Jump to content

brad1014

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by brad1014

  1. You are a life saver!!!! it worked this time!! I was able to boot successfully. here is the fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2013 03 Ran by SYSTEM at 2013-07-10 23:29:30 Run:1 Running from J:\ Boot Mode: Recovery ============================================== HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully. HKU\Brad\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKU\Brad\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully. HKU\Brad\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully. C:\Users\Brad\AppData\Roaming\skype.dat => Moved successfully. C:\$Recycle.Bin\S-1-5-18\$0040424851a523cef18c0a9fb7c7e5dd => Moved successfully. C:\$Recycle.Bin\S-1-5-21-2302057715-2896670223-2431684762-1002\$0040424851a523cef18c0a9fb7c7e5dd => Moved successfully. Error: DeleteJunctionsIndirectory: => entry should be fixed outside recovery mode. C:\Program Files\Windows Defender => Moved successfully. ==== End of Fixlog ====
  2. That didn't work, I have two Hard Drives and each one has windows 7 (one of the Hard Drives is old and I moved into my new computer.. the SSD drive I use also has windows 7 and this is the one I am using as my OS) ... I ran another try of the farbar tool, hopefully this time it will work..., I do appreciate your help.. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 03 Ran by SYSTEM on 10-07-2013 23:17:56 Running from J:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [8769536 2011-05-12] (C-Media Corporation) HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\syswow64\HsMgr.exe Envoke [200704 2008-07-10] () HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe Envoke [282112 2008-07-10] () HKLM\...\Run: [mckqup] - "C:\Windows\System32\rundll32.exe" "C:\Users\Brad\AppData\Roaming\mckqup.dll",ReleaseLock [565248 2013-07-01] (Mise Technology,Inc) HKLM\...\Run: [ruidop] - "C:\Windows\System32\rundll32.exe" "C:\Users\Brad\AppData\Roaming\ruidop.dll",Instance_NewRaw [417792 2013-07-01] (DIA Corporation) HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$0040424851a523cef18c0a9fb7c7e5dd\n. ATTENTION! ====> ZeroAccess HKLM-x32\...\Run: [uSB3MON] - "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-04] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542104 2012-12-11] (Lavasoft) HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x] HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\Brad\...\Run: [nHancer] - "C:\Program Files\nHancer\nHancer.exe" /tray [x] HKU\Brad\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Brad\AppData\Local\Temp\rbxbceegmxwsnlajebd.bfg [54272 2013-07-10] (NVIDIA Corporation) <===== ATTENTION HKU\Brad\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) HKU\Brad\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Brad\...\Command Processor: "C:\Users\Brad\AppData\Local\Temp\rbxbceegmxwsnlajebd.bfg" <===== ATTENTION! HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\UpdatusUser\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XNL.lnk ShortcutTarget: XNL.lnk -> G:\Experience X Lights\FSXXNL\XNL.exe () ==================== Services (Whitelisted) ================= S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236968 2012-12-14] (Lavasoft Limited) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [150464 2012-08-10] (Futuremark Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) ==================== Drivers (Whitelisted) ==================== S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-09] (C-Media Inc) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security) S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-12] (GFI Software) S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation) S3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] () S3 SaiH0763; C:\Windows\System32\DRIVERS\SaiH0763.sys [178304 2008-02-15] (Saitek) S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-07-02] (Saitek) S3 ALSysIO; \??\C:\Users\Brad\AppData\Local\Temp\ALSysIO64.sys [x] S3 cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x] S3 e1cexpress; system32\DRIVERS\e1c62x64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-10 18:39 - 2013-07-10 18:39 - 00000000 ____D C:\FRST 2013-07-10 09:53 - 2013-07-10 09:53 - 00003288 ____N C:\bootsqm.dat 2013-07-10 09:52 - 2013-07-10 09:52 - 00000000 __SHD C:\found.000 2013-07-10 09:43 - 2013-07-10 09:43 - 69730304 ____A C:\Windows\System32\config\software.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 20709376 ____A C:\Windows\System32\config\system.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\security.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\sam.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\default.bhv 2013-07-10 08:38 - 2013-07-10 08:38 - 00000000 ___AD C:\$Anvi Rescue Disk$ 2013-07-10 08:08 - 2013-07-10 08:08 - 01097640 ____A C:\Users\Brad\AppData\Local\2433f433 2013-07-10 08:08 - 2013-07-10 08:08 - 01097637 ____A C:\ProgramData\2433f433 2013-07-10 08:08 - 2013-07-10 08:08 - 01097615 ____A C:\Users\Brad\AppData\Roaming\2433f433 2013-07-10 08:04 - 2013-07-10 08:04 - 00000000 ____D C:\Users\Brad\Downloads\kecp_photoreal_update 2013-07-10 08:03 - 2013-07-10 08:04 - 00000000 ____D C:\Users\Brad\Downloads\kecp_northwest_florida_beaches_intl_panama_city 2013-07-09 11:51 - 2013-07-09 11:51 - 00067775 ____A C:\Users\Brad\Desktop\fsx.cfg 2013-07-08 09:32 - 2013-07-08 09:32 - 00006274 ____A C:\Users\Brad\Documents\Unilever - Covington.xls 2013-07-02 06:51 - 2013-07-02 06:51 - 00187359 ____A C:\Users\Brad\Documents\zep pa first load.xps 2013-07-01 19:26 - 2013-07-01 19:26 - 00565248 ____A (Mise Technology,Inc) C:\Users\Brad\AppData\Roaming\mckqup.dll 2013-07-01 19:26 - 2013-07-01 19:26 - 00417792 ____A (DIA Corporation) C:\Users\Brad\AppData\Roaming\ruidop.dll 2013-07-01 19:25 - 2013-07-01 19:25 - 00000012 ____A C:\Windows\sruna.log 2013-07-01 18:48 - 2013-07-01 18:48 - 00293784 ____A C:\Windows\Minidump\070113-12230-01.dmp 2013-06-30 05:55 - 2013-06-30 05:55 - 00293768 ____A C:\Windows\Minidump\063013-6598-01.dmp 2013-06-29 12:49 - 2013-07-10 19:09 - 00000000 ____D C:\Users\Brad\Downloads\ProcessExplorer 2013-06-29 06:38 - 2013-06-29 06:38 - 00000000 ____D C:\Users\Brad\Downloads\ualx145 2013-06-29 04:11 - 2013-06-29 04:11 - 00000000 ____D C:\Users\Brad\Downloads\EMBserie_for_MSFS 2013-06-26 18:35 - 2013-06-26 18:35 - 00000000 ____D C:\Users\Brad\Documents\Aerosoft 2013-06-24 08:58 - 2004-12-19 12:34 - 00054404 ____A C:\Windows\SysWOW64\sndspeed.dll 2013-06-24 08:58 - 2004-07-19 10:54 - 00053248 ____A (FailSafe Systems) C:\Windows\SysWOW64\WinWorX.dll 2013-06-24 08:58 - 2003-11-20 09:27 - 00198656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx 2013-06-24 08:58 - 2003-11-13 12:44 - 00319488 ____A (Polar sales@polarsoftware.com www.polarsoftware.com) C:\Windows\SysWOW64\PolarZIPLight.dll 2013-06-24 08:58 - 2003-09-23 12:32 - 00458752 ____A (CSC) C:\Windows\SysWOW64\FDC_Buttons.ocx 2013-06-24 08:58 - 2002-03-13 19:46 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-24 08:58 - 2000-07-09 16:15 - 00106496 ____A (Marco Bellinaso) C:\Windows\SysWOW64\MBPrgBar.ocx 2013-06-24 08:58 - 2000-05-22 13:58 - 00647872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx 2013-06-24 08:58 - 2000-05-21 22:00 - 01066176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX 2013-06-24 08:58 - 1999-05-06 21:00 - 00244232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSFLXGRD.OCX 2013-06-24 08:58 - 1998-06-24 02:00 - 00067376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Sysinfo.ocx 2013-06-24 08:58 - 1998-06-23 22:00 - 00164144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX 2013-06-24 08:58 - 1998-06-23 22:00 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2013-06-24 