-361A-4174-BA34-4BE02AB4EFB3}.job
2015-02-22 22:20 - 2014-11-08 19:20 - 00000745 _____ () C:\Windows\Tasks\EPSON XP-410 Series Invitation {B9AAB0B7-361A-4174-BA34-4BE02AB4EFB3}.job
2015-02-22 22:20 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-22 22:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-22 21:33 - 2014-12-07 23:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-22 21:27 - 2014-01-20 01:19 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-905794016-3625390106-1284391612-1001Core.job
2015-02-22 21:25 - 2014-01-14 02:32 - 00000000 ____D () C:\Users\bob\AppData\Local\Akamai
2015-02-22 18:13 - 2014-05-30 13:50 - 01554944 ___SH () C:\Users\bob\Downloads\Thumbs.db
2015-02-22 16:11 - 2014-01-12 04:42 - 00000000 ____D () C:\Users\bob\AppData\Roaming\Adobe
2015-02-22 16:08 - 2014-01-13 02:04 - 00000000 ____D () C:\Users\bob\AppData\Local\Adobe
2015-02-22 12:15 - 2014-01-13 01:12 - 00000000 ___DO () C:\Users\bob\SkyDrive
2015-02-22 00:00 - 2014-01-14 04:35 - 00000000 ____D () C:\ProgramData\Reprise
2015-02-20 00:47 - 2014-01-12 04:55 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-905794016-3625390106-1284391612-1001
2015-02-19 21:16 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-19 20:26 - 2014-01-13 00:32 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-18 01:29 - 2014-01-12 04:42 - 00000000 ____D () C:\Users\bob
2015-02-17 19:48 - 2014-01-12 04:54 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-17 19:43 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 15:39 - 2014-09-25 11:08 - 00000000 ____D () C:\Users\bob\AppData\Roaming\vlc
2015-02-14 01:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-02-13 01:50 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-12 22:50 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 19:41 - 2013-08-22 09:44 - 05215920 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:02 - 2014-01-16 18:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:00 - 2014-01-16 18:46 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-05 22:21 - 2014-01-13 00:31 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 22:21 - 2014-01-13 00:31 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 22:21 - 2014-01-13 00:31 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 21:22 - 2014-01-20 01:19 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-905794016-3625390106-1284391612-1001UA
2015-02-03 21:22 - 2014-01-20 01:19 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-905794016-3625390106-1284391612-1001Core
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-28 22:14 - 2014-01-21 00:19 - 00001456 _____ () C:\Users\bob\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-27 19:22 - 2014-01-13 04:15 - 00000000 ____D () C:\Users\bob\Documents\Adobe
2015-01-25 01:02 - 2014-01-13 02:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-24 23:59 - 2014-03-30 13:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-24 23:10 - 2014-11-18 21:11 - 00000000 ____D () C:\Users\bob\AppData\Roaming\FileZilla
2015-01-24 23:10 - 2014-01-12 04:36 - 00000000 ____D () C:\Windows\Panther
2015-01-24 18:55 - 2014-01-14 03:21 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-01-24 18:55 - 2014-01-13 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-24 18:55 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-24 18:55 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-24 18:55 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\registration
2015-01-24 18:55 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Sysprep
 
==================== Files in the root of some directories =======
 
2014-02-01 16:54 - 2014-02-01 16:54 - 0000132 _____ () C:\Users\bob\AppData\Roaming\Adobe BMP Format CC Prefs
2014-01-25 03:45 - 2014-12-27 22:30 - 0000132 _____ () C:\Users\bob\AppData\Roaming\Adobe OpenEXR Format CC Prefs
2014-02-13 20:40 - 2014-12-17 21:21 - 0000132 _____ () C:\Users\bob\AppData\Roaming\Adobe PNG Format CC Prefs
2015-02-22 16:11 - 2015-02-22 16:11 - 0000033 _____ () C:\Users\bob\AppData\Roaming\AdobeWLCMCache.dat
2014-01-21 00:19 - 2015-01-28 22:14 - 0001456 _____ () C:\Users\bob\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-24 20:22 - 2015-01-24 20:22 - 0007662 _____ () C:\Users\bob\AppData\Local\Resmon.ResmonCfg
2014-12-10 23:21 - 2014-12-22 22:07 - 0000015 _____ () C:\Users\bob\AppData\Local\X-Plane_drm.prf
2014-12-10 23:21 - 2014-12-10 23:21 - 0000039 _____ () C:\Users\bob\AppData\Local\x-plane_install_10.txt
2014-01-12 04:59 - 2014-01-12 04:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-15 11:58
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 PM

Posted 27 February 2015 - 10:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/568002 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 sooba

sooba
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 28 February 2015 - 12:33 AM

Hello!

