Jump to content

Avira virus?


Recommended Posts

Sorry, posted this to the wrong forum earlier, very frustrating day!

 

Hi folks, I hope you can bail me out again!

 

When I started my machine this morning I had a popup that looked like it came from Avira AV and said there was an update and needed to restart the computer to install it. Like a dummy I went ahead and did that because it looked legit, I do have Avira free installed.

 

Now the machine will not get past the Welcome screen, it goes black and reboots constantly. I finally got it into Safe mode with networking, ran Malewarebytes twice, once quick and once full scan, and it found and removed 2 files, but the problem continues.

 

Whatever this is also wiped out my restore points. I have another computer, a laptop with XP, and when I started that up, the same popup is there but no way I was touching it! It is still on the laptop desktop and until I get this fixed that machine is never getting rebooted.

 

I hope you folks can help with this, you have been a huge help in the past, its been quite a while since I visited here.

 

TIA!

----------------------------------------------------------------------------------------------

Logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16506  BrowserJavaVersion: 10.17.2
Run by Jay at 11:33:36 on 2013-10-07
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.6135.5243 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files (x86)\DAP\DAP.EXE
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uSearch Bar = Preserve
BHO: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll
BHO: Watch for Browser Events: {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\Program Files (x86)\Keyboard Express 3\kie.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU53\tbcore3.dll
BHO: Rich Media Downloader: {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Jay\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: BHO_TIMELINEREMOVE.Bho: {e7b9b609-19ad-40a4-a288-b300a3087465} -
BHO: Rich Media Player: {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Users\Jay\AppData\Local\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll
BHO: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\dapieloader.dll
BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU53\Grabber.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU53\tbcore3.dll
TB: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU53\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "C:\Users\Jay\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [searchProtection] C:\ProgramData\Search Protection\_run.bat
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADkAOQA0ADcAMAA2ADgALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAA"&"prod=90"&"ver=9.0.872
mRunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Jay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MailWasherPro.lnk - C:\Program Files (x86)\MailWasher Pro\MailWasher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: HideSCAHealth = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Jay\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.






DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

TCP: NameServer = 192.168.10.1
TCP: Interfaces\{A57409A5-809B-40AD-96AF-9D25F0ACE2E7} : DHCPNameServer = 192.168.10.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: BHO_TIMELINEREMOVE.Bho: {e7b9b609-19ad-40a4-a288-b300a3087465} -
x64-BHO: DAPIELoader Class: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\DAPIELoader64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\Program Files (x86)\DAP\dapie64.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-12-13 14456]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-6-19 69152]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-5-4 140672]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-2-21 1236336]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R3 chdrvr03;chdrvr03;C:\Windows\System32\drivers\chdrvr03.sys [2013-7-23 24240]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-6 28600]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-2-17 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-2-17 12368]
S2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-6 440392]
S2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-6 440392]
S2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-6 105856]
S2 Backup Exec System Recovery;Backup Exec System Recovery;C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe [2009-10-1 4591456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2010-5-15 19432]
S2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-5-14 23816]
S2 CrossLoopService;CrossLoop Service;C:\Users\Jay\AppData\Local\CrossLoop\CrossLoopService.exe [2010-5-16 560792]
S2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe [2012-2-29 45224]
S2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
S2 SBUpd;SpeedBit Update;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [2013-2-27 1097848]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S3 chdrvr01;chdrvr01;C:\Windows\System32\drivers\chdrvr01.sys [2013-7-23 248496]
S3 chdrvr02;chdrvr02;C:\Windows\System32\drivers\chdrvr02.sys [2013-7-23 11440]
S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216]
S3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2009-9-21 66608]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-12-13 39504]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\System32\drivers\lvsels64.sys [2011-10-13 67992]
S3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2011-8-19 4865568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-2-23 20992]
S3 SBUpdd;SpeedBit UpdateD;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [2013-2-27 40856]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-13 9728]
S3 SymSnapService;SymSnapService;C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapServicex64.exe [2009-9-21 2963960]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-15 1255736]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-8-6 1164360]
.
=============== Created Last 30 ================
.
2013-10-07 12:55:30 -------- d-----w- C:\Users\Jay\AppData\Local\{257B8B5B-5B05-4B62-9EDD-3BECE0323587}
2013-10-05 18:10:49 -------- d-----w- C:\Users\Jay\AppData\Local\{6FBDF05F-4CFA-45F2-B168-568216BA99B0}
2013-10-05 17:10:13 -------- d-----w- C:\Users\Jay\AppData\Local\{B575D835-C06E-4AD5-971C-84303070828F}
2013-10-05 14:59:31 -------- d-----w- C:\Program Files (x86)\WinMerge
2013-10-04 17:03:40 -------- d-----w- C:\Users\Jay\AppData\Local\{A15849C5-CB7F-4412-8ECC-7C913EDFD6FA}
2013-10-03 16:22:19 -------- d-----w- C:\Users\Jay\AppData\Local\{DB28843C-0AC0-484E-B90C-85066D47F991}
2013-10-03 14:51:13 175364 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\QW146X_Uninstal.exe
2013-10-03 03:06:18 -------- d-----w- C:\Users\Jay\AppData\Local\{8BFF6287-0779-41B5-9955-09EB6E5EB19E}
2013-10-02 13:03:43 -------- d-----w- C:\Users\Jay\AppData\Local\{189A3017-56D9-47D5-8C92-4E026BE0A6AD}
2013-10-02 07:07:22 3074048 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Qualitywings\LiveryManager\QW146Dispatcher.exe
2013-10-02 07:07:21 827392 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Qualitywings\qwings.dll
2013-10-02 07:07:21 73728 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Qualitywings\F1Activate.exe
2013-10-01 13:55:47 -------- d-----w- C:\Users\Jay\AppData\Local\{F963F5BA-0BF4-49D1-A4A7-D3CE8FCA071A}
2013-09-30 12:53:13 -------- d-----w- C:\Users\Jay\AppData\Local\{1677F5E4-4D05-4081-9CC9-23D73236B2E6}
2013-09-29 21:38:57 -------- d-----w- C:\Users\Jay\AppData\Local\{A8024499-ACCB-431A-AAC4-C2E65325BFB4}
2013-09-29 20:41:27 -------- d-----w- C:\Users\Jay\AppData\Local\{D90E64BC-B511-4D1F-BD7B-098E060B5D51}
2013-09-28 23:13:26 -------- d-----w- C:\Users\Jay\AppData\Local\{05EA78DF-3ECE-49EE-BAB6-4DB0F587E906}
2013-09-27 13:03:16 -------- d-----w- C:\Users\Jay\AppData\Local\{CA69498B-FB7D-430E-875B-515F09DDE9DF}
2013-09-26 22:30:33 -------- d-----w- C:\Users\Jay\AppData\Local\{E4E6D6CC-87A7-41B5-8B6A-30C8E9D8F20F}
2013-09-26 18:31:01 -------- d-----w- C:\Users\Jay\AppData\Local\{512674DA-6F1C-4F8D-B302-C352D14105BA}
2013-09-26 18:13:45 -------- d-----w- C:\Users\Jay\AppData\Local\{8429FD20-FF4D-43E9-9C41-72B4B3319644}
2013-09-25 12:57:31 -------- d-----w- C:\Users\Jay\AppData\Local\{FAF2988F-6363-4FD3-9D2F-FCEABD84ABEF}
2013-09-24 13:05:32 -------- d-----w- C:\Users\Jay\AppData\Local\{FEC0F437-5E0C-4FA7-9310-430DEC128097}
2013-09-24 04:38:29 -------- d-----w- C:\Users\Jay\AppData\Local\{5E606A0A-032D-4AB2-984F-985DA904B840}
2013-09-23 16:22:15 -------- d-----w- C:\Users\Jay\AppData\Local\{F42D03D3-C88D-4CEC-9C92-92843EB73656}
2013-09-23 13:00:58 -------- d-----w- C:\Users\Jay\AppData\Local\{4D1D7E4E-4BE6-41B8-BDE6-2BC96E0C6A09}
2013-09-22 14:29:39 -------- d-----w- C:\Users\Jay\AppData\Local\{A8960DE0-5211-4E45-9BBA-15255633FA93}
2013-09-21 13:34:48 -------- d-----w- C:\Users\Jay\AppData\Local\{0138E0B7-F5C0-4272-A96A-FE05BC44359F}
2013-09-20 17:48:03 -------- d-----w- C:\Users\Jay\AppData\Local\{B5136468-F33F-4475-9E3D-17474CCBBF54}
2013-09-19 05:01:45 -------- d-----w- C:\Users\Jay\AppData\Local\{34E95386-D3F1-4295-98DB-8C3ADA1FB568}
2013-09-18 13:29:31 -------- d-----w- C:\Users\Jay\AppData\Local\{0B62097D-882E-4F60-8838-E1F307C4D5A4}
2013-09-17 13:21:10 -------- d-----w- C:\Users\Jay\AppData\Local\{5728F226-F216-4466-A24C-A96D015640D0}
2013-09-17 00:31:33 -------- d-----w- C:\Users\Jay\AppData\Local\{FBF71B8C-6B49-4AC8-94C8-9CCA76B92A63}
2013-09-16 12:12:54 -------- d-----w- C:\Users\Jay\AppData\Local\{ACC6B9A8-649F-4160-84AF-BC60102DB2E6}
2013-09-15 20:28:11 -------- d-----w- C:\Users\Jay\AppData\Local\{689D4132-2883-44F8-AC10-D59F704CE136}
2013-09-14 21:45:29 -------- d-----w- C:\Users\Jay\AppData\Local\{32BA1E5C-6BD9-4550-A730-5C04170A0504}
2013-09-13 17:33:03 -------- d-----w- C:\Users\Jay\AppData\Local\{B0443BB6-D8F6-48F1-835F-46A9734F6F85}
2013-09-12 19:54:50 -------- d-----w- C:\Users\Jay\AppData\Local\{42EFBA76-8DC7-4E54-8EBA-A5E8D6178733}
2013-09-12 19:54:14 -------- d-----w- C:\Users\Jay\AppData\Local\{1F116570-7DA4-4C60-919D-F26196E39D2F}
2013-09-12 03:50:04 -------- d-----w- C:\Users\Jay\AppData\Local\{99B766E8-2A37-4794-B5CA-2FAEF2C62DE7}
2013-09-11 13:01:28 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-09-11 12:56:19 -------- d-----w- C:\Users\Jay\AppData\Local\{6BD4F19D-860A-46E9-837B-AC99237F7BD9}
2013-09-10 18:00:23 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-09-10 17:16:39 -------- d-----w- C:\Users\Jay\AppData\Local\Overwolf
2013-09-10 13:51:21 -------- d-----w- C:\Users\Jay\AppData\Local\{A4CA0E39-1E39-4448-A553-88BD764BF1DB}
2013-09-10 02:32:52 -------- d-----w- C:\Users\Jay\AppData\Local\{FF8426E7-3A39-45DD-8A77-420C428852A1}
2013-09-10 01:00:10 -------- d-----w- C:\Users\Jay\AppData\Local\{75F0FB43-E0F4-49B8-A184-86955E539600}
2013-09-09 12:29:12 -------- d-----w- C:\Users\Jay\AppData\Local\{3C2DBFA8-FB5B-4CF5-8C3F-981BCAE9E50C}
2013-09-08 14:08:18 -------- d-----w- C:\Users\Jay\AppData\Local\{1790E52E-4A78-4E43-84A7-DBB405EF8634}
2013-09-08 00:00:49 -------- d-----w- C:\Users\Jay\AppData\Local\{E9F67324-4F39-48DD-A4DA-5D22C099F260}
2013-09-07 23:22:51 -------- d-----w- C:\Users\Jay\AppData\Local\{771676A1-91FE-41D6-AEC6-B20347AAFF16}
2013-09-07 23:12:35 -------- d-----w- C:\Users\Jay\AppData\Local\{F02936EC-A1C0-4A64-8F6D-E19134A20776}
2013-09-07 20:37:33 -------- d-----w- C:\Users\Jay\AppData\Local\{9C5B5252-B6A4-4017-A7B8-CD4BBF6D6C88}
.
==================== Find3M  ====================
.
2013-10-07 13:07:00 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-10-07 13:07:00 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-10-07 13:07:00 105856 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-09-20 00:37:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-20 00:37:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-10 18:00:18 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-09-10 18:00:18 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-31 13:29:19 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-31 13:19:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-31 13:18:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-31 13:14:29 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-31 13:13:07 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-31 13:08:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-31 10:00:20 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-31 09:52:44 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-31 09:52:34 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-31 09:48:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-31 09:48:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-31 09:45:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-13 17:39:45 84176 ----a-w- C:\Program Files (x86)\Uninstal.exe
.
============= FINISH: 11:36:22.15 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/15/2010 4:42:01 PM
System Uptime: 10/7/2013 10:50:44 AM (1 hours ago)
.