08:58 - 1998-06-23 21:00 - 00115016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Msinet.ocx 2013-06-24 08:56 - 2013-06-24 08:56 - 00000856 ____A C:\Users\Public\Desktop\FDC Live Cockpit.lnk 2013-06-24 08:40 - 2013-06-24 08:40 - 00000000 ____D C:\Users\Brad\AppData\Roaming\InstallShield 2013-06-24 08:38 - 2013-06-24 08:38 - 00000000 ____D C:\Users\Brad\Downloads\AS_FDCX 2013-06-24 07:53 - 2009-12-19 05:02 - 10976768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.004 2013-06-23 07:00 - 2013-06-23 07:00 - 00293752 ____A C:\Windows\Minidump\062313-6598-01.dmp 2013-06-23 04:53 - 2013-06-23 04:53 - 00000197 ____A C:\Users\Brad\FlightBeam_Washington Dulles Intl - HD.reg 2013-06-22 06:47 - 2009-12-19 05:02 - 10976768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.003 2013-06-22 05:00 - 2013-06-22 05:00 - 00003148 ____A C:\Windows\System32\Tasks\{57C36066-1997-408A-8E30-8DBF1DE9C9F1} 2013-06-22 04:59 - 2013-06-22 04:59 - 03536847 ____A () C:\Users\Brad\Downloads\SKYDC-9_51_FSX_DAL_Setup.exe 2013-06-20 18:01 - 2013-07-09 19:18 - 00084088 ____A C:\AEMODULE.LOG 2013-06-20 17:49 - 2013-06-20 17:49 - 00000000 ____D C:\Users\Brad\AppData\Local\Flight1 Software 2013-06-20 17:47 - 2013-06-20 17:47 - 00000877 ____A C:\Users\Public\Desktop\Audio Environment Configuration Manager.lnk 2013-06-20 17:47 - 2013-06-20 17:47 - 00000858 ____A C:\Users\Public\Desktop\Third Party Aircraft Sound Installer.lnk 2013-06-20 17:46 - 2013-06-20 17:46 - 00000000 ____D C:\Users\Brad\Downloads\FSX - Flight1 - TSS - Audio Environment - Airliner Edition V1.2 2013-06-20 12:49 - 2013-06-20 15:38 - 574635825 ____A C:\Users\Brad\Downloads\FSX - Flight1 - TSS - Audio Environment - Airliner Edition V1.2.rar 2013-06-20 07:26 - 2013-06-20 07:26 - 00000000 ____D C:\ProgramData\CaptainSim 2013-06-20 07:25 - 2013-06-20 07:25 - 00000000 ____D C:\Users\Brad\Downloads\CS777 2013-06-19 07:57 - 2013-06-19 07:57 - 00003992 ____A C:\Users\Brad\Downloads\cls_b763_panel_retrofit.zip 2013-06-19 05:17 - 2013-06-19 05:24 - 00001059 ____A C:\Users\Public\Desktop\PMDG 747-400 FSX Load Manager.lnk 2013-06-18 12:15 - 2013-06-18 12:15 - 00000000 ____D C:\Users\Brad\Downloads\fsx_hawaiian_717-200 2013-06-15 06:25 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-15 06:25 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-15 06:25 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-15 06:25 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-15 06:25 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-15 06:25 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-15 06:25 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-15 06:25 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-15 06:25 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-15 06:25 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-15 06:25 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-15 06:25 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-15 06:25 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-15 06:25 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-15 06:25 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-15 06:25 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-15 06:25 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-15 06:25 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-15 06:25 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-15 06:22 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 06:22 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 06:22 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 06:22 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 06:22 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 06:22 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 06:22 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 06:22 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 06:22 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 06:22 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 06:22 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 06:22 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 06:22 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-15 06:22 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-15 06:22 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-15 06:22 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-15 06:22 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-15 06:22 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe ==================== One Month Modified Files and Folders ======= 2013-07-10 19:14 - 2012-12-28 12:39 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-10 19:14 - 2011-06-29 10:51 - 00037420 ____A C:\Windows\setupact.log 2013-07-10 19:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-10 19:09 - 2013-06-29 12:49 - 00000000 ____D C:\Users\Brad\Downloads\ProcessExplorer 2013-07-10 19:09 - 2013-01-31 09:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-10 19:09 - 2013-01-31 09:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-10 19:09 - 2013-01-12 09:27 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2013-07-10 19:09 - 2013-01-12 07:57 - 00000000 ____D C:\Users\Brad\AppData\Roaming\Virtuali 2013-07-10 19:09 - 2013-01-12 07:54 - 00000000 ____D C:\ProgramData\Licenses 2013-07-10 19:09 - 2013-01-09 07:51 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-10 19:09 - 2013-01-08 10:43 - 00000000 ____D C:\Users\Brad\AppData\Roaming\RAASPRO 2013-07-10 19:09 - 2013-01-07 06:35 - 00000000 ____D C:\ProgramData\FLEXnet 2013-07-10 19:09 - 2013-01-06 05:50 - 00000000 ____D C:\Windows\Minidump 2013-07-10 19:09 - 2013-01-04 19:11 - 00000000 ____D C:\users\Brad 2013-07-10 19:09 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-10 19:09 - 2010-11-20 23:16 - 00000000 ____D C:\Windows\ShellNew 2013-07-10 19:09 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-10 19:09 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-07-10 18:39 - 2013-07-10 18:39 - 00000000 ____D C:\FRST 2013-07-10 18:29 - 2012-12-28 11:54 - 01409996 ____A C:\Windows\WindowsUpdate.log 2013-07-10 18:29 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-10 18:29 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-10 18:27 - 2013-01-04 20:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-10 17:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-07-10 09:53 - 2013-07-10 09:53 - 00003288 ____N C:\bootsqm.dat 2013-07-10 09:52 - 2013-07-10 09:52 - 00000000 __SHD C:\found.000 2013-07-10 09:43 - 2013-07-10 09:43 - 69730304 ____A C:\Windows\System32\config\software.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 20709376 ____A C:\Windows\System32\config\system.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\security.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\sam.