 

Yes I still need help please, below is a new log and I DO indeed have my windows 8 DVD.

 

Thanks!

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by bob (administrator) on SNAKE on 28-02-2015 00:30:21
Running from C:\Users\bob\Downloads
Loaded Profiles: bob (Available profiles: bob)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Scarlet.Crush Productions) C:\Program Files\ScarletCrush\bin\ScpService.exe
(Joyent, Inc) C:\Windows\Prey\versions\1.3.6\bin\node.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.3.6\node_modules\triggers\bin\lightevt.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\bob\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\bob\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-22] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\Run: [Akamai NetSession Interface] => C:\Users\bob\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\Run: [Google Update] => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-20] (Google Inc.)
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\Run: [GoogleChromeAutoLaunch_C51BAAF6F62210A752148098D8E87FEB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\Run: [AdobeBridge] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-905794016-3625390106-1284391612-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\bob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-905794016-3625390106-1284391612-1001: @talk.google.com/O1DPlugin -> C:\Users\bob\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-905794016-3625390106-1284391612-1001: @tools.google.com/Google Update;version=3 -> C:\Users\bob\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-905794016-3625390106-1284391612-1001: @tools.google.com/Google Update;version=9 -> C:\Users\bob\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-905794016-3625390106-1284391612-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\bob\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\bob\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-25]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}
 