Motherboard:  EVGA  |  | 132-BL-E758
Processor: Intel® Core i7 CPU         920  @ 2.67GHz | Socket 423 | 3990/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 262.475 GiB free.
E: is FIXED (NTFS) - 69 GiB total, 56.534 GiB free.
F: is FIXED (NTFS) - 69 GiB total, 54.758 GiB free.
J: is CDROM ()
L: is Removable
M: is CDROM (CDFS)
N: is Removable
P: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&136CDFB0&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&136CDFB0&0
Service: i8042prt
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
707 Captain (707-300) 1.2
727-100 Base Pack 2.4
727-200 Expansion Model 2.4
727 Freighter Expansion Model 2.4
737 Captain (737-100 Expansion Model) 1.5
737 Captain (737-200) 1.0
737 Captain (737-200ADV Expansion Model) 1.1
737 Captain (737-200C/F Expansion Models) 1.0
757-200 Base Pack
757-300 Expansion Model
757 Freighter Captain Expansion Model
767 Captain (767-200 Expansion model)
767 Captain (767-300 Base Pack)
767 Captain (767 Freighter Expansion model)
A2A C172 Trainer
Abacus Scenery Shortcut
ABBYY FineReader 6.0 Sprint
Accu-Feel
Acrobat.com
Ad-Aware Antivirus
Ad-Aware Security Add-on
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.0
Adobe Photoshop CS2
Adobe Premiere Pro 2.0
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 11.6
Adobe Stock Photos 1.0
Airport Design Editor 9x Version 1.47.7.0
Audacity 2.0.2
Avery Wizard 4.0
Avira Free Antivirus
B-52 Driver Upgrade 1.0
C185 SKYWAGON FSX
C185F SKYWAGON BUSH FSX
C90B King Air HD SERIES FSX
CameraHelperMsi
Captain Sim 757 World Airliners 3 v1.0b003
Carenado A36 Bonanza FSX
Carenado Baron 58 FSX
Carenado C 152 II
Carenado C208B Grand Caravan
Carenado C208B Super Cargomaster
Carenado F33A Bonanza
Carenado PA28-181 ARCHER II FSX
CCleaner
CH Control Manager Software
Common
Compatibility Pack for the 2007 Office system
Contents
Corel VideoStudio Essentials X4
CPUID CPU-Z 1.60.1
CrossLoop 2.72
CS Weather Radar 1.1
D3DX10
DAP Plug-in for 64 Bit IE
Dell Toolbar
Dell V310-V510 Series
DeviceIO
Download Accelerator Plus (DAP)
Eaglesoft Development Group  Citation CJ1+ FSX
Eaglesoft Development Group  Citation X 2.0 FSX
erLT
EVGA E-LEET TUNING UTILITY 1.06.5
EZdok Camera for Microsoft Flight Simulator X
FastStone Photo Resizer 3.1
FeelThere Phenom 100 LE
File Type Assistant
FileZilla Client 3.6.0.2
Final Media Player 2011
Flight Environment X
Flight Simulator X Pratt & Whitney R-2800 Radial Sound Pack
Flight1 Downloader
Flight1 King Air B200 for FSX
Fly the Maddog liveries
Fly the Maddog Professional 2010 Edition
Fraps (remove only)
FreeDiff v1.1.2
FS Panel Studio for FSX Build 20218
FSFDT FSCopilot
FSFDT FSInn
FSGenesis Alaska-Hawaii Terrain Mesh for FSX
FSGenesis Hawaii Airport Terrain Adjustment Pack - FSX
FSGenesis Hawaiian Waterfalls for FSX
FSGenesis Mexico Terrain Mesh for FSX
FSGenesis North America Terrain for FSX - Canada East
FSGenesis North America Terrain for FSX - Canada West
FSGenesis North America Terrain Mesh for FSX -- Eastern Rockies
FSGenesis North America Terrain Mesh for FSX -- Northeast
FSGenesis North America Terrain Mesh for FSX -- Plains
FSGenesis North America Terrain Mesh for FSX -- Southeast
FSGenesis North America Terrain Mesh for FSX -- West Coast
FSGenesis North America Terrain Mesh for FSX -- Western Rockies
FSGenesis North Atlantic Terrain for FSX
FSGenesis Northern Russia & Siberia Terrain Mesh for FSX
FSGenesis SE Alaska Airport Terrain Adjustment Pack - FSX
FSGenesis US National Landclass Project for FSX
FSGenesis World Terrain Mesh for FSX - Asia
FSGenesis World Terrain Mesh for FSX - Europe/Africa
FSGenesis World Terrain Mesh for FSX - West
FSrealWX lite version 1.07.1522
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Grand Canyon & KGCN V2
Ground Environment X Africa and the Middle East
Ground Environment X Asia and South America
Ground Environment X Atlantic and Pacific Tropics
Ground Environment X Europe
Ground Environment X North America
ICA
iFly Jets - The 737NG for FSX
Intel® Matrix Storage Manager
IPM_VS_Pro
ISCOM
Java 7 Update 17
Java 7 Update 25 (64-bit)
Java Auto Updater
JMicron JMB36X Driver
Junk Mail filter update
Keyboard Express 3
Leroy
Level-D American Airlines One World 1 v1.1b000
Level-D World Airliners 1 v1.1b003
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Power Tools
LiveUpdate 3.3 (Symantec Corporation)
Logitech Webcam Software
Logitech Webcam Software Driver Package
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
MAAM-SIM DOUGLAS R4D, DC-3, C-47 for FSX
magicJack
MailWasher Pro
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Flight
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Network Drive Mapping Utility
NVIDIA Control Panel 270.61
NVIDIA Graphics Driver 270.61
NVIDIA Install Application
NVIDIA Photoshop Plug-ins
O&O Defrag Professional
Pinnacle Studio 14
Pinnacle Video Driver
PMDG 737 6700 NGX RTM
PMDG 737 8900 NGX
PMDG 747-400/400F for FSX
PMDG 747-8i for use with PMDG 747-400X
PMDG 747X World Airliners 1 v1.1b004
PMDG_744-8F_5XF
PMDG_744-8F_FX
PMDG_744-8i_DL
PMDG_744-8i_UA
PMDG_744-8i_USAF1
PMDG_MD11_FSX
PMDG744XF_GE_5XF
PMDG744XF_PW_FXF
PMDGMD11X_GE_AA
PMDGMD11X_GE_CO
PMDGMD11X_GE_TW
PMDGMD11X_GE_US
PMDGMD11X_PW_DL
PMDGMD11X_PW_DL1
PMDGMD11X_PW_DL2
PMDGMD11X_PW_DL3
PMDGMD11X_PW_UA
PMDGMD11X_PW_UA1
PMDGMD11X_PW_UA2
PMDGMD11X_PW_UA3
PMDGMD11XF_GE_FXF1
PMDGMD11XF_PW_5XF
PMDGMD11XF_PW_FXF
PureHD
QualityWings Ultimate 146 Collection FSX
QualityWings Ultimate 757 Collection FSX 1.2
QuickTime
RealAir Turbine Duke
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Rich Media Player
SceneryTech Africa Landclass v1.0
SceneryTech Asia Landclass v1.0
SceneryTech Europe Landclass v1.1
SceneryTech North America Landclass v1.3
SceneryTech South America Landclass v1.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Setup
Share
Share64
Skype Click to Call
Skype™ 6.6
SpeedBit Video Downloader
SpywareBlaster 5.0
Super 80Pro AAL (v1.0)
Super 80Pro DAL (v1.0)
Super 80Pro DAL2 (v1.0)
Super 80Pro TWA (v1.0)
SUPERAntiSpyware
swMSM
Symantec Backup Exec System Recovery 2010
System Requirements Lab
TeamSpeak 2 RC2
TeamSpeak 3 Client
TimeLineRemove 0.9
TomTom HOME 2.8.3.2499
TomTom HOME Visual Studio Merge Modules
Tongass Fjords FSX
Ultimate Airliners - Super 80 Professional
Ultimate Alaska X V1.0
Ultimate Terrain X - USA
Ultimate Traffic 2 - Service Pack
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USB Video/Audio Device Driver
VAT-Spy
Ventrilo
VideoConverter
VIO
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
VSClassic
VSPro
War Thunder: World of Planes version 1.0.0.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinMerge 2.14.0
WinRAR archiver
X Graphics
Xtreme Prototypes 20 Series for Flight Simulator X
Yosemite/Mono Lake
.
==== Event Viewer Messages From Past Week ========
.
10/7/2013 9:17:28 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/7/2013 9:14:39 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  avipbb avkmgr cdrom discache SASDIFSV SASKUTIL spldr Wanarpv6
10/7/2013 12:10:53 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
10/7/2013 11:02:23 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
10/7/2013 11:02:23 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/7/2013 10:53:11 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
10/7/2013 10:51:57 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
10/7/2013 10:51:57 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
10/7/2013 10:51:57 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/7/2013 10:51:56 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/7/2013 10:51:54 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/7/2013 10:51:47 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/7/2013 10:51:11 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  avipbb avkmgr discache SASDIFSV SASKUTIL spldr Wanarpv6
10/7/2013 10:48:55 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the dleaCATSCustConnectService service to connect.
10/7/2013 10:48:55 AM, Error: Service Control Manager [7000]  - The dleaCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/7/2013 10:48:21 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
10/7/2013 10:48:21 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
10/7/2013 10:48:21 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
10/7/2013 10:48:21 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
10/6/2013 1:12:01 AM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  Not enough storage is available to complete this operation.
10/6/2013 1:12:00 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  Not enough storage is available to complete this operation.
10/5/2013 9:07:41 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
10/5/2013 9:07:41 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
10/5/2013 12:50:17 AM, Error: Service Control Manager [7038]  - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
10/5/2013 12:50:17 AM, Error: Service Control Manager [7000]  - The UPnP Device Host service failed to start due to the following error:  The service did not start due to a logon failure.
10/5/2013 12:50:17 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
10/3/2013 9:34:10 AM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/3/2013 9:33:20 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
10/3/2013 9:33:20 AM, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/3/2013 4:22:31 PM, Error: Disk [15]  - The device, \Device\Harddisk6\DR6, is not ready for access yet.
10/3/2013 12:15:59 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
10/3/2013 12:15:59 AM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/3/2013 12:02:47 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
10/2/2013 10:36:59 AM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Welcome to the forum, see if you can do this:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Thanks for the quick reply, here are the logs....