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\default.bhv 2013-07-10 08:38 - 2013-07-10 08:38 - 00000000 ___AD C:\$Anvi Rescue Disk$ 2013-07-10 08:12 - 2009-07-13 21:08 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-10 08:08 - 2013-07-10 08:08 - 01097640 ____A C:\Users\Brad\AppData\Local\2433f433 2013-07-10 08:08 - 2013-07-10 08:08 - 01097637 ____A C:\ProgramData\2433f433 2013-07-10 08:08 - 2013-07-10 08:08 - 01097615 ____A C:\Users\Brad\AppData\Roaming\2433f433 2013-07-10 08:04 - 2013-07-10 08:04 - 00000000 ____D C:\Users\Brad\Downloads\kecp_photoreal_update 2013-07-10 08:04 - 2013-07-10 08:03 - 00000000 ____D C:\Users\Brad\Downloads\kecp_northwest_florida_beaches_intl_panama_city 2013-07-09 19:35 - 2013-01-04 21:06 - 00000000 ____D C:\Users\Brad\Documents\Flight Simulator X Files 2013-07-09 19:18 - 2013-06-20 18:01 - 00084088 ____A C:\AEMODULE.LOG 2013-07-09 11:51 - 2013-07-09 11:51 - 00067775 ____A C:\Users\Brad\Desktop\fsx.cfg 2013-07-08 09:32 - 2013-07-08 09:32 - 00006274 ____A C:\Users\Brad\Documents\Unilever - Covington.xls 2013-07-07 17:45 - 2013-01-13 09:56 - 00000221 ____A C:\Windows\AISmooth.INI 2013-07-07 17:01 - 2013-01-20 07:17 - 00000000 ____D C:\Users\Brad\Desktop\aismv120 2013-07-02 06:51 - 2013-07-02 06:51 - 00187359 ____A C:\Users\Brad\Documents\zep pa first load.xps 2013-07-01 19:26 - 2013-07-01 19:26 - 00565248 ____A (Mise Technology,Inc) C:\Users\Brad\AppData\Roaming\mckqup.dll 2013-07-01 19:26 - 2013-07-01 19:26 - 00417792 ____A (DIA Corporation) C:\Users\Brad\AppData\Roaming\ruidop.dll 2013-07-01 19:25 - 2013-07-01 19:25 - 00000012 ____A C:\Windows\sruna.log 2013-07-01 18:48 - 2013-07-01 18:48 - 00293784 ____A C:\Windows\Minidump\070113-12230-01.dmp 2013-07-01 18:48 - 2013-01-06 05:50 - 1326581077 ____A C:\Windows\MEMORY.DMP 2013-06-30 05:55 - 2013-06-30 05:55 - 00293768 ____A C:\Windows\Minidump\063013-6598-01.dmp 2013-06-29 06:38 - 2013-06-29 06:38 - 00000000 ____D C:\Users\Brad\Downloads\ualx145 2013-06-29 04:11 - 2013-06-29 04:11 - 00000000 ____D C:\Users\Brad\Downloads\EMBserie_for_MSFS 2013-06-28 19:50 - 2009-07-13 21:13 - 00743982 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-27 04:13 - 2010-11-20 19:47 - 00021604 ____A C:\Windows\PFRO.log 2013-06-26 19:39 - 2013-01-05 07:47 - 00000000 ____D C:\Users\Brad\AppData\Roaming\BitTorrent 2013-06-26 18:35 - 2013-06-26 18:35 - 00000000 ____D C:\Users\Brad\Documents\Aerosoft 2013-06-25 12:12 - 2013-01-05 16:30 - 00000000 ____D C:\ProgramData\Esellerate 2013-06-24 08:56 - 2013-06-24 08:56 - 00000856 ____A C:\Users\Public\Desktop\FDC Live Cockpit.lnk 2013-06-24 08:56 - 2013-01-19 19:34 - 00000000 ____D C:\Program Files (x86)\Aerosoft 2013-06-24 08:56 - 2012-12-28 11:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-24 08:40 - 2013-06-24 08:40 - 00000000 ____D C:\Users\Brad\AppData\Roaming\InstallShield 2013-06-24 08:38 - 2013-06-24 08:38 - 00000000 ____D C:\Users\Brad\Downloads\AS_FDCX 2013-06-24 07:53 - 2013-01-26 05:32 - 00003919 ____A C:\Program Files (x86)\INSTALL.LOG 2013-06-23 07:00 - 2013-06-23 07:00 - 00293752 ____A C:\Windows\Minidump\062313-6598-01.dmp 2013-06-23 04:53 - 2013-06-23 04:53 - 00000197 ____A C:\Users\Brad\FlightBeam_Washington Dulles Intl - HD.reg 2013-06-22 05:00 - 2013-06-22 05:00 - 00003148 ____A C:\Windows\System32\Tasks\{57C36066-1997-408A-8E30-8DBF1DE9C9F1} 2013-06-22 04:59 - 2013-06-22 04:59 - 03536847 ____A () C:\Users\Brad\Downloads\SKYDC-9_51_FSX_DAL_Setup.exe 2013-06-21 04:13 - 2009-07-13 20:45 - 00439904 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-20 17:49 - 2013-06-20 17:49 - 00000000 ____D C:\Users\Brad\AppData\Local\Flight1 Software 2013-06-20 17:47 - 2013-06-20 17:47 - 00000877 ____A C:\Users\Public\Desktop\Audio Environment Configuration Manager.lnk 2013-06-20 17:47 - 2013-06-20 17:47 - 00000858 ____A C:\Users\Public\Desktop\Third Party Aircraft Sound Installer.lnk 2013-06-20 17:46 - 2013-06-20 17:46 - 00000000 ____D C:\Users\Brad\Downloads\FSX - Flight1 - TSS - Audio Environment - Airliner Edition V1.2 2013-06-20 15:38 - 2013-06-20 12:49 - 574635825 ____A C:\Users\Brad\Downloads\FSX - Flight1 - TSS - Audio Environment - Airliner Edition V1.2.rar 2013-06-20 08:46 - 2013-01-04 19:11 - 00118752 ____A C:\Users\Brad\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-20 07:26 - 2013-06-20 07:26 - 00000000 ____D C:\ProgramData\CaptainSim 2013-06-20 07:25 - 2013-06-20 07:25 - 00000000 ____D C:\Users\Brad\Downloads\CS777 2013-06-19 07:57 - 2013-06-19 07:57 - 00003992 ____A C:\Users\Brad\Downloads\cls_b763_panel_retrofit.zip 2013-06-19 05:24 - 2013-06-19 05:17 - 00001059 ____A C:\Users\Public\Desktop\PMDG 747-400 FSX Load Manager.lnk 2013-06-18 15:43 - 2013-05-19 05:35 - 00000000 ____D C:\Users\Brad\Documents\Wilco CRJ 2013-06-18 12:15 - 2013-06-18 12:15 - 00000000 ____D C:\Users\Brad\Downloads\fsx_hawaiian_717-200 2013-06-15 23:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-06-15 06:27 - 2013-01-04 20:21 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-15 06:27 - 2013-01-04 20:21 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-15 06:27 - 2013-01-04 20:21 - 00003768 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-06-15 06:18 - 2013-01-04 20:21 - 00000000 ____D C:\Windows\System32\Macromed 2013-06-15 06:17 - 2013-01-04 20:21 - 00000000 ____D C:\Windows\SysWOW64\Macromed ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2302057715-2896670223-2431684762-1002\$0040424851a523cef18c0a9fb7c7e5dd ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$0040424851a523cef18c0a9fb7c7e5dd Files to move or delete: ==================== C:\Users\Brad\AppData\Roaming\skype.dat ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-06-28 19:49:37 Restore point made on: 2013-06-29 09:55:40 Restore point made on: 2013-06-30 17:08:47 Restore point made on: 2013-07-07 15:00:09 Restore point made on: 2013-07-10 10:24:49 ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16338.94 MB Available physical RAM: 15145.7 MB Total Pagefile: 16337.14 MB Available Pagefile: 15143.02 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:38.31 GB) NTFS (Disk=0 Partition=2) Drive d: () (Fixed) (Total:698.63 GB) (Free:385.01 GB) NTFS (Disk=1 Partition=1) Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=2 Partition=1) ==>[system with boot components (obtained from reading drive)] Drive g: () (Fixed) (Total:698.54 GB) (Free:136.81 GB) NTFS (Disk=2 Partition=2) Drive h: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF Drive j: (Transcend) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT32 (Disk=4 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: A936AE3D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: A9A6A9A6) Partition 1: (Active) - (Size=699 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 77A5E191) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=0B) LastRegBack: 2013-07-07 08:27 ==================== End Of Log ============================
  3. Here is the report: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 03 Ran by SYSTEM on 10-07-2013 18:39:09 Running from J:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [8769536 2011-05-12] (C-Media Corporation) HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\syswow64\HsMgr.exe Envoke [200704 2008-07-10] () HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe Envoke [282112 2008-07-10] () HKLM\...\Run: [mckqup] - "C:\Windows\System32\rundll32.exe" "C:\Users\Brad\AppData\Roaming\mckqup.dll",ReleaseLock [565248 2013-07-01] (Mise Technology,Inc) HKLM\...\Run: [ruidop] - "C:\Windows\System32\rundll32.exe" "C:\Users\Brad\AppData\Roaming\ruidop.dll",Instance_NewRaw [417792 2013-07-01] (DIA Corporation) HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$0040424851a523cef18c0a9fb7c7e5dd\n. ATTENTION! ====> ZeroAccess HKLM-x32\...\Run: [uSB3MON] - "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-04] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542104 2012-12-11] (Lavasoft) HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x] HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\Brad\...\Run: [nHancer] - "C:\Program Files\nHancer\nHancer.exe" /tray [x] HKU\Brad\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Brad\AppData\Local\Temp\rbxbceegmxwsnlajebd.bfg [54272 2013-07-10] (NVIDIA Corporation) <===== ATTENTION HKU\Brad\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) HKU\Brad\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Brad\...