{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-13]
CHR Extension: (Google Drive) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-13]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-01-22]
CHR Extension: (Adblock Plus) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-28]
CHR Extension: (Google Search) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-13]
CHR Extension: (Google Play Music) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-01-05]
CHR Extension: (Google Wallet) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-13]
CHR Extension: (Hover Zoom) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-01-13]
CHR Extension: (Auto-Reload) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid [2014-01-13]
CHR Extension: (ScriptSafe) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-03-16]
CHR Extension: (Gmail) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-07] (Broadcom Corporation.)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2015-01-04] (Fork, Ltd.) [File not signed]
R2 Ds3Service; C:\Program Files\ScarletCrush\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2014-01-12] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [469264 2013-06-20] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-24] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-28 00:30 - 2015-02-28 00:30 - 00000000 ____D () C:\Users\bob\Downloads\FRST-OlderVersion
2015-02-26 14:27 - 2015-02-26 14:27 - 00411716 _____ () C:\Windows\PFRO.log
2015-02-24 22:48 - 2015-02-24 22:48 - 00000000 ____D () C:\Users\bob\AppData\Local\CrashDumps
2015-02-24 22:46 - 2015-02-24 22:49 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-24 22:46 - 2015-02-24 22:46 - 10995632 _____ (SurfRight B.V.) C:\Users\bob\Downloads\HitmanPro_x64.exe
2015-02-24 22:46 - 2015-02-24 22:46 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-24 22:40 - 2015-02-24 22:40 - 00000197 _____ () C:\Windows\system32\2015-02-25-03-40-02.084-AvastVBoxSVC.exe-3176.log
2015-02-24 22:26 - 2015-02-27 22:07 - 00384276 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 22:15 - 2015-02-27 22:15 - 00000520 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task ec2c44ca-edb8-4061-b06d-112abd344442.job
2015-02-24 22:15 - 2015-02-27 22:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-24 22:15 - 2015-02-24 22:37 - 00000520 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 977a5087-53cb-484d-a583-7b116de22957.job
2015-02-24 22:15 - 2015-02-24 22:15 - 00003566 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 977a5087-53cb-484d-a583-7b116de22957
2015-02-24 22:15 - 2015-02-24 22:15 - 00003484 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task ec2c44ca-edb8-4061-b06d-112abd344442
2015-02-24 22:15 - 2015-02-24 22:15 - 00001820 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-02-24 22:15 - 2015-02-24 22:15 - 00000197 _____ () C:\Windows\system32\2015-02-25-03-15-40.080-AvastVBoxSVC.exe-3308.log
2015-02-24 22:15 - 2015-02-24 22:15 - 00000000 ____D () C:\Users\bob\AppData\Roaming\SUPERAntiSpyware.com
2015-02-24 22:15 - 2015-02-24 22:15 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-02-24 22:15 - 2015-02-24 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-02-24 22:13 - 2015-02-26 14:27 - 00000348 _____ () C:\Windows\setupact.log
2015-02-24 22:13 - 2015-02-24 22:13 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-24 21:34 - 2015-02-24 22:07 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-24 21:19 - 2015-02-24 21:19 - 00381952 _____ (Scarlet.Crush Productions) C:\Users\bob\Downloads\ScpService.exe
2015-02-24 20:59 - 2014-12-13 16:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 20:59 - 2014-12-13 16:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-24 20:59 - 2014-10-28 20:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-24 20:59 - 2014-10-28 20:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-24 20:59 - 2014-10-28 20:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-24 20:59 - 2014-10-28 20:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-23 21:01 - 2015-02-23 21:01 - 00000247 _____ () C:\Windows\system32\2015-02-24-02-01-36.023-aswFe.exe-5920.log
2015-02-23 20:59 - 2015-02-23 21:01 - 00000247 _____ () C:\Windows\system32\2015-02-24-01-59-49.083-aswFe.exe-6500.log
2015-02-23 20:59 - 2015-02-23 20:59 - 00000197 _____ () C:\Windows\system32\2015-02-24-01-59-49.038-AvastVBoxSVC.exe-4152.log
2015-02-23 20:56 - 2015-02-23 20:56 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-23 20:56 - 2015-02-23 20:56 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-23 20:54 - 2015-02-26 14:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-23 00:14 - 2015-02-23 00:14 - 00000000 ____D () C:\Windows\pss
2015-02-22 22:40 - 2015-02-22 22:43 - 00034974 _____ () C:\Users\bob\Downloads\Addition.txt