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Jay (administrator) on JAYFSX on 07-10-2013 13:48:50
Running from C:\Users\Jay\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [dleamon.exe] - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [770728 2011-01-23] ()
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAAzADkAOQA0ADcAMAA2ADgALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAA"&"prod=90"&"ver=9.0.872 [x]
HKLM-x32\...\RunOnce: [1] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p [218184 2013-04-04] ()
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6588144 2013-10-05] (SUPERAntiSpyware)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-17] (Google Inc.)
HKCU\...\Run: [cdloader] - C:\Users\Jay\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKCU\...\Run: [DownloadAccelerator] - C:\Program Files (x86)\DAP\DAP.EXE [3832464 2013-04-04] (Speedbit Ltd.)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 0
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [searchProtection] - C:\ProgramData\Search Protection\_run.bat [168 2013-03-22] ()
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\MailWasher Pro\MailWasher.exe (eCOSM)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKCU - {05C42AC7-C42D-48A4-8CD8-079FA75F1F1B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
SearchScopes: HKCU - {0D5DEBCB-75FA-4ea1-8D7E-7057DAA2A6DC} URL = http://search.speedbit.com/searchresults.asp?src=default&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=26FA034662E581D62B10A5514C82B2CD&q={searchTerms}
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: BHO_TIMELINEREMOVE.Bho - {e7b9b609-19ad-40a4-a288-b300a3087465} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\DAPIELoader64.dll (SpeedBit Ltd.)
BHO-x32: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
BHO-x32: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (SpeedBit Ltd.)
BHO-x32: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\Program Files (x86)\Keyboard Express 3\kie.dll (Insight Software Solutions)
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SBCONVERT Class - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU53\tbcore3.dll ()
BHO-x32: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Jay\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BHO_TIMELINEREMOVE.Bho - {e7b9b609-19ad-40a4-a288-b300a3087465} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Rich Media Player - {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Users\Jay\AppData\Local\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll ()
BHO-x32: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\dapieloader.dll (SpeedBit Ltd.)
BHO-x32: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU53\grabber.dll (SPEEDbit)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
Toolbar: HKLM-x32 - SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU53\tbcore3.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1305144947238
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1