\Command Processor: "C:\Users\Brad\AppData\Local\Temp\rbxbceegmxwsnlajebd.bfg" <===== ATTENTION! HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\UpdatusUser\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XNL.lnk ShortcutTarget: XNL.lnk -> G:\Experience X Lights\FSXXNL\XNL.exe () ==================== Services (Whitelisted) ================= S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236968 2012-12-14] (Lavasoft Limited) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [150464 2012-08-10] (Futuremark Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) ==================== Drivers (Whitelisted) ==================== S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-09] (C-Media Inc) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security) S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-12] (GFI Software) S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation) S3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] () S3 SaiH0763; C:\Windows\System32\DRIVERS\SaiH0763.sys [178304 2008-02-15] (Saitek) S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-07-02] (Saitek) S3 ALSysIO; \??\C:\Users\Brad\AppData\Local\Temp\ALSysIO64.sys [x] S3 cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x] S3 e1cexpress; system32\DRIVERS\e1c62x64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-10 18:39 - 2013-07-10 18:39 - 00000000 ____D C:\FRST 2013-07-10 09:53 - 2013-07-10 09:53 - 00003288 ____N C:\bootsqm.dat 2013-07-10 09:52 - 2013-07-10 09:52 - 00000000 __SHD C:\found.000 2013-07-10 09:43 - 2013-07-10 09:43 - 69730304 ____A C:\Windows\System32\config\software.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 20709376 ____A C:\Windows\System32\config\system.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\security.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\sam.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\default.bhv 2013-07-10 08:38 - 2013-07-10 08:38 - 00000000 ___AD C:\$Anvi Rescue Disk$ 2013-07-10 08:08 - 2013-07-10 08:08 - 01097640 ____A C:\Users\Brad\AppData\Local\2433f433 2013-07-10 08:08 - 2013-07-10 08:08 - 01097637 ____A C:\ProgramData\2433f433 2013-07-10 08:08 - 2013-07-10 08:08 - 01097615 ____A C:\Users\Brad\AppData\Roaming\2433f433 2013-07-10 08:04 - 2013-07-10 08:04 - 00000000 ____D C:\Users\Brad\Downloads\kecp_photoreal_update 2013-07-10 08:03 - 2013-07-10 08:04 - 00000000 ____D C:\Users\Brad\Downloads\kecp_northwest_florida_beaches_intl_panama_city 2013-07-09 11:51 - 2013-07-09 11:51 - 00067775 ____A C:\Users\Brad\Desktop\fsx.cfg 2013-07-08 09:32 - 2013-07-08 09:32 - 00006274 ____A C:\Users\Brad\Documents\Unilever - Covington.xls 2013-07-02 06:51 - 2013-07-02 06:51 - 00187359 ____A C:\Users\Brad\Documents\zep pa first load.xps 2013-07-01 19:26 - 2013-07-01 19:26 - 00565248 ____A (Mise Technology,Inc) C:\Users\Brad\AppData\Roaming\mckqup.dll 2013-07-01 19:26 - 2013-07-01 19:26 - 00417792 ____A (DIA Corporation) C:\Users\Brad\AppData\Roaming\ruidop.dll 2013-07-01 19:25 - 2013-07-01 19:25 - 00000012 ____A C:\Windows\sruna.log 2013-07-01 18:48 - 2013-07-01 18:48 - 00293784 ____A C:\Windows\Minidump\070113-12230-01.dmp 2013-06-30 05:55 - 2013-06-30 05:55 - 00293768 ____A C:\Windows\Minidump\063013-6598-01.dmp 2013-06-29 12:49 - 2013-06-29 12:49 - 00000000 ____D C:\Users\Brad\Downloads\ProcessExplorer 2013-06-29 06:38 - 2013-06-29 06:38 - 00000000 ____D C:\Users\Brad\Downloads\ualx145 2013-06-29 04:11 - 2013-06-29 04:11 - 00000000 ____D C:\Users\Brad\Downloads\EMBserie_for_MSFS 2013-06-26 18:35 - 2013-06-26 18:35 - 00000000 ____D C:\Users\Brad\Documents\Aerosoft 2013-06-24 08:58 - 2004-12-19 12:34 - 00054404 ____A C:\Windows\SysWOW64\sndspeed.dll 2013-06-24 08:58 - 2004-07-19 10:54 - 00053248 ____A (FailSafe Systems) C:\Windows\SysWOW64\WinWorX.dll 2013-06-24 08:58 - 2003-11-20 09:27 - 00198656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx 2013-06-24 08:58 - 2003-11-13 12:44 - 00319488 ____A (Polar sales@polarsoftware.com www.polarsoftware.com) C:\Windows\SysWOW64\PolarZIPLight.dll 2013-06-24 08:58 - 2003-09-23 12:32 - 00458752 ____A (CSC) C:\Windows\SysWOW64\FDC_Buttons.ocx 2013-06-24 08:58 - 2002-03-13 19:46 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-24 08:58 - 2000-07-09 16:15 - 00106496 ____A (Marco Bellinaso) C:\Windows\SysWOW64\MBPrgBar.ocx 2013-06-24 08:58 - 2000-05-22 13:58 - 00647872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx 2013-06-24 08:58 - 2000-05-21 22:00 - 01066176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX 2013-06-24 08:58 - 1999-05-06 21:00 - 00244232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSFLXGRD.OCX 2013-06-24 08:58 - 1998-06-24 02:00 - 00067376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Sysinfo.ocx 2013-06-24 08:58 - 1998-06-23 22:00 - 00164144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX 2013-06-24 08:58 - 1998-06-23 22:00 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2013-06-24 08:58 - 1998-06-23 21:00 - 00115016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Msinet.ocx 2013-06-24 08:56 - 2013-06-24 08:56 - 00000856 ____A C:\Users\Public\Desktop\FDC Live Cockpit.lnk 2013-06-24 08:40 - 2013-06-24 08:40 - 00000000 ____D C:\Users\Brad\AppData\Roaming\InstallShield 2013-06-24 08:38 - 2013-06-24 08:38 - 00000000 ____D C:\Users\Brad\Downloads\AS_FDCX 2013-06-24 07:53 - 2009-12-19 05:02 - 10976768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.004 2013-06-23 07:00 - 2013-06-23 07:00 - 00293752 ____A C:\Windows\Minidump\062313-6598-01.dmp 2013-06-23 04:53 - 2013-06-23 04:53 - 00000197 ____A C:\Users\Brad\FlightBeam_Washington Dulles Intl - HD.reg 2013-06-22 06:47 - 2009-12-19 05:02 - 10976768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.003 2013-06-22 05:00 - 2013-06-22 05:00 - 00003148 ____A C:\Windows\System32\Tasks\{57C36066-1997-408A-8E30-8DBF1DE9C9F1} 2013-06-22 04:59 - 2013-06-22 04:59 - 03536847 ____A () C:\Users\Brad\Downloads\SKYDC-9_51_FSX_DAL_Setup.exe 2013-06-20 18:01 - 2013-07-09 19:18 - 00084088 ____A C:\AEMODULE.LOG 2013-06-20 17:49 - 2013-06-20 17:49 - 00000000 ____D C:\Users\Brad\AppData\Local\Flight1 Software 2013-06-20 17:47 - 2013-06-20 17:47 - 00000877 ____A C:\Users\Public\Desktop\Audio Environment Configuration Manager.lnk 2013-06-20 17:47 - 2013-06-20 17:47 - 00000858 ____A C:\Users\Public\Desktop\Third Party Aircraft Sound Installer.lnk 2013-06-20 17:46 - 2013-06-20 17:46 - 00000000 ____D C:\Users\Brad\Downloads\FSX - Flight1 - TSS - Audio Environment - Airliner Edition V1.2 2013-06-20 12:49 - 2013-06-20 15:38 - 574635825 ____A C:\Users\Brad\Downloads\FSX - Flight1 - TSS - Audio Environment - Airliner Edition V1.2.rar 2013-06-20 07:26 - 2013-06-20 07:26 - 00000000 ____D C:\ProgramData\CaptainSim 2013-06-20 07:25 - 2013-06-20 07:25 - 00000000 ____D C:\Users\Brad\Downloads\CS777 2013-06-19 07:57 - 2013-06-19 07:57 - 00003992 ____A C:\Users\Brad\Downloads\cls_b763_panel_retrofit.zip 2013-06-19 05:17 - 2013-06-19 05:24 - 00001059 ____A C:\Users\Public\Desktop\PMDG 747-400 FSX Load Manager.lnk 2013-06-18 12:15 - 2013-06-18 12:15 - 00000000 ____D C:\Users\Brad\Downloads\fsx_hawaiian_717-200 2013-06-15 06:25 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-15 06:25 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-15 06:25 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-15 06:25 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-15 06:25 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-15 06:25 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-15 06:25 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-15 06:25 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-15 06:25 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-15 06:25 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-15 06:25 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-15 06:25 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-15 06:25 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-15 06:25 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-15 06:25 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-15 06:25 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-15 