2015-02-22 22:39 - 2015-02-28 00:30 - 00018011 _____ () C:\Users\bob\Downloads\FRST.txt
2015-02-22 22:39 - 2015-02-28 00:30 - 00000000 ____D () C:\FRST
2015-02-22 22:37 - 2015-02-28 00:30 - 02087936 _____ (Farbar) C:\Users\bob\Downloads\FRST64.exe
2015-02-22 16:38 - 2015-02-22 17:25 - 00000000 ____D () C:\Users\bob\Desktop\tmp
2015-02-22 16:11 - 2015-02-22 16:11 - 00000033 _____ () C:\Users\bob\AppData\Roaming\AdobeWLCMCache.dat
2015-02-22 16:08 - 2015-02-22 16:08 - 00001511 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2015-02-22 16:08 - 2015-02-22 16:08 - 00000000 ____D () C:\ProgramData\ALM
2015-02-22 15:19 - 2015-02-22 15:19 - 00260309 _____ () C:\Users\bob\Downloads\Gas.ai
2015-02-20 22:16 - 2015-02-20 22:16 - 00000000 ____D () C:\Users\bob\AppData\Local\Steam
2015-02-20 20:04 - 2015-02-22 17:19 - 04509696 _____ () C:\Users\bob\Downloads\Untitled01.max
2015-02-20 20:04 - 2015-02-22 17:13 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-02-20 20:04 - 2015-02-20 20:04 - 00000000 ____D () C:\Users\bob\AppData\Local\LogMeIn
2015-02-20 19:54 - 2015-02-22 17:13 - 00000000 ____D () C:\Users\bob\AppData\Local\LogMeInIgnition
2015-02-20 19:54 - 2015-02-20 19:54 - 04973216 _____ (LogMeIn, Inc.) C:\Users\bob\Downloads\LogMeIn Client (1).exe
2015-02-12 19:46 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 19:46 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 21:09 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-10 21:09 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 21:09 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 21:09 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-10 21:09 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-10 21:09 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 21:09 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-10 21:09 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-10 21:09 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 21:09 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 21:09 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 21:09 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 21:09 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 21:09 - 2014-12-08 18:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 21:09 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 21:09 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 21:09 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 21:09 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 21:09 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-10 21:09 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-10 21:09 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-10 21:09 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 21:09 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-10 21:09 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-10 21:09 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-10 21:09 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-10 21:09 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-10 21:08 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 21:08 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 21:08 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 21:08 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 21:08 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 21:08 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 21:08 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 21:08 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 21:08 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 21:08 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 21:08 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 21:08 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 21:08 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 21:08 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-10 21:08 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-10 21:08 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-10 21:08 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 21:08 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 21:08 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 21:08 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 21:08 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 21:08 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 21:08 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-10 21:08 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-10 21:08 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-10 21:08 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 21:08 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-10 21:08 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 21:08 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 21:08 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 21:08 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 21:08 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 21:08 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 21:08 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 21:08 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 21:08 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 21:08 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 21:08 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-06 21:40 - 2015-02-26 15:04 - 00207872 ___SH () C:\Users\bob\Desktop\Thumbs.db