Chrome:
=======


CHR Extension: (YouTube) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (DAP Link Checker) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.0.9_0
CHR Extension: (Google Search) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (ExFriendAlert) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.71_0
CHR Extension: (Gmail) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bodfdknjhecmadheclfjkhhiofeagdbh] - C:\Program Files (x86)\DAP\daplinkchecker.crx
CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Jay\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Jay\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com)
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-02-21] (Lavasoft Limited)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-07-20] (Adobe Systems)
S2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 Backup Exec System Recovery; C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe [4591456 2010-03-03] (Symantec Corporation)
S2 CrossLoopService; C:\Users\Jay\AppData\Local\CrossLoop\CrossLoopService.exe [560792 2010-03-15] (CrossLoop Inc)
S2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
S2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
S3 GenericMount Helper Service; C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S2 O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2287360 2009-09-12] (O&O Software GmbH)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1097848 2013-02-27] (Speedbit Ltd.)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 SymSnapService; C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows ® Codename Longhorn DDK provider)
S2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows ® Codename Longhorn DDK provider)
S2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [23816 2012-03-09] (CPUID)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-22] (GFI Software)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-07-12] (Lavasoft AB)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 lvsels64; C:\Windows\System32\DRIVERS\lvsels64.sys [67992 2009-10-07] (Logitech Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [40856 2013-02-27] ()
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\Jay\AppData\Local\Temp\ALSysIO64.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U2 V2iMount;
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-07 13:48 - 2013-10-07 13:48 - 00000000 ____D C:\FRST
2013-10-07 13:47 - 2013-10-07 13:47 - 01954124 _____ (Farbar) C:\Users\Jay\Downloads\FRST64.exe
2013-10-07 13:45 - 2013-10-07 13:45 - 01641768 _____ C:\Users\Jay\Desktop\Setup.exe.dap
2013-10-07 11:36 - 2013-10-07 11:36 - 00024902 _____ C:\Users\Jay\Desktop\dds.txt
2013-10-07 11:36 - 2013-10-07 11:36 - 00023635 _____ C:\Users\Jay\Desktop\attach.txt
2013-10-07 11:31 - 2013-10-07 11:31 - 00001051 _____ C:\Users\Jay\Desktop\Malware forum text.txt
2013-10-07 11:28 - 2013-10-07 11:28 - 00688992 ____R (Swearware) C:\Users\Jay\Desktop\dds.com
2013-10-07 11:28 - 2013-10-07 11:28 - 00688992 _____ (Swearware) C:\Users\Jay\Desktop\dds.scr
2013-10-07 11:17 - 2013-10-07 11:17 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Jay\Desktop\mbam-clean-1.60.2.0003.exe
2013-10-07 08:55 - 2013-10-07 08:56 - 00000000 ____D C:\Users\Jay\AppData\Local\{257B8B5B-5B05-4B62-9EDD-3BECE0323587}
2013-10-06 09:03 - 2013-10-06 15:03 - 99477982 _____ C:\Windows\SysWOW64\敉儔A
2013-10-05 16:39 - 2013-10-07 10:44 - 00002684 _____ C:\Windows\PFRO.log
2013-10-05 14:10 - 2013-10-05 14:11 - 00000000 ____D C:\Users\Jay\AppData\Local\{6FBDF05F-4CFA-45F2-B168-568216BA99B0}
2013-10-05 13:10 - 2013-10-05 13:10 - 00000000 ____D C:\Users\Jay\AppData\Local\{B575D835-C06E-4AD5-971C-84303070828F}
2013-10-05 11:00 - 2013-10-05 11:00 - 00001068 _____ C:\Users\Public\Desktop\WinMerge.lnk
2013-10-05 11:00 - 2013-10-05 11:00 - 00000000 ____D C:\Users\Jay\Documents\WinMerge
2013-10-05 10:59 - 2013-10-05 11:00 - 00000000 ____D C:\Program Files (x86)\WinMerge
2013-10-04 13:03 - 2013-10-04 13:04 - 00000000 ____D C:\Users\Jay\AppData\Local\{A15849C5-CB7F-4412-8ECC-7C913EDFD6FA}
2013-10-03 13:37 - 2013-10-06 10:36 - 00002192 _____ C:\Users\Jay\Desktop\B5.txt
2013-10-03 12:22 - 2013-10-03 12:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{DB28843C-0AC0-484E-B90C-85066D47F991}
2013-10-03 10:21 - 2013-10-03 10:21 - 00000826 _____ C:\Users\Jay\Desktop\Stage3 - B5b - QualityWings Simulations Forum.url
2013-10-02 23:06 - 2013-10-02 23:06 - 00000000 ____D C:\Users\Jay\AppData\Local\{8BFF6287-0779-41B5-9955-09EB6E5EB19E}
2013-10-02 10:14 - 2013-10-02 10:14 - 00000288 _____ C:\Users\Jay\Desktop\Tor Browser Bundle.url
2013-10-02 09:03 - 2013-10-02 09:04 - 00000000 ____D C:\Users\Jay\AppData\Local\{189A3017-56D9-47D5-8C92-4E026BE0A6AD}
2013-10-01 09:55 - 2013-10-01 09:56 - 00000000 ____D C:\Users\Jay\AppData\Local\{F963F5BA-0BF4-49D1-A4A7-D3CE8FCA071A}
2013-09-30 18:07 - 2013-09-30 18:07 - 44927466 _____ C:\Users\Jay\Downloads\PPS2.zip
2013-09-30 18:03 - 2005-04-12 16:59 - 37498884 _____ C:\Users\Jay\Downloads\DefolianceFINAL2.mpg
2013-09-30 18:03 - 2003-02-09 23:29 - 06259007 _____ C:\Users\Jay\Downloads\DefolianceFINAL.wmv
2013-09-30 18:01 - 2013-09-30 18:01 - 35381742 _____ C:\Users\Jay\Downloads\Eggs PPS.zip
2013-09-30 08:53 - 2013-09-30 08:53 - 00000000 ____D C:\Users\Jay\AppData\Local\{1677F5E4-4D05-4081-9CC9-23D73236B2E6}
2013-09-29 17:38 - 2013-09-29 17:38 - 00000000 ____D C:\Users\Jay\AppData\Local\{A8024499-ACCB-431A-AAC4-C2E65325BFB4}
2013-09-29 16:41 - 2013-09-29 16:41 - 00000000 ____D C:\Users\Jay\AppData\Local\{D90E64BC-B511-4D1F-BD7B-098E060B5D51}
2013-09-29 08:54 - 2013-09-29 08:56 - 19992915 _____ C:\Users\Jay\Downloads\FA 2.5_Setup.rar
2013-09-28 19:13 - 2013-09-28 19:14 - 00000000 ____D C:\Users\Jay\AppData\Local\{05EA78DF-3ECE-49EE-BAB6-4DB0F587E906}
2013-09-28 12:07 - 2013-10-07 13:12 - 00001344 _____ C:\Windows\setupact.log
2013-09-28 12:07 - 2013-09-28 12:07 - 00000000 _____ C:\Windows\setuperr.log
2013-09-28 11:53 - 2013-09-28 11:53 - 00000192 _____ C:\Users\Jay\Desktop\Retail Detail Merchandising  Sealane Marketing  Category Management.url
2013-09-27 16:05 - 2013-09-27 16:05 - 00000380 _____ C:\Users\Jay\Desktop\Removing photo albums - Page 3.url
2013-09-27 09:03 - 2013-09-27 09:03 - 00000000 ____D C:\Users\Jay\AppData\Local\{CA69498B-FB7D-430E-875B-515F09DDE9DF}
2013-09-26 18:30 - 2013-09-26 18:31 - 00000000 ____D C:\Users\Jay\AppData\Local\{E4E6D6CC-87A7-41B5-8B6A-30C8E9D8F20F}
2013-09-26 14:31 - 2013-09-26 14:31 - 00000000 ____D C:\Users\Jay\AppData\Local\{512674DA-6F1C-4F8D-B302-C352D14105BA}
2013-09-26 14:13 - 2013-09-26 14:13 - 00000000 ____D C:\Users\Jay\AppData\Local\{8429FD20-FF4D-43E9-9C41-72B4B3319644}
2013-09-25 08:57 - 2013-09-25 08:58 - 00000000 ____D C:\Users\Jay\AppData\Local\{FAF2988F-6363-4FD3-9D2F-FCEABD84ABEF}
2013-09-24 09:05 - 2013-09-24 09:06 - 00000000 ____D C:\Users\Jay\AppData\Local\{FEC0F437-5E0C-4FA7-9310-430DEC128097}
2013-09-24 00:38 - 2013-09-24 00:38 - 00000000 ____D C:\Users\Jay\AppData\Local\{5E606A0A-032D-4AB2-984F-985DA904B840}
2013-09-23 12:22 - 2013-09-23 12:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{F42D03D3-C88D-4CEC-9C92-92843EB73656}
2013-09-23 09:00 - 2013-09-23 09:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{4D1D7E4E-4BE6-41B8-BDE6-2BC96E0C6A09}
2013-09-22 10:29 - 2013-09-22 10:30 - 00000000 ____D C:\Users\Jay\AppData\Local\{A8960DE0-5211-4E45-9BBA-15255633FA93}
2013-09-22 09:43 - 2013-09-22 09:43 - 98586517 _____ C:\Windows\SysWOW64\嗇鈺x
2013-09-21 09:34 - 2013-09-21 09:35 - 00000000 ____D C:\Users\Jay\AppData\Local\{0138E0B7-F5C0-4272-A96A-FE05BC44359F}
2013-09-20 13:48 - 2013-09-20 13:48 - 00000000 ____D C:\Users\Jay\AppData\Local\{B5136468-F33F-4475-9E3D-17474CCBBF54}
2013-09-19 10:10 - 2003-09-23 00:05 - 19964840 _____ C:\Users\Jay\Downloads\Faii_Setup.zip
2013-09-19 01:01 - 2013-09-19 01:02 - 00000000 ____D C:\Users\Jay\AppData\Local\{34E95386-D3F1-4295-98DB-8C3ADA1FB568}
2013-09-18 09:29 - 2013-09-18 09:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{0B62097D-882E-4F60-8838-E1F307C4D5A4}
2013-09-17 09:21 - 2013-09-17 09:21 - 00000000 ____D C:\Users\Jay\AppData\Local\{5728F226-F216-4466-A24C-A96D015640D0}
2013-09-16 20:31 - 2013-09-16 20:32 - 00000000 ____D C:\Users\Jay\AppData\Local\{FBF71B8C-6B49-4AC8-94C8-9CCA76B92A63}
2013-09-16 08:59 - 2013-09-16 08:59 - 00000141 _____ C:\Users\Jay\Desktop\FSXWX Instructions.url
2013-09-16 08:12 - 2013-09-16 08:13 - 00000000 ____D C:\Users\Jay\AppData\Local\{ACC6B9A8-649F-4160-84AF-BC60102DB2E6}
2013-09-15 16:28 - 2013-09-15 16:28 - 00000000 ____D C:\Users\Jay\AppData\Local\{689D4132-2883-44F8-AC10-D59F704CE136}
2013-09-14 17:45 - 2013-09-14 17:46 - 00000000 ____D C:\Users\Jay\AppData\Local\{32BA1E5C-6BD9-4550-A730-5C04170A0504}
2013-09-14 15:34 - 2013-09-14 15:34 - 97600188 _____ C:\Windows\SysWOW64\ॳ喫
2013-09-13 18:22 - 2013-09-13 18:22 - 00002069 _____ C:\Users\Jay\Desktop\Flightradar24.com - Live flight tracker!.url
2013-09-13 15:20 - 2013-09-13 15:20 - 00001561 _____ C:\Users\Jay\Desktop\MD80 Manager & Setup.lnk
2013-09-13 13:33 - 2013-09-13 13:33 - 00000000 ____D C:\Users\Jay\AppData\Local\{B0443BB6-D8F6-48F1-835F-46A9734F6F85}
2013-09-12 15:54 - 2013-09-12 15:55 - 00000000 ____D C:\Users\Jay\AppData\Local\{42EFBA76-8DC7-4E54-8EBA-A5E8D6178733}
2013-09-12 15:54 - 2013-09-12 15:54 - 00000000 ____D C:\Users\Jay\AppData\Local\{1F116570-7DA4-4C60-919D-F26196E39D2F}
2013-09-11 23:50 - 2013-09-11 23:50 - 00000000 ____D C:\Users\Jay\AppData\Local\{99B766E8-2A37-4794-B5CA-2FAEF2C62DE7}
2013-09-11 23:23 - 2013-09-11 23:23 - 00000265 _____ C:\Users\Jay\Desktop\Ground Environment X Series - SimForums.com Discussion - Page 1.url
2013-09-11 09:05 - 2013-07-31 10:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 09:05 - 2013-07-31 09:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 09:05 - 2013-07-31 09:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 09:05 - 2013-07-31 09:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 09:05 - 2013-07-31 09:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 09:05 - 2013-07-31 09:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 09:05 - 2013-07-31 09:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-11 09:05 - 2013-07-31 09:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 09:05 - 2013-07-31 09:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-11 09:05 - 2013-07-31 09:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 09:05 - 2013-07-31 09:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-11 09:05 - 2013-07-31 09:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 09:05 - 2013-07-31 09:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 09:05 - 2013-07-31 09:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-11 09:05 - 2013-07-31 09:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 09:05 - 2013-07-31 09:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 09:05 - 2013-07-31 06:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 09:05 - 2013-07-31 06:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 09:05 - 2013-07-31 06:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 09:05 - 2013-07-31 05:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 09:05 - 2013-07-31 05:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-11 09:05 - 2013-07-31 05:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 09:05 - 2013-07-31 05:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-11 09:05 - 2013-07-31 05:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 09:05 - 2013-07-31 05:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 09:05 - 2013-07-31 05:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-11 09:05 - 2013-07-31 05:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-11 09:05 - 2013-07-31 05:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 09:05 - 2013-07-31 05:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 09:05 - 2013-07-31 05:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 09:05 - 2013-07-31 05:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-11 09:05 - 2013-07-31 05:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 09:01 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:01 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:01 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 09:01 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 09:01 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 09:01 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 09:01 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 09:01 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:01 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 09:01 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:01 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:01 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:01 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 09:01 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 09:01 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 09:01 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:01 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 09:01 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 09:01 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 09:01 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 09:01 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 09:01 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:01 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:01 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 09:01 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 09:01 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 08:56 - 2013-09-11 08:56 - 00000000 ____D C:\Users\Jay\AppData\Local\{6BD4F19D-860A-46E9-837B-AC99237F7BD9}
2013-09-10 14:00 - 2013-09-10 14:00 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-10 14:00 - 2013-09-10 14:00 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-10 14:00 - 2013-09-10 14:00 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-10 14:00 - 2013-09-10 14:00 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-10 14:00 - 2013-09-10 14:00 - 00000000 ____D C:\Program Files\Java
2013-09-10 13:16 - 2013-09-10 13:16 - 00000000 ____D C:\Users\Jay\AppData\Local\Overwolf
2013-09-10 09:51 - 2013-09-10 09:52 - 00000000 ____D C:\Users\Jay\AppData\Local\{A4CA0E39-1E39-4448-A553-88BD764BF1DB}
2013-09-10 08:41 - 2013-09-10 20:41 - 97021647 _____ C:\Windows\SysWOW64\޼S
2013-09-09 22:32 - 2013-09-09 22:32 - 00000000 ____D C:\Users\Jay\AppData\Local\{FF8426E7-3A39-45DD-8A77-420C428852A1}
2013-09-09 21:00 - 2013-09-09 21:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{75F0FB43-E0F4-49B8-A184-86955E539600}
2013-09-09 08:29 - 2013-09-09 08:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{3C2DBFA8-FB5B-4CF5-8C3F-981BCAE9E50C}
2013-09-08 10:08 - 2013-09-08 10:08 - 00000000 ____D C:\Users\Jay\AppData\Local\{1790E52E-4A78-4E43-84A7-DBB405EF8634}
2013-09-07 20:00 - 2013-09-07 20:01 - 00000000 ____D C:\Users\Jay\AppData\Local\{E9F67324-4F39-48DD-A4DA-5D22C099F260}
2013-09-07 19:22 - 2013-09-07 19:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{771676A1-91FE-41D6-AEC6-B20347AAFF16}
2013-09-07 19:12 - 2013-09-07 19:12 - 00000000 ____D C:\Users\Jay\AppData\Local\{F02936EC-A1C0-4A64-8F6D-E19134A20776}
2013-09-07 16:37 - 2013-09-07 16:37 - 00000000 ____D C:\Users\Jay\AppData\Local\{9C5B5252-B6A4-4017-A7B8-CD4BBF6D6C88}
2013-09-07 09:50 - 2013-09-12 09:44 - 00000000 ____D C:\Users\Jay\Downloads\FSX Weather