06:25 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-15 06:25 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-15 06:25 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-15 06:22 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 06:22 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 06:22 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 06:22 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 06:22 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 06:22 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 06:22 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 06:22 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 06:22 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 06:22 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 06:22 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 06:22 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 06:22 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-15 06:22 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-15 06:22 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-15 06:22 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-15 06:22 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-15 06:22 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe ==================== One Month Modified Files and Folders ======= 2013-07-10 18:39 - 2013-07-10 18:39 - 00000000 ____D C:\FRST 2013-07-10 18:34 - 2013-06-29 12:49 - 00000000 ____D C:\Users\Brad\Downloads\ProcessExplorer 2013-07-10 18:34 - 2013-01-31 09:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-10 18:34 - 2013-01-31 09:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-10 18:34 - 2013-01-12 09:27 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2013-07-10 18:34 - 2013-01-12 07:54 - 00000000 ____D C:\ProgramData\Licenses 2013-07-10 18:34 - 2013-01-09 07:51 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-10 18:34 - 2013-01-07 06:35 - 00000000 ____D C:\ProgramData\FLEXnet 2013-07-10 18:34 - 2013-01-06 05:50 - 00000000 ____D C:\Windows\Minidump 2013-07-10 18:34 - 2013-01-04 19:11 - 00000000 ____D C:\users\Brad 2013-07-10 18:34 - 2012-12-28 12:39 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-10 18:34 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-10 18:34 - 2010-11-20 23:16 - 00000000 ____D C:\Windows\ShellNew 2013-07-10 18:34 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-10 18:34 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-07-10 17:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-07-10 13:27 - 2013-01-04 20:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-10 13:27 - 2012-12-28 11:54 - 01403219 ____A C:\Windows\WindowsUpdate.log 2013-07-10 13:23 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-10 13:23 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-10 13:20 - 2011-06-29 10:51 - 00036176 ____A C:\Windows\setupact.log 2013-07-10 13:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-10 09:53 - 2013-07-10 09:53 - 00003288 ____N C:\bootsqm.dat 2013-07-10 09:52 - 2013-07-10 09:52 - 00000000 __SHD C:\found.000 2013-07-10 09:43 - 2013-07-10 09:43 - 69730304 ____A C:\Windows\System32\config\software.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 20709376 ____A C:\Windows\System32\config\system.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\security.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\sam.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\default.bhv 2013-07-10 08:38 - 2013-07-10 08:38 - 00000000 ___AD C:\$Anvi Rescue Disk$ 2013-07-10 08:12 - 2009-07-13 21:08 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-10 08:08 - 2013-07-10 08:08 - 01097640 ____A C:\Users\Brad\AppData\Local\2433f433 2013-07-10 08:08 - 2013-07-10 08:08 - 01097637 ____A C:\ProgramData\2433f433 2013-07-10 08:08 - 2013-07-10 08:08 - 01097615 ____A C:\Users\Brad\AppData\Roaming\2433f433 2013-07-10 08:04 - 2013-07-10 08:04 - 00000000 ____D C:\Users\Brad\Downloads\kecp_photoreal_update 2013-07-10 08:04 - 2013-07-10 08:03 - 00000000 ____D C:\Users\Brad\Downloads\kecp_northwest_florida_beaches_intl_panama_city 2013-07-09 19:35 - 2013-01-04 21:06 - 00000000 ____D C:\Users\Brad\Documents\Flight Simulator X Files 2013-07-09 19:18 - 2013-06-20 18:01 - 00084088 ____A C:\AEMODULE.LOG 2013-07-09 11:51 - 2013-07-09 11:51 - 00067775 ____A C:\Users\Brad\Desktop\fsx.cfg 2013-07-08 09:32 - 2013-07-08 09:32 - 00006274 ____A C:\Users\Brad\Documents\Unilever - Covington.xls 2013-07-07 17:45 - 2013-01-13 09:56 - 00000221 ____A C:\Windows\AISmooth.INI 2013-07-07 17:01 - 2013-01-20 07:17 - 00000000 ____D C:\Users\Brad\Desktop\aismv120 2013-07-02 06:51 - 2013-07-02 06:51 - 00187359 ____A C:\Users\Brad\Documents\zep pa first load.xps 2013-07-01 19:26 - 2013-07-01 19:26 - 00565248 ____A (Mise Technology,Inc) C:\Users\Brad\AppData\Roaming\mckqup.dll 2013-07-01 19:26 - 2013-07-01 19:26 - 00417792 ____A (DIA Corporation) C:\Users\Brad\AppData\Roaming\ruidop.dll 2013-07-01 19:25 - 2013-07-01 19:25 - 00000012 ____A C:\Windows\sruna.log 2013-07-01 18:48 - 2013-07-01 18:48 - 00293784 ____A C:\Windows\Minidump\070113-12230-01.dmp 2013-07-01 18:48 - 2013-01-06 05:50 - 1326581077 ____A C:\Windows\MEMORY.DMP 2013-06-30 05:55 - 2013-06-30 05:55 - 00293768 ____A C:\Windows\Minidump\063013-6598-01.dmp 2013-06-29 06:38 - 2013-06-29 06:38 - 00000000 ____D C:\Users\Brad\Downloads\ualx145 2013-06-29 04:11 - 2013-06-29 04:11 - 00000000 ____D C:\Users\Brad\Downloads\EMBserie_for_MSFS 2013-06-28 19:50 - 2009-07-13 21:13 - 00743982 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-27 04:13 - 2010-11-20 19:47 - 00021604 ____A C:\Windows\PFRO.log 2013-06-26 19:39 - 2013-01-05 07:47 - 00000000 ____D C:\Users\Brad\AppData\Roaming\BitTorrent 2013-06-26 18:35 - 2013-06-26 18:35 - 00000000 ____D C:\Users\Brad\Documents\Aerosoft 2013-06-25 12:12 - 2013-01-05 16:30 - 00000000 ____D C:\ProgramData\Esellerate 2013-06-24 08:56 - 2013-06-24 08:56 - 00000856 ____A C:\Users\Public\Desktop\FDC Live Cockpit.lnk 2013-06-24 08:56 - 2013-01-19 19:34 - 00000000 ____D C:\Program Files (x86)\Aerosoft 2013-06-24 08:56 - 2012-12-28 11:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-24 08:40 - 2013-06-24 08:40 - 00000000 ____D C:\Users\Brad\AppData\Roaming\InstallShield 2013-06-24 08:38 - 2013-06-24 08:38 - 00000000 ____D C:\Users\Brad\Downloads\AS_FDCX 2013-06-24 07:53 - 2013-01-26 05:32 - 00003919 ____A C:\Program Files (x86)\INSTALL.LOG 2013-06-23 07:00 - 2013-06-23 07:00 - 00293752 ____A C:\Windows\Minidump\062313-6598-01.dmp 2013-06-23 04:53 - 2013-06-23 04:53 - 00000197 ____A C:\Users\Brad\FlightBeam_Washington Dulles Intl - HD.reg 2013-06-22 05:00 - 2013-06-22 05:00 - 00003148 ____A C:\Windows\System32\Tasks\{57C36066-1997-408A-8E30-8DBF1DE9C9F1} 2013-06-22 04:59 - 2013-06-22 04:59 - 03536847 ____A () C:\Users\Brad\Downloads\SKYDC-9_51_FSX_DAL_Setup.exe 2013-06-21 04:13 - 2009-07-13 20:45 - 00439904 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-20 17:49 - 2013-06-20 17:49 - 00000000 ____D C:\Users\Brad\AppData\Local\Flight1 Software 2013-06-20 17:47 - 2013-06-20 17:47 - 00000877 ____A C:\Users\Public\Desktop\Audio Environment Configuration Manager.lnk 2013-06-20 17:47 - 2013-06-20 17:47 - 00000858 ____A C:\Users\Public\Desktop\Third Party Aircraft Sound Installer.lnk 2013-06-20 17:46 - 2013-06-20 17:46 - 00000000 ____D C:\Users\Brad\Downloads\FSX - Flight1 - TSS - Audio Environment - Airliner Edition V1.2 2013-06-20 15:38 - 2013-06-20 12:49 - 574635825 ____A C:\Users\Brad\Downloads\FSX - Flight1 - TSS - Audio Environment - Airliner Edition V1.2.rar 2013-06-20 08:46 - 2013-01-04 19:11 - 00118752 ____A C:\Users\Brad\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-20 07:26 - 2013-06-20 07:26 - 00000000 ____D C:\ProgramData\CaptainSim 2013-06-20 07:25 - 2013-06-20 