2015-01-31 01:22 - 2015-01-31 01:22 - 00000000 ____D () C:\Users\bob\AppData\Roaming\Mozilla
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-28 00:27 - 2014-01-20 01:19 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-905794016-3625390106-1284391612-1001UA.job
2015-02-28 00:20 - 2014-11-08 19:20 - 00000931 _____ () C:\Windows\Tasks\EPSON XP-410 Series Update {B9AAB0B7-361A-4174-BA34-4BE02AB4EFB3}.job
2015-02-28 00:20 - 2014-11-08 19:20 - 00000745 _____ () C:\Windows\Tasks\EPSON XP-410 Series Invitation {B9AAB0B7-361A-4174-BA34-4BE02AB4EFB3}.job
2015-02-28 00:20 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-28 00:00 - 2014-01-14 04:35 - 00000000 ____D () C:\ProgramData\Reprise
2015-02-28 00:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-27 22:26 - 2014-01-13 00:31 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 21:27 - 2014-01-20 01:19 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-905794016-3625390106-1284391612-1001Core.job
2015-02-27 20:14 - 2014-01-14 02:32 - 00000000 ____D () C:\Users\bob\AppData\Local\Akamai
2015-02-27 20:14 - 2014-01-13 02:04 - 00000000 ____D () C:\Users\bob\AppData\Local\Adobe
2015-02-27 20:13 - 2014-01-13 01:12 - 00000000 ___DO () C:\Users\bob\SkyDrive
2015-02-26 14:32 - 2014-01-12 04:54 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-26 14:27 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 00:34 - 2014-01-12 04:55 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-905794016-3625390106-1284391612-1001
2015-02-24 22:26 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-24 21:57 - 2014-12-07 23:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 21:15 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-23 03:12 - 2014-01-12 04:37 - 00000000 __SHD () C:\Recovery
2015-02-22 18:13 - 2014-05-30 13:50 - 01554944 ___SH () C:\Users\bob\Downloads\Thumbs.db
2015-02-22 16:11 - 2014-01-12 04:42 - 00000000 ____D () C:\Users\bob\AppData\Roaming\Adobe
2015-02-22 16:08 - 2015-01-25 00:12 - 00000000 ____D () C:\Program Files\Adobe
2015-02-19 21:16 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-19 20:26 - 2014-01-13 00:32 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-18 01:29 - 2014-01-12 04:42 - 00000000 ____D () C:\Users\bob
2015-02-15 15:39 - 2014-09-25 11:08 - 00000000 ____D () C:\Users\bob\AppData\Roaming\vlc
2015-02-14 01:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2015-02-12 19:41 - 2013-08-22 09:44 - 05215920 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:02 - 2014-01-16 18:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:00 - 2014-01-16 18:46 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-05 22:21 - 2014-01-13 00:31 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 22:21 - 2014-01-13 00:31 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 22:21 - 2014-01-13 00:31 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 21:22 - 2014-01-20 01:19 - 00003860 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-905794016-3625390106-1284391612-1001UA
2015-02-03 21:22 - 2014-01-20 01:19 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-905794016-3625390106-1284391612-1001Core
2015-02-03 14:31 - 2013-08-22 10:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2014-02-01 16:54 - 2014-02-01 16:54 - 0000132 _____ () C:\Users\bob\AppData\Roaming\Adobe BMP Format CC Prefs
2014-01-25 03:45 - 2014-12-27 22:30 - 0000132 _____ () C:\Users\bob\AppData\Roaming\Adobe OpenEXR Format CC Prefs
2014-02-13 20:40 - 2014-12-17 21:21 - 0000132 _____ () C:\Users\bob\AppData\Roaming\Adobe PNG Format CC Prefs
2015-02-22 16:11 - 2015-02-22 16:11 - 0000033 _____ () C:\Users\bob\AppData\Roaming\AdobeWLCMCache.dat
2014-01-21 00:19 - 2015-01-28 22:14 - 0001456 _____ () C:\Users\bob\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-24 20:22 - 2015-01-24 20:22 - 0007662 _____ () C:\Users\bob\AppData\Local\Resmon.ResmonCfg
2014-12-10 23:21 - 2014-12-22 22:07 - 0000015 _____ () C:\Users\bob\AppData\Local\X-Plane_drm.prf
2014-12-10 23:21 - 2014-12-10 23:21 - 0000039 _____ () C:\Users\bob\AppData\Local\x-plane_install_10.txt
2014-01-12 04:59 - 2014-01-12 04:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-24 22:26
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 PM