==================== One Month Modified Files and Folders =======

2013-10-07 13:48 - 2013-10-07 13:48 - 00000000 ____D C:\FRST
2013-10-07 13:47 - 2013-10-07 13:47 - 01954124 _____ (Farbar) C:\Users\Jay\Downloads\FRST64.exe
2013-10-07 13:45 - 2013-10-07 13:45 - 01641768 _____ C:\Users\Jay\Desktop\Setup.exe.dap
2013-10-07 13:45 - 2013-04-04 13:10 - 00000000 ____D C:\Users\Jay\AppData\Roaming\EQATEC Analytics
2013-10-07 13:14 - 2010-05-16 21:13 - 02391493 _____ C:\Windows\system32\oodbs.lor
2013-10-07 13:12 - 2013-09-28 12:07 - 00001344 _____ C:\Windows\setupact.log
2013-10-07 13:12 - 2011-06-24 16:02 - 00000406 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2013-10-07 13:12 - 2010-05-17 23:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 13:12 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-07 13:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-10-07 11:45 - 2010-05-20 18:09 - 00952832 ___SH C:\Users\Jay\Desktop\Thumbs.db
2013-10-07 11:36 - 2013-10-07 11:36 - 00024902 _____ C:\Users\Jay\Desktop\dds.txt
2013-10-07 11:36 - 2013-10-07 11:36 - 00023635 _____ C:\Users\Jay\Desktop\attach.txt
2013-10-07 11:31 - 2013-10-07 11:31 - 00001051 _____ C:\Users\Jay\Desktop\Malware forum text.txt
2013-10-07 11:28 - 2013-10-07 11:28 - 00688992 ____R (Swearware) C:\Users\Jay\Desktop\dds.com
2013-10-07 11:28 - 2013-10-07 11:28 - 00688992 _____ (Swearware) C:\Users\Jay\Desktop\dds.scr
2013-10-07 11:17 - 2013-10-07 11:17 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Jay\Desktop\mbam-clean-1.60.2.0003.exe
2013-10-07 11:17 - 2012-05-21 16:20 - 00000000 ____D C:\Users\Jay\Downloads\QW
2013-10-07 10:44 - 2013-10-05 16:39 - 00002684 _____ C:\Windows\PFRO.log
2013-10-07 09:46 - 2012-09-27 16:48 - 00000000 ____D C:\Users\Jay\AppData\Roaming\MailWasherPro
2013-10-07 09:38 - 2010-05-24 11:50 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-10-07 09:29 - 2011-06-07 15:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-07 09:17 - 2010-05-15 16:41 - 01424600 _____ C:\Windows\WindowsUpdate.log
2013-10-07 09:08 - 2011-12-12 13:32 - 00005718 __RSH C:\ProgramData\ntuser.pol
2013-10-07 09:07 - 2013-08-06 08:51 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 09:07 - 2013-08-06 08:50 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 09:07 - 2013-08-06 08:50 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 09:07 - 2013-08-06 08:50 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-07 08:56 - 2013-10-07 08:55 - 00000000 ____D C:\Users\Jay\AppData\Local\{257B8B5B-5B05-4B62-9EDD-3BECE0323587}
2013-10-07 08:48 - 2010-05-17 23:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-07 08:48 - 2009-07-14 00:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 08:48 - 2009-07-14 00:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 08:43 - 2010-05-21 22:17 - 00000000 ____D C:\Users\Jay\AppData\Roaming\Skype
2013-10-07 08:41 - 2012-02-29 19:58 - 00171601 _____ C:\ProgramData\dleascan.log
2013-10-07 00:37 - 2013-03-19 07:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 19:29 - 2010-05-17 12:07 - 00000000 ____D C:\Users\Jay\Documents\Flight Simulator X Files
2013-10-06 18:45 - 2010-05-16 20:09 - 00007603 _____ C:\Users\Jay\AppData\Local\resmon.resmoncfg
2013-10-06 15:03 - 2013-10-06 09:03 - 99477982 _____ C:\Windows\SysWOW64\敉儔A
2013-10-06 10:36 - 2013-10-03 13:37 - 00002192 _____ C:\Users\Jay\Desktop\B5.txt
2013-10-05 21:10 - 2011-07-05 19:23 - 00000000 ____D C:\Users\Jay\AppData\Roaming\TS3Client
2013-10-05 14:11 - 2013-10-05 14:10 - 00000000 ____D C:\Users\Jay\AppData\Local\{6FBDF05F-4CFA-45F2-B168-568216BA99B0}
2013-10-05 13:10 - 2013-10-05 13:10 - 00000000 ____D C:\Users\Jay\AppData\Local\{B575D835-C06E-4AD5-971C-84303070828F}
2013-10-05 11:00 - 2013-10-05 11:00 - 00001068 _____ C:\Users\Public\Desktop\WinMerge.lnk
2013-10-05 11:00 - 2013-10-05 11:00 - 00000000 ____D C:\Users\Jay\Documents\WinMerge
2013-10-05 11:00 - 2013-10-05 10:59 - 00000000 ____D C:\Program Files (x86)\WinMerge
2013-10-04 13:04 - 2013-10-04 13:03 - 00000000 ____D C:\Users\Jay\AppData\Local\{A15849C5-CB7F-4412-8ECC-7C913EDFD6FA}
2013-10-04 08:10 - 2009-07-14 00:45 - 00481416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-03 12:22 - 2013-10-03 12:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{DB28843C-0AC0-484E-B90C-85066D47F991}
2013-10-03 10:53 - 2010-05-15 18:41 - 00146496 _____ C:\Users\Jay\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-03 10:48 - 2013-01-28 14:00 - 00000000 ____D C:\Users\Jay\Downloads\BS
2013-10-03 10:21 - 2013-10-03 10:21 - 00000826 _____ C:\Users\Jay\Desktop\Stage3 - B5b - QualityWings Simulations Forum.url
2013-10-02 23:06 - 2013-10-02 23:06 - 00000000 ____D C:\Users\Jay\AppData\Local\{8BFF6287-0779-41B5-9955-09EB6E5EB19E}
2013-10-02 21:49 - 2011-07-05 19:23 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-10-02 10:34 - 2009-07-14 01:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 10:30 - 2013-05-15 21:38 - 00000055 _____ C:\Users\Jay\Desktop\BLUESKY HOT LINK.txt
2013-10-02 10:14 - 2013-10-02 10:14 - 00000288 _____ C:\Users\Jay\Desktop\Tor Browser Bundle.url
2013-10-02 09:04 - 2013-10-02 09:03 - 00000000 ____D C:\Users\Jay\AppData\Local\{189A3017-56D9-47D5-8C92-4E026BE0A6AD}
2013-10-01 09:56 - 2013-10-01 09:55 - 00000000 ____D C:\Users\Jay\AppData\Local\{F963F5BA-0BF4-49D1-A4A7-D3CE8FCA071A}
2013-09-30 18:07 - 2013-09-30 18:07 - 44927466 _____ C:\Users\Jay\Downloads\PPS2.zip
2013-09-30 18:05 - 2010-05-29 11:04 - 00889856 ___SH C:\Users\Jay\Downloads\Thumbs.db
2013-09-30 18:01 - 2013-09-30 18:01 - 35381742 _____ C:\Users\Jay\Downloads\Eggs PPS.zip
2013-09-30 08:53 - 2013-09-30 08:53 - 00000000 ____D C:\Users\Jay\AppData\Local\{1677F5E4-4D05-4081-9CC9-23D73236B2E6}
2013-09-29 17:38 - 2013-09-29 17:38 - 00000000 ____D C:\Users\Jay\AppData\Local\{A8024499-ACCB-431A-AAC4-C2E65325BFB4}
2013-09-29 16:41 - 2013-09-29 16:41 - 00000000 ____D C:\Users\Jay\AppData\Local\{D90E64BC-B511-4D1F-BD7B-098E060B5D51}
2013-09-29 08:56 - 2013-09-29 08:54 - 19992915 _____ C:\Users\Jay\Downloads\FA 2.5_Setup.rar
2013-09-28 19:14 - 2013-09-28 19:13 - 00000000 ____D C:\Users\Jay\AppData\Local\{05EA78DF-3ECE-49EE-BAB6-4DB0F587E906}
2013-09-28 12:18 - 2013-08-19 22:42 - 00010398 _____ C:\Users\Jay\Desktop\Payment schedule.xlsx
2013-09-28 12:07 - 2013-09-28 12:07 - 00000000 _____ C:\Windows\setuperr.log
2013-09-28 11:53 - 2013-09-28 11:53 - 00000192 _____ C:\Users\Jay\Desktop\Retail Detail Merchandising  Sealane Marketing  Category Management.url
2013-09-27 16:05 - 2013-09-27 16:05 - 00000380 _____ C:\Users\Jay\Desktop\Removing photo albums - Page 3.url
2013-09-27 09:03 - 2013-09-27 09:03 - 00000000 ____D C:\Users\Jay\AppData\Local\{CA69498B-FB7D-430E-875B-515F09DDE9DF}
2013-09-26 18:31 - 2013-09-26 18:30 - 00000000 ____D C:\Users\Jay\AppData\Local\{E4E6D6CC-87A7-41B5-8B6A-30C8E9D8F20F}