07:25 - 00000000 ____D C:\Users\Brad\Downloads\CS777 2013-06-19 07:57 - 2013-06-19 07:57 - 00003992 ____A C:\Users\Brad\Downloads\cls_b763_panel_retrofit.zip 2013-06-19 05:24 - 2013-06-19 05:17 - 00001059 ____A C:\Users\Public\Desktop\PMDG 747-400 FSX Load Manager.lnk 2013-06-18 15:43 - 2013-05-19 05:35 - 00000000 ____D C:\Users\Brad\Documents\Wilco CRJ 2013-06-18 15:43 - 2013-01-12 07:57 - 00000000 ____D C:\Users\Brad\AppData\Roaming\Virtuali 2013-06-18 12:15 - 2013-06-18 12:15 - 00000000 ____D C:\Users\Brad\Downloads\fsx_hawaiian_717-200 2013-06-15 23:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-06-15 06:27 - 2013-01-04 20:21 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-15 06:27 - 2013-01-04 20:21 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-15 06:27 - 2013-01-04 20:21 - 00003768 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-06-15 06:18 - 2013-01-04 20:21 - 00000000 ____D C:\Windows\System32\Macromed 2013-06-15 06:17 - 2013-01-04 20:21 - 00000000 ____D C:\Windows\SysWOW64\Macromed ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2302057715-2896670223-2431684762-1002\$0040424851a523cef18c0a9fb7c7e5dd ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$0040424851a523cef18c0a9fb7c7e5dd Files to move or delete: ==================== C:\Users\Brad\AppData\Roaming\skype.dat ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-06-28 19:49:37 Restore point made on: 2013-06-29 09:55:40 Restore point made on: 2013-06-30 17:08:47 Restore point made on: 2013-07-07 15:00:09 Restore point made on: 2013-07-10 10:24:49 ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16338.94 MB Available physical RAM: 15122.32 MB Total Pagefile: 16337.14 MB Available Pagefile: 15141.07 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:38.34 GB) NTFS (Disk=0 Partition=2) Drive d: () (Fixed) (Total:698.63 GB) (Free:385.03 GB) NTFS (Disk=1 Partition=1) Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=2 Partition=1) ==>[system with boot components (obtained from reading drive)] Drive g: () (Fixed) (Total:698.54 GB) (Free:136.81 GB) NTFS (Disk=2 Partition=2) Drive h: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF Drive j: (Transcend) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT32 (Disk=4 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: A936AE3D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: A9A6A9A6) Partition 1: (Active) - (Size=699 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 77A5E191) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=0B) LastRegBack: 2013-07-07 08:27 ==================== End Of Log ============================
  4. I have been trying various different programs and tools, I cannot boot into Safe mode, please help anyone!
  5. I have tried many different fixes and I cannot get anything to rid my comp. of the malicious virus. I used the tool you recommend and here is the log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 03 Ran by SYSTEM on 10-07-2013 18:39:09 Running from J:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [8769536 2011-05-12] (C-Media Corporation) HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\syswow64\HsMgr.exe Envoke [200704 2008-07-10] () HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe Envoke [282112 2008-07-10] () HKLM\...\Run: [mckqup] - "C:\Windows\System32\rundll32.exe" "C:\Users\Brad\AppData\Roaming\mckqup.dll",ReleaseLock [565248 2013-07-01] (Mise Technology,Inc) HKLM\...\Run: [ruidop] - "C:\Windows\System32\rundll32.exe" "C:\Users\Brad\AppData\Roaming\ruidop.dll",Instance_NewRaw [417792 2013-07-01] (DIA Corporation) HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$0040424851a523cef18c0a9fb7c7e5dd\n. ATTENTION! ====> ZeroAccess HKLM-x32\...\Run: [uSB3MON] - "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-04] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [542104 2012-12-11] (Lavasoft) HKLM-x32\...\Run: [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x] HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\Brad\...\Run: [nHancer] - "C:\Program Files\nHancer\nHancer.exe" /tray [x] HKU\Brad\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Brad\AppData\Local\Temp\rbxbceegmxwsnlajebd.bfg [54272 2013-07-10] (NVIDIA Corporation) <===== ATTENTION HKU\Brad\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) HKU\Brad\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Brad\...\Command Processor: "C:\Users\Brad\AppData\Local\Temp\rbxbceegmxwsnlajebd.bfg" <===== ATTENTION! HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation) HKU\UpdatusUser\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation) Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XNL.lnk ShortcutTarget: XNL.lnk -> G:\Experience X Lights\FSXXNL\XNL.exe () ==================== Services (Whitelisted) ================= S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236968 2012-12-14] (Lavasoft Limited) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [150464 2012-08-10] (Futuremark Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) ==================== Drivers (Whitelisted) ==================== S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-09] (C-Media Inc) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security) S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-12] (GFI Software) S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-12-02] (Intel Corporation) S3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] () S3 SaiH0763; C:\Windows\System32\DRIVERS\SaiH0763.sys [178304 2008-02-15] (Saitek) S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-07-02] (Saitek) S3 ALSysIO; \??\C:\Users\Brad\AppData\Local\Temp\ALSysIO64.sys [x] S3 cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x] S3 e1cexpress; system32\DRIVERS\e1c62x64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-10 18:39 - 2013-07-10 18:39 - 00000000 ____D C:\FRST 2013-07-10 09:53 - 2013-07-10 09:53 - 00003288 ____N C:\bootsqm.dat 2013-07-10 09:52 - 2013-07-10 09:52 - 00000000 __SHD C:\found.000 2013-07-10 09:43 - 2013-07-10 09:43 - 69730304 ____A C:\Windows\System32\config\software.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 20709376 ____A C:\Windows\System32\config\system.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\security.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\sam.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\default.bhv 2013-07-10 08:38 - 2013-07-10 08:38 - 00000000 ___AD C:\$Anvi Rescue Disk$ 2013-07-10 08:08 - 2013-07-10 08:08 - 01097640 ____A C:\Users\Brad\AppData\Local\2433f433 2013-07-10 08:08 - 2013-07-10 08:08 - 01097637 ____A C:\ProgramData\2433f433 2013-07-10 08:08 - 2013-07-10 08:08 - 01097615 ____A C:\Users\Brad\AppData\Roaming\2433f433 2013-07-10 08:04 - 2013-07-10 08:04 - 00000000 ____D C:\Users\Brad\Downloads\kecp_photoreal_update 2013-07-10 08:03 - 2013-07-10 08:04 - 00000000 ____D C:\Users\Brad\Downloads\kecp_northwest_florida_beaches_intl_panama_city 2013-07-09 11:51 - 2013-07-09 11:51 - 00067775 ____A C:\Users\Brad\Desktop\fsx.cfg 2013-07-08 09:32 - 2013-07-08 09:32 - 00006274 ____A C:\Users\Brad\Documents\Unilever - Covington.xls 2013-07-02 06:51 - 2013-07-02 06:51 - 00187359 ____A C:\Users\Brad\Documents\zep pa first load.xps 2013-07-01 19:26 - 2013-07-01 19:26 - 00565248 ____A (Mise Technology,Inc) C:\Users\Brad\AppData\Roaming\mckqup.dll 2013-07-01 19:26 - 2013-07-01 19:26 - 00417792 ____A (DIA Corporation) C:\Users\Brad\AppData\Roaming\ruidop.dll 2013-07-01 19:25 - 2013-07-01 19:25 - 00000012 ____A C:\Windows\sruna.log 2013-07-01 18:48 - 2013-07-01 18:48 - 00293784 ____A C:\Windows\Minidump\070113-12230-01.dmp 2013-06-30 05:55 - 2013-06-30 05:55 - 00293768 ____A C:\Windows\Minidump\063013-6598-01.dmp 2013-06-29 12:49 - 2013-06-29 12:49 - 00000000 ____D