Posted 28 February 2015 - 10:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Extension: (Hover Zoom) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-01-13]
C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

The first time you have executed the Farbar tool a file named addition.txt was also created.
Please post the content in your next reply for my review.

How is the Computer running now?

#5 sooba

sooba
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 28 February 2015 - 03:27 PM

Hey Nasdaq!

 

Thank you much for your assistance, I'd be stuffed without help from people like you. Below are the logs you instructed me to produce. The PC runs okay, but i'm really worried there is something running that is going to steal my passwords or something. I'm scared of logging into my emails or bank etc. L

 

Let me know what you think,

 

Thanks!

 

Bob

 

FIXLOG.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by bob at 2015-02-28 14:13:53 Run:1
Running from C:\Users\bob\Downloads
Loaded Profiles: bob (Available profiles: bob)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Extension: (Hover Zoom) - C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-01-13]
C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl
 
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl directory not found.
"C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:13:53 ====
 
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2015
Ran by bob at 2015-02-22 22:40:27
Running from C:\Users\bob\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.1.0.070 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.2.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.143 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DWG TrueView 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
FLT 7.0v5 (HKLM-x32\...\FLT 7.0v5_is1) (Version:  - The Foundry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Moxier Wallet (HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\Moxier Wallet) (Version: 1.0.9 - )
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Nuke 8.0v1 (HKLM\...\Nuke 8.0v1_is1) (Version:  - The Foundry)
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit (HKLM\...\{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}) (Version: 2.60.0216.1828 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Prey Anti-Theft (x32 Version: 1.3.5 - Prey, Inc.) Hidden
PTGui Pro 9.1 (HKLM-x32\...\PTGui) (Version:  - New House Internet Services B.V.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.3.0 - Samsung Electronics)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.7-6 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7800 - Broadcom Corporation)
X-Plane 10 Global - 64 Bit (HKLM-x32\...\Steam App 292180) (Version:  - Laminar Research)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-905794016-3625390106-1284391612-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-905794016-3625390106-1284391612-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-905794016-3625390106-1284391612-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-905794016-3625390106-1284391612-1001_Classes\CLSID\{83B0E426-D4EE-11D4-BEDF-BAB7F1EEA455}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2014\addflow4.ocx (Lassalle Technologies)
CustomCLSID: HKU\S-1-5-21-905794016-3625390106-1284391612-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\bob\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-905794016-3625390106-1284391612-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\bob\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-905794016-3625390106-1284391612-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\bob\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
22-02-2015 16:07:49 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
22-02-2015 16:07:54 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-01-25 00:06 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {07DE88E2-A7CB-499B-8E52-6515749D279A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-905794016-3625390106-1284391612-1001UA => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {0F8BDA4E-33A0-4F12-9FFA-C0C88065BA60} - System32\Tasks\EPSON XP-410 Series Update {B9AAB0B7-361A-4174-BA34-4BE02AB4EFB3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-09-12] (SEIKO EPSON CORPORATION)
Task: {24B7ACF6-3726-417E-9F46-7C74B7FC1067} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {41F9B98B-6B41-4F07-90DF-1817ED98C3DC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {44C2EE62-31B2-4B92-9C9C-51D036221819} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {59D9FC36-7366-4363-803B-97B9E5ED674B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {6A020346-0AEE-49DD-8B4A-DC8C6391DE65} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {76C5DD70-E0BF-4622-96D3-8E295EEDABC4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-905794016-3625390106-1284391612-1001Core => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {7A3C76BC-2E15-4524-AFB3-A89F633948B7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7FB39DEA-A38F-48C1-9839-FF1380A47FCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-13] (Google Inc.)
Task: {8C7C66B3-43CB-4944-98DD-3E16CA6B306D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-a1_bob_11@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {AB73D950-6CAD-4E27-A52F-0217C268DD7B} - System32\Tasks\EPSON XP-410 Series Invitation {B9AAB0B7-361A-4174-BA34-4BE02AB4EFB3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-09-12] (SEIKO EPSON CORPORATION)
Task: {B0220FBE-F5CB-489A-9115-C7EC34AE6FA5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {B0C9B6F5-3BBA-481E-A2AB-E4DF18897CB8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: C:\Windows\Tasks\EPSON XP-410 Series Invitation {B9AAB0B7-361A-4174-BA34-4BE02AB4EFB3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE>/EXE:{B9AAB0B7-361A-4174-BA34-4BE02AB4EFB3} /F:InvitationWORKGROUP\SNAKE$©Searches for new information from EPSON, and notifies you when they are available. This task is uninstalled automatically when you uninstall the related printer driver.{0Þ ¥<
Task: C:\Windows\Tasks\EPSON XP-410 Series Update {B9AAB0B7-361A-4174-BA34-4BE02AB4EFB3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE:/EXE:{B9AAB0B7-361A-4174-BA34-4BE02AB4EFB3} /F:UpdateWORKGROUP\SNAKE$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.This task is uninstalled automatically when you uninstall the related printer driver.{0Þ¥<
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-905794016-3625390106-1284391612-1001Core.job => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-905794016-3625390106-1284391612-1001UA.job => C:\Users\bob\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-01-13 00:33 - 2013-07-04 06:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2013-08-19 19:03 - 2013-08-19 19:03 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2011-09-14 23:19 - 2011-09-14 23:19 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
2014-01-12 05:29 - 2013-12-19 13:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-19 15:57 - 2014-12-19 15:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-11-26 16:56 - 2014-11-26 16:56 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-01-14 03:48 - 2013-12-04 11:35 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-12-19 15:57 - 2014-12-19 15:57 - 05979808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-01-13 00:33 - 2015-02-17 19:43 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-01-13 00:33 - 2013-07-04 06:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2015-01-07 21:27 - 2015-01-07 21:27 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2015-02-19 20:26 - 2015-02-17 17:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-19 20:26 - 2015-02-17 17:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-19 20:26 - 2015-02-17 17:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\bob\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\bob\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\3830433818_56edee9e1e_o.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKU\S-1-5-21-905794016-3625390106-1284391612-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-905794016-3625390106-1284391612-500 - Administrator - Disabled)
bob (S-1-5-21-905794016-3625390106-1284391612-1001 - Administrator - Enabled) => C:\Users\bob
Guest (S-1-5-21-905794016-3625390106-1284391612-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-905794016-3625390106-1284391612-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth USB module
Description: Bluetooth USB module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/22/2015 09:25:24 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/22/2015 09:25:08 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/22/2015 09:07:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 40.0.2214.115 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 14c8
 
Start Time: 01d04ec31d722ddc
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: a83e1bd6-bb00-11e4-82ba-bcee7b9f49d8
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/22/2015 04:28:25 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/22/2015 04:28:10 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/22/2015 00:15:34 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/22/2015 00:15:19 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/21/2015 11:43:26 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/21/2015 11:43:10 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (02/21/2015 06:50:25 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
 
System errors:
=============
Error: (02/20/2015 10:16:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (02/20/2015 10:16:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (02/18/2015 07:58:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (02/17/2015 07:43:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:54:11 PM on ‎2/‎16/‎2015 was unexpected.
 