2013-09-26 14:31 - 2013-09-26 14:31 - 00000000 ____D C:\Users\Jay\AppData\Local\{512674DA-6F1C-4F8D-B302-C352D14105BA}
2013-09-26 14:14 - 2012-07-12 23:10 - 00000246 _____ C:\Users\Jay\Desktop\Tracking.txt
2013-09-26 14:13 - 2013-09-26 14:13 - 00000000 ____D C:\Users\Jay\AppData\Local\{8429FD20-FF4D-43E9-9C41-72B4B3319644}
2013-09-25 08:58 - 2013-09-25 08:57 - 00000000 ____D C:\Users\Jay\AppData\Local\{FAF2988F-6363-4FD3-9D2F-FCEABD84ABEF}
2013-09-24 09:06 - 2013-09-24 09:05 - 00000000 ____D C:\Users\Jay\AppData\Local\{FEC0F437-5E0C-4FA7-9310-430DEC128097}
2013-09-24 00:38 - 2013-09-24 00:38 - 00000000 ____D C:\Users\Jay\AppData\Local\{5E606A0A-032D-4AB2-984F-985DA904B840}
2013-09-23 18:32 - 2010-05-17 11:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2013-09-23 18:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-23 17:28 - 2009-07-14 01:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-23 12:22 - 2013-09-23 12:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{F42D03D3-C88D-4CEC-9C92-92843EB73656}
2013-09-23 11:20 - 2010-05-22 11:39 - 00000000 ____D C:\FSX Panel Store
2013-09-23 09:00 - 2013-09-23 09:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{4D1D7E4E-4BE6-41B8-BDE6-2BC96E0C6A09}
2013-09-22 10:30 - 2013-09-22 10:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{A8960DE0-5211-4E45-9BBA-15255633FA93}
2013-09-22 09:43 - 2013-09-22 09:43 - 98586517 _____ C:\Windows\SysWOW64\嗇鈺x
2013-09-21 09:35 - 2013-09-21 09:34 - 00000000 ____D C:\Users\Jay\AppData\Local\{0138E0B7-F5C0-4272-A96A-FE05BC44359F}
2013-09-20 13:48 - 2013-09-20 13:48 - 00000000 ____D C:\Users\Jay\AppData\Local\{B5136468-F33F-4475-9E3D-17474CCBBF54}
2013-09-20 10:14 - 2010-05-19 02:23 - 00000000 ____D C:\Users\Jay\Desktop\QW
2013-09-19 20:37 - 2013-03-19 07:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 20:37 - 2012-04-04 08:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 20:37 - 2011-05-20 10:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 01:02 - 2013-09-19 01:01 - 00000000 ____D C:\Users\Jay\AppData\Local\{34E95386-D3F1-4295-98DB-8C3ADA1FB568}
2013-09-18 09:29 - 2013-09-18 09:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{0B62097D-882E-4F60-8838-E1F307C4D5A4}
2013-09-17 18:04 - 2012-02-29 21:22 - 00066630 _____ C:\ProgramData\dleaJSW.log
2013-09-17 18:04 - 2012-02-29 20:47 - 00000000 ____D C:\ProgramData\Dl_cats
2013-09-17 09:21 - 2013-09-17 09:21 - 00000000 ____D C:\Users\Jay\AppData\Local\{5728F226-F216-4466-A24C-A96D015640D0}
2013-09-16 20:32 - 2013-09-16 20:31 - 00000000 ____D C:\Users\Jay\AppData\Local\{FBF71B8C-6B49-4AC8-94C8-9CCA76B92A63}
2013-09-16 08:59 - 2013-09-16 08:59 - 00000141 _____ C:\Users\Jay\Desktop\FSXWX Instructions.url
2013-09-16 08:13 - 2013-09-16 08:12 - 00000000 ____D C:\Users\Jay\AppData\Local\{ACC6B9A8-649F-4160-84AF-BC60102DB2E6}
2013-09-15 16:28 - 2013-09-15 16:28 - 00000000 ____D C:\Users\Jay\AppData\Local\{689D4132-2883-44F8-AC10-D59F704CE136}
2013-09-14 17:46 - 2013-09-14 17:45 - 00000000 ____D C:\Users\Jay\AppData\Local\{32BA1E5C-6BD9-4550-A730-5C04170A0504}
2013-09-14 15:34 - 2013-09-14 15:34 - 97600188 _____ C:\Windows\SysWOW64\ॳ喫
2013-09-13 18:22 - 2013-09-13 18:22 - 00002069 _____ C:\Users\Jay\Desktop\Flightradar24.com - Live flight tracker!.url
2013-09-13 15:20 - 2013-09-13 15:20 - 00001561 _____ C:\Users\Jay\Desktop\MD80 Manager & Setup.lnk
2013-09-13 14:37 - 2010-05-17 13:16 - 00000000 ____D C:\Users\Jay\AppData\Roaming\FileZilla
2013-09-13 13:33 - 2013-09-13 13:33 - 00000000 ____D C:\Users\Jay\AppData\Local\{B0443BB6-D8F6-48F1-835F-46A9734F6F85}
2013-09-12 15:55 - 2013-09-12 15:54 - 00000000 ____D C:\Users\Jay\AppData\Local\{42EFBA76-8DC7-4E54-8EBA-A5E8D6178733}
2013-09-12 15:54 - 2013-09-12 15:54 - 00000000 ____D C:\Users\Jay\AppData\Local\{1F116570-7DA4-4C60-919D-F26196E39D2F}
2013-09-12 11:30 - 2012-06-10 11:34 - 00014417 _____ C:\Users\Jay\Desktop\PW.xlsx
2013-09-12 09:48 - 2013-08-23 16:32 - 00000000 ____D C:\Users\Jay\Downloads\GEX
2013-09-12 09:44 - 2013-09-07 09:50 - 00000000 ____D C:\Users\Jay\Downloads\FSX Weather
2013-09-11 23:50 - 2013-09-11 23:50 - 00000000 ____D C:\Users\Jay\AppData\Local\{99B766E8-2A37-4794-B5CA-2FAEF2C62DE7}
2013-09-11 23:23 - 2013-09-11 23:23 - 00000265 _____ C:\Users\Jay\Desktop\Ground Environment X Series - SimForums.com Discussion - Page 1.url
2013-09-11 18:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-09-11 09:33 - 2010-05-15 16:42 - 00000000 ___RD C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 09:33 - 2010-05-15 16:42 - 00000000 ___RD C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 09:10 - 2013-07-11 16:13 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 09:06 - 2010-05-15 16:48 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 08:56 - 2013-09-11 08:56 - 00000000 ____D C:\Users\Jay\AppData\Local\{6BD4F19D-860A-46E9-837B-AC99237F7BD9}
2013-09-10 20:41 - 2013-09-10 08:41 - 97021647 _____ C:\Windows\SysWOW64\޼S
2013-09-10 14:55 - 2010-05-16 01:22 - 00000000 ____D C:\Users\Jay\AppData\Local\CrossLoop
2013-09-10 14:00 - 2013-09-10 14:00 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-10 14:00 - 2013-09-10 14:00 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-10 14:00 - 2013-09-10 14:00 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-10 14:00 - 2013-09-10 14:00 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-10 14:00 - 2013-09-10 14:00 - 00000000 ____D C:\Program Files\Java
2013-09-10 14:00 - 2013-01-04 21:58 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-10 14:00 - 2010-06-02 15:54 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-10 13:16 - 2013-09-10 13:16 - 00000000 ____D C:\Users\Jay\AppData\Local\Overwolf
2013-09-10 09:52 - 2013-09-10 09:51 - 00000000 ____D C:\Users\Jay\AppData\Local\{A4CA0E39-1E39-4448-A553-88BD764BF1DB}
2013-09-09 22:32 - 2013-09-09 22:32 - 00000000 ____D C:\Users\Jay\AppData\Local\{FF8426E7-3A39-45DD-8A77-420C428852A1}
2013-09-09 21:00 - 2013-09-09 21:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{75F0FB43-E0F4-49B8-A184-86955E539600}
2013-09-09 08:29 - 2013-09-09 08:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{3C2DBFA8-FB5B-4CF5-8C3F-981BCAE9E50C}
2013-09-08 10:08 - 2013-09-08 10:08 - 00000000 ____D C:\Users\Jay\AppData\Local\{1790E52E-4A78-4E43-84A7-DBB405EF8634}
2013-09-07 20:01 - 2013-09-07 20:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{E9F67324-4F39-48DD-A4DA-5D22C099F260}
2013-09-07 19:22 - 2013-09-07 19:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{771676A1-91FE-41D6-AEC6-B20347AAFF16}
2013-09-07 19:12 - 2013-09-07 19:12 - 00000000 ____D C:\Users\Jay\AppData\Local\{F02936EC-A1C0-4A64-8F6D-E19134A20776}
2013-09-07 16:37 - 2013-09-07 16:37 - 00000000 ____D C:\Users\Jay\AppData\Local\{9C5B5252-B6A4-4017-A7B8-CD4BBF6D6C88}
2013-09-07 09:51 - 2013-09-06 11:02 - 00001301 _____ C:\Users\Jay\Desktop\FSXWX.exe - Shortcut.lnk