C:\Users\Brad\Downloads\ProcessExplorer 2013-06-29 06:38 - 2013-06-29 06:38 - 00000000 ____D C:\Users\Brad\Downloads\ualx145 2013-06-29 04:11 - 2013-06-29 04:11 - 00000000 ____D C:\Users\Brad\Downloads\EMBserie_for_MSFS 2013-06-26 18:35 - 2013-06-26 18:35 - 00000000 ____D C:\Users\Brad\Documents\Aerosoft 2013-06-24 08:58 - 2004-12-19 12:34 - 00054404 ____A C:\Windows\SysWOW64\sndspeed.dll 2013-06-24 08:58 - 2004-07-19 10:54 - 00053248 ____A (FailSafe Systems) C:\Windows\SysWOW64\WinWorX.dll 2013-06-24 08:58 - 2003-11-20 09:27 - 00198656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx 2013-06-24 08:58 - 2003-11-13 12:44 - 00319488 ____A (Polar sales@polarsoftware.com www.polarsoftware.com) C:\Windows\SysWOW64\PolarZIPLight.dll 2013-06-24 08:58 - 2003-09-23 12:32 - 00458752 ____A (CSC) C:\Windows\SysWOW64\FDC_Buttons.ocx 2013-06-24 08:58 - 2002-03-13 19:46 - 00053248 ____A C:\Windows\SysWOW64\zlib.dll 2013-06-24 08:58 - 2000-07-09 16:15 - 00106496 ____A (Marco Bellinaso) C:\Windows\SysWOW64\MBPrgBar.ocx 2013-06-24 08:58 - 2000-05-22 13:58 - 00647872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx 2013-06-24 08:58 - 2000-05-21 22:00 - 01066176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX 2013-06-24 08:58 - 1999-05-06 21:00 - 00244232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSFLXGRD.OCX 2013-06-24 08:58 - 1998-06-24 02:00 - 00067376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Sysinfo.ocx 2013-06-24 08:58 - 1998-06-23 22:00 - 00164144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMCT232.OCX 2013-06-24 08:58 - 1998-06-23 22:00 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2013-06-24 08:58 - 1998-06-23 21:00 - 00115016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Msinet.ocx 2013-06-24 08:56 - 2013-06-24 08:56 - 00000856 ____A C:\Users\Public\Desktop\FDC Live Cockpit.lnk 2013-06-24 08:40 - 2013-06-24 08:40 - 00000000 ____D C:\Users\Brad\AppData\Roaming\InstallShield 2013-06-24 08:38 - 2013-06-24 08:38 - 00000000 ____D C:\Users\Brad\Downloads\AS_FDCX 2013-06-24 07:53 - 2009-12-19 05:02 - 10976768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.004 2013-06-23 07:00 - 2013-06-23 07:00 - 00293752 ____A C:\Windows\Minidump\062313-6598-01.dmp 2013-06-23 04:53 - 2013-06-23 04:53 - 00000197 ____A C:\Users\Brad\FlightBeam_Washington Dulles Intl - HD.reg 2013-06-22 06:47 - 2009-12-19 05:02 - 10976768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\temp.003 2013-06-22 05:00 - 2013-06-22 05:00 - 00003148 ____A C:\Windows\System32\Tasks\{57C36066-1997-408A-8E30-8DBF1DE9C9F1} 2013-06-22 04:59 - 2013-06-22 04:59 - 03536847 ____A () C:\Users\Brad\Downloads\SKYDC-9_51_FSX_DAL_Setup.exe 2013-06-20 18:01 - 2013-07-09 19:18 - 00084088 ____A C:\AEMODULE.LOG 2013-06-20 17:49 - 2013-06-20 17:49 - 00000000 ____D C:\Users\Brad\AppData\Local\Flight1 Software 2013-06-20 17:47 - 2013-06-20 17:47 - 00000877 ____A C:\Users\Public\Desktop\Audio Environment Configuration Manager.lnk 2013-06-20 17:47 - 2013-06-20 17:47 - 00000858 ____A C:\Users\Public\Desktop\Third Party Aircraft Sound Installer.lnk 2013-06-20 17:46 - 2013-06-20 17:46 - 00000000 ____D C:\Users\Brad\Downloads\FSX - Flight1 - TSS - Audio Environment - Airliner Edition V1.2 2013-06-20 12:49 - 2013-06-20 15:38 - 574635825 ____A C:\Users\Brad\Downloads\FSX - Flight1 - TSS - Audio Environment - Airliner Edition V1.2.rar 2013-06-20 07:26 - 2013-06-20 07:26 - 00000000 ____D C:\ProgramData\CaptainSim 2013-06-20 07:25 - 2013-06-20 07:25 - 00000000 ____D C:\Users\Brad\Downloads\CS777 2013-06-19 07:57 - 2013-06-19 07:57 - 00003992 ____A C:\Users\Brad\Downloads\cls_b763_panel_retrofit.zip 2013-06-19 05:17 - 2013-06-19 05:24 - 00001059 ____A C:\Users\Public\Desktop\PMDG 747-400 FSX Load Manager.lnk 2013-06-18 12:15 - 2013-06-18 12:15 - 00000000 ____D C:\Users\Brad\Downloads\fsx_hawaiian_717-200 2013-06-15 06:25 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-15 06:25 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-15 06:25 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-15 06:25 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-15 06:25 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-15 06:25 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-15 06:25 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-15 06:25 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-15 06:25 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-15 06:25 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-15 06:25 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-15 06:25 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-15 06:25 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-15 06:25 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-15 06:25 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-15 06:25 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-15 06:25 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-15 06:25 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-15 06:25 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-15 06:22 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 06:22 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 06:22 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 06:22 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 06:22 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 06:22 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 06:22 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 06:22 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 06:22 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 06:22 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 06:22 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 06:22 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-15 06:22 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-15 06:22 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-15 06:22 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-15 06:22 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-15 06:22 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-15 06:22 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-15 06:22 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-15 06:22 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe ==================== One Month Modified Files and Folders ======= 2013-07-10 18:39 - 2013-07-10 18:39 - 00000000 ____D C:\FRST 2013-07-10 18:34 - 2013-06-29 12:49 - 00000000 ____D C:\Users\Brad\Downloads\ProcessExplorer 2013-07-10 18:34 - 2013-01-31 09:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-10 18:34 - 2013-01-31 09:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-10 18:34 - 2013-01-12 09:27 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2013-07-10 18:34 - 2013-01-12 07:54 - 00000000 ____D C:\ProgramData\Licenses 2013-07-10 18:34 - 2013-01-09 07:51 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-10 18:34 - 2013-01-07 06:35 - 00000000 ____D C:\ProgramData\FLEXnet 2013-07-10 18:34 - 2013-01-06 05:50 - 00000000 ____D C:\Windows\Minidump 2013-07-10 18:34 - 2013-01-04 19:11 - 00000000 ____D C:\users\Brad 2013-07-10 18:34 - 2012-12-28 12:39 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-10 18:34 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-10 18:34 - 2010-11-20 23:16 - 00000000 ____D C:\Windows\ShellNew 2013-07-10 18:34 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-10 18:34 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-07-10 17:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-07-10 13:27 - 2013-01-04 20:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-10 13:27 - 2012-12-28 11:54 - 01403219 ____A C:\Windows\WindowsUpdate.log 2013-07-10 13:23 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-10 13:23 - 2009-07-13 20:45 - 00021872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-10 13:20 - 2011-06-29 10:51 - 00036176 ____A C:\Windows\setupact.log 2013-07-10 13:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-10 09:53 - 2013-07-10 09:53 - 00003288 ____N C:\bootsqm.dat 2013-07-10 09:52 - 2013-07-10 09:52 - 00000000 __SHD C:\found.000 2013-07-10 09:43 - 2013-07-10 09:43 - 69730304 ____A C:\Windows\System32\config\software.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 20709376 ____A C:\Windows\System32\config\system.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\security.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\sam.bhv 2013-07-10 09:43 - 2013-07-10 09:43 - 00262144 ____A C:\Windows\System32\config\default.bhv 2013-07-10 08:38 - 2013-07-10 08:38 - 00000000 ___AD C:\$Anvi Rescue Disk$ 2013-07-10 08:12 - 2009-07-13 21:08 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-10 08:08 - 2013-07-10 08:08 - 01097640 ____A C:\Users\Brad\AppData\Local\2433f433 2013-07-10 08:08 - 2013-07-10 08:08 - 01097637 ____A C:\ProgramData\2433f433 2013-07-10 08:08 - 2013-07-10 08:08 - 01097615 ____A C:\Users\Brad\AppData\Roaming\2433f433 2013-07-10 08:04 - 2013-07-10 08:04 - 00000000 ____D C:\Users\Brad\Downloads\kecp_photoreal_update 2013-07-10 08:04 - 2013-07-10 08:03 - 00000000 ____D C:\Users\Brad\Downloads\kecp_northwest_florida_beaches_intl_panama_city 2013-07-09 19:35 - 2013-01-04 21:06 - 00000000 ____D C:\Users\Brad\Documents\Flight Simulator X Files 2013-07-09 19:18 - 2013-06-20 18:01 - 00084088 ____A C:\AEMODULE.LOG 2013-07-09 11:51 - 2013-07-09 11:51 - 00067775 ____A C:\Users\Brad\Desktop\fsx.cfg 2013-07-08 09:32 - 2013-07-08 09:32 - 00006274 ____A C:\Users\Brad\Documents\Unilever - Covington.xls 2013-07-07 17:45 - 2013-01-13 09:56 - 00000221 ____A C:\Windows\AISmooth.INI 2013-07-07 17:01 - 2013-01-20 07:17 - 00000000 ____D C:\Users\Brad\Desktop\aismv120 2013-07-02 06:51 - 2013-07-02 06:51 - 00187359 ____A C:\Users\Brad\Documents\zep pa first load.xps 2013-07-01 19:26 - 2013-07-01 19:26 - 00565248 ____A (Mise Technology,Inc) C:\Users\Brad\AppData\Roaming\mckqup.dll 2013-07-01 19:26 - 2013-07-01 19:26 - 00417792 ____A (DIA Corporation) C:\Users\Brad\AppData\Roaming\ruidop.dll 2013-07-01 19:25 - 2013-07-01 19:25 - 00000012 ____A C:\Windows\sruna.log 2013-07-01 18:48 - 2013-07-01 18:48 - 00293784 ____A C:\Windows\Minidump\070113-12230-01.dmp 2013-07-01 18:48 - 2013-01-06 05:50 - 1326581077 ____A C:\Windows\MEMORY.DMP 2013-06-30 05:55 - 2013-06-30 05:55 - 00293768 ____A C:\Windows\Minidump\063013-6598-01.dmp 2013-06-29 06:38 - 2013-06-29 06:38 - 00000000 ____D C:\Users\Brad\Downloads\ualx145 2013-06-29 04:11 - 2013-06-29 04:11 - 00000000 ____D C:\Users\Brad\Downloads\EMBserie_for_MSFS 2013-06-28 19:50 - 2009-07-13 21:13 - 00743982 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-27 04:13 - 2010-11-20 19:47 - 00021604 ____A C:\Windows\PFRO.log 2013-06-26 19:39 - 2013-01-05 07:47 - 00000000 ____D C:\Users\Brad\AppData\Roaming\BitTorrent 2013-06-26 18:35 - 2013-06-26 18:35 - 00000000 ____D C:\Users\Brad\Documents\Aerosoft 2013-06-25 12:12 - 2013-01-05 16:30 - 00000000 ____D C:\ProgramData\Esellerate 2013-06-24 08:56 - 2013-06-24 08:56 - 00000856 ____A C:\Users\Public\Desktop\FDC Live Cockpit.lnk 2013-06-24 08:56 - 2013-01-19 19:34 - 00000000 ____D C:\Program Files (x86)\Aerosoft 2013-06-24 08:56 - 2012-12-28 11:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-24 08:40 - 2013-06-24 08:40 - 00000000 ____D C:\Users\Brad\AppData\Roaming\InstallShield 2013-06-24 08:38 - 2013-06-24 08:38 - 00000000 ____D C:\Users\Brad\Downloads\AS_FDCX 2013-06-24 07:53 - 2013-01-26 05:32 - 00003919 ____A C:\Program Files (x86)\INSTALL.LOG 2013-06-23 07:00 - 2013-06-23 07:00 - 00293752 ____A C:\Windows\Minidump\062313-6598-01.dmp 2013-06-23 04:53 - 2013-06-23 04:53 - 00000197 ____A C:\Users\Brad\FlightBeam_Washington Dulles Intl - HD.reg 2013-06-22 05:00 - 2013-06-22 05:00 - 00003148 ____A C:\Windows\System32\Tasks\{57C36066-1997-408A-8E30-8DBF1DE9C9F1} 2013-06-22 04:59 - 2013-06-22 04:59 - 03536847 ____A () C:\Users\Brad\Downloads\SKYDC-9_51_FSX_DAL_Setup.exe 2013-06-21 04:13 - 2009-07-13 20:45 - 00439904 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-20 17:49 - 2013-06-20 17:49 - 00000000 ____D C:\Users\Brad\AppData\Local\Flight1 Software 2013-06-20 17:47 - 2013-06-20 17:47 - 00000877 ____A C:\Users\Public\Desktop\Audio Environment Configuration Manager.lnk 2013-06-20 17:47 - 2013-06-20 17:47 - 00000858 ____A C:\Users\Public\Desktop\Third Party Aircraft Sound Installer.lnk 2013-06-20 17:46 - 2013-06-20 17:46 - 00000000 ____D C:\Users\Brad\Downloads\FSX - Flight1 - TSS - Audio Environment - Airliner Edition V1.2 2013-06-20 15:38 - 2013-06-20 12:49 - 574635825 ____A C:\Users\Brad\Downloads\FSX - Flight1 - TSS - Audio Environment - Airliner Edition V1.2.rar 2013-06-20 08:46 - 2013-01-04 19:11 - 00118752 ____A C:\Users\Brad\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-20 07:26 - 2013-06-20 07:26 - 00000000 ____D C:\ProgramData\CaptainSim 2013-06-20 07:25 - 2013-06-20 07:25 - 00000000 ____D C:\Users\Brad\Downloads\CS777 2013-06-19 07:57 - 2013-06-19 07:57 - 00003992 ____A C:\Users\Brad\Downloads\cls_b763_panel_retrofit.zip 2013-06-19 05:24 - 2013-06-19 05:17 - 00001059 ____A C:\Users\Public\Desktop\PMDG 747-400 FSX Load Manager.lnk 2013-06-18 15:43 - 2013-05-19 05:35 - 00000000 ____D C:\Users\Brad\Documents\Wilco CRJ 2013-06-18 15:43 - 2013-01-12 07:57 - 00000000 ____D C:\Users\Brad\AppData\Roaming\Virtuali 2013-06-18 12:15 - 2013-06-18 12:15 - 00000000 ____D C:\Users\Brad\Downloads\fsx_hawaiian_717-200 2013-06-15 23:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-06-15 06:27 - 2013-01-04 20:21 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-15 06:27 - 2013-01-04 20:21 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-15 06:27 - 2013-01-04 20:21 - 00003768 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-06-15 06:18 - 2013-01-04 20:21 - 00000000 ____D C:\Windows\System32\Macromed 2013-06-15 06:17 - 2013-01-04 20:21 - 00000000 ____D C:\Windows\SysWOW64\Macromed ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2302057715-2896670223-2431684762-1002\$0040424851a523cef18c0a9fb7c7e5dd ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$0040424851a523cef18c0a9fb7c7e5dd Files to move or delete: ==================== C:\Users\Brad\AppData\Roaming\skype.dat ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-06-28 19:49:37 Restore point made on: 2013-06-29 09:55:40 Restore point made on: 2013-06-30 17:08:47 Restore point made on: 2013-07-07 15:00:09 Restore point made on: 2013-07-10 10:24:49 ==================== Memory info =========================== Percentage of memory in use: 7% Total physical RAM: 16338.94 MB Available physical RAM: 15122.32 MB Total Pagefile: 16337.14 MB Available Pagefile: 15141.07 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:38.34 GB) NTFS (Disk=0 Partition=2) Drive d: () (Fixed) (Total:698.63 GB) (Free:385.03 GB) NTFS (Disk=1 Partition=1) Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=2 Partition=1) ==>[system with boot components (obtained from reading drive)] Drive g: () (Fixed) (Total:698.54 GB) (Free:136.81 GB) NTFS (Disk=2 Partition=2) Drive h: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF Drive j: (Transcend) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT32 (Disk=4 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: A936AE3D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: A9A6A9A6) Partition 1: (Active) - (Size=699 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 77A5E191) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (Size: 2 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=2 GB) - (Type=0B) LastRegBack: 2013-07-07 08:27 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.