Error: (02/13/2015 01:50:37 AM) (Source: DCOM) (EventID: 10010) (User: SNAKE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/11/2015 08:10:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (02/11/2015 08:00:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Store Service (WSService) service terminated with the following error: 
%%193
 
Error: (02/10/2015 09:27:43 AM) (Source: DCOM) (EventID: 10010) (User: SNAKE)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (02/09/2015 01:42:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:11:51 PM on ‎2/‎8/‎2015 was unexpected.
 
Error: (02/09/2015 01:42:45 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256845787966648913832
 
 
Microsoft Office Sessions:
=========================
Error: (02/22/2015 09:25:24 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/22/2015 09:25:08 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/22/2015 09:07:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.11514c801d04ec31d722ddc4294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exea83e1bd6-bb00-11e4-82ba-bcee7b9f49d8
 
Error: (02/22/2015 04:28:25 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/22/2015 04:28:10 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/22/2015 00:15:34 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/22/2015 00:15:19 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/21/2015 11:43:26 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/21/2015 11:43:10 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (02/21/2015 06:50:25 PM) (Source: MsiInstaller) (EventID: 11310) (User: SNAKE)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\bob\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-22 22:36:45.196
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-22 22:36:45.108
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-22 22:36:45.003
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-22 22:36:44.913
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-22 22:30:30.218
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-22 22:30:30.124
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-22 22:30:29.989
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-22 22:30:29.893
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-22 21:43:45.936
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-22 21:43:45.847
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4930K CPU @ 3.40GHz
Percentage of memory in use: 13%
Total physical RAM: 32706.79 MB
Available physical RAM: 28195.38 MB
Total Pagefile: 37570.79 MB
Available Pagefile: 32448.33 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100.61 GB) (Free:16.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Raid 1) (Fixed) (Total:2794.37 GB) (Free:1599.15 GB) NTFS
Drive f: (Work SSD) (Fixed) (Total:209.59 GB) (Free:194.47 GB) NTFS
Drive i: () (Removable) (Total:29.71 GB) (Free:5.88 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D286006F)
Partition 1: (Active) - (Size=100.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: D2860067)
Partition 1: (Not Active) - (Size=209.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 
 
ADWcleaner:
 
# AdwCleaner v4.111 - Logfile created 28/02/2015 at 14:15:38
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : bob - SNAKE
# Running from : C:\Users\bob\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v40.0.2214.115
 
*************************
 
 
AdwCleaner[R0].txt - [977 bytes] - [28/02/2015 14:15:38]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1211 bytes] ##########

Edited by sooba, 28 February 2015 - 03:30 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 PM

Posted 01 March 2015 - 09:31 AM


Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

Post that log and then continue.
======

I did not found any malicious programs on your computer.

To be on the safe side run this on line scan and delete everything that will be identified.

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

It may take some time so do it when you will not need the computer for an hour or two.

===

#7 sooba

sooba
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 01 March 2015 - 04:53 PM

Hey Nasdaq,

 

below are the security check logs and the ESET log. It didn't found anything.

 

Do you think I'm safe to log into my emails and bank and so forth? 

 

Thanks again so much for your help. I'm thrilled that you guys do this for free.

 

Checkup:

 

 Results of screen317's Security Check version 0.99.97  

   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 
 
ESET
 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1a80336ff3415c42b7b2486bc1bb369d
# engine=22701
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-01 09:26:05
# local_time=2015-03-01 04:26:05 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 15463084 0 0
# scanned=620141
# found=0
# cleaned=0
# scan_time=9084
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 PM

Posted 02 March 2015 - 08:56 AM

Do you think I'm safe to log into my emails and bank and so forth?

No problems with e-mail. Watch what you open. If not expecting a message or the sender is unknown to you delete it.

I would change my password for the bank.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 sooba

sooba
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 02 March 2015 - 08:30 PM

Thanks so much man!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:47 PM

Posted 08 March 2015 - 09:32 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users