Files to move or delete:
====================
C:\Users\Jay\AppData\Roaming\cache.ini
C:\ProgramData\wqmjin.bat
C:\ProgramData\wqmjin.pad
C:\ProgramData\wqmjin.reg
C:\Users\Jay\QualityWings_Ultimate 757 Collection.reg

Some content of TEMP:
====================
C:\Users\Jay\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 00:37

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Posting log now then will try a reboot, thanks..

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by Jay at 2013-10-07 14:36:10 Run:1
Running from C:\Users\Jay\Downloads
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/w...0"&"ver=9.0.872 [x]
HKLM-x32\...\RunOnce: [1] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p [218184 2013-04-04] ()
HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x]
C:\Users\Jay\AppData\Local\Temp\avgnt.exe
C:\Users\Jay\AppData\Roaming\cache.ini
C:\ProgramData\wqmjin.bat
C:\ProgramData\wqmjin.pad
C:\ProgramData\wqmjin.reg
LastRegBack: 2013-10-01 00:37

 

 

*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\1 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value deleted successfully.
C:\Users\Jay\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Jay\AppData\Roaming\cache.ini => Moved successfully.
C:\ProgramData\wqmjin.bat => Moved successfully.
C:\ProgramData\wqmjin.pad => Moved successfully.
C:\ProgramData\wqmjin.reg => Moved successfully.
Error: The restore operation should be done in the recovery mode.

==== End of Fixlog ====

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Jay (administrator) on JAYFSX on 07-10-2013 15:27:03
Running from C:\Users\Jay\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [dleamon.exe] - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [770728 2011-01-23] ()
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6588144 2013-10-05] (SUPERAntiSpyware)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-17] (Google Inc.)
HKCU\...\Run: [cdloader] - C:\Users\Jay\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKCU\...\Run: [DownloadAccelerator] - C:\Program Files (x86)\DAP\DAP.EXE [3832464 2013-04-04] (Speedbit Ltd.)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 0
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [searchProtection] - C:\ProgramData\Search Protection\_run.bat [168 2013-03-22] ()
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\MailWasher Pro\MailWasher.exe (eCOSM)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKCU - {05C42AC7-C42D-48A4-8CD8-079FA75F1F1B} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3239904
SearchScopes: HKCU - {0D5DEBCB-75FA-4ea1-8D7E-7057DAA2A6DC} URL = http://search.speedbit.com/searchresults.asp?src=default&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=26FA034662E581D62B10A5514C82B2CD&q={searchTerms}
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: BHO_TIMELINEREMOVE.Bho - {e7b9b609-19ad-40a4-a288-b300a3087465} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\DAPIELoader64.dll (SpeedBit Ltd.)
BHO-x32: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
BHO-x32: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (SpeedBit Ltd.)
BHO-x32: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\Program Files (x86)\Keyboard Express 3\kie.dll (Insight Software Solutions)
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SBCONVERT Class - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU53\tbcore3.dll ()
BHO-x32: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Jay\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (Radiocom CJSC)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BHO_TIMELINEREMOVE.Bho - {e7b9b609-19ad-40a4-a288-b300a3087465} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Rich Media Player - {FEB703F7-E7B2-4AB0-9566-87658AC70095} - C:\Users\Jay\AppData\Local\Rich Media Player\BrowserExtensions\IE\PluginRichmediaplayer.dll ()
BHO-x32: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\dapieloader.dll (SpeedBit Ltd.)
BHO-x32: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU53\grabber.dll (SPEEDbit)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
Toolbar: HKLM-x32 - SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\TBU53\tbcore3.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU -  No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -  No File
DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1305144947238
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1

Chrome:
=======


CHR Extension: (YouTube) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (DAP Link Checker) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.0.9_0
CHR Extension: (Google Search) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (ExFriendAlert) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.71_0
CHR Extension: (Gmail) - C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bodfdknjhecmadheclfjkhhiofeagdbh] - C:\Program Files (x86)\DAP\daplinkchecker.crx
CHR HKLM-x32\...\Chrome\Extension: [doagiokpgboiomffjfhaiimafndmmpni] - C:\Users\Jay\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\richmediadownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [fkcdbkhjcaljlfolhllfneigeepmjfim] - C:\Users\Jay\AppData\Local\Rich Media Player\BrowserExtensions\Chrome\playerextension.crx
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com)
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-02-21] (Lavasoft Limited)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-07-20] (Adobe Systems)
S2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 Backup Exec System Recovery; C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe [4591456 2010-03-03] (Symantec Corporation)
S2 CrossLoopService; C:\Users\Jay\AppData\Local\CrossLoop\CrossLoopService.exe [560792 2010-03-15] (CrossLoop Inc)
S2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
S2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
S3 GenericMount Helper Service; C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S2 O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2287360 2009-09-12] (O&O Software GmbH)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1097848 2013-02-27] (Speedbit Ltd.)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 SymSnapService; C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows ® Codename Longhorn DDK provider)
S2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows ® Codename Longhorn DDK provider)
S2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [23816 2012-03-09] (CPUID)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-22] (GFI Software)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-07-12] (Lavasoft AB)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 lvsels64; C:\Windows\System32\DRIVERS\lvsels64.sys [67992 2009-10-07] (Logitech Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [40856 2013-02-27] ()
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\Jay\AppData\Local\Temp\ALSysIO64.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
U2 V2iMount;
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-07 15:19 - 2013-10-07 15:19 - 00000165 ____H C:\Users\Jay\Desktop\~$PW.xlsx
2013-10-07 13:49 - 2013-10-07 13:49 - 00034673 _____ C:\Users\Jay\Downloads\Addition.txt
2013-10-07 13:48 - 2013-10-07 13:48 - 00000000 ____D C:\FRST
2013-10-07 13:47 - 2013-10-07 13:47 - 01954124 _____ (Farbar) C:\Users\Jay\Downloads\FRST64.exe
2013-10-07 13:45 - 2013-10-07 13:45 - 01641768 _____ C:\Users\Jay\Desktop\Setup.exe.dap
2013-10-07 11:36 - 2013-10-07 11:36 - 00024902 _____ C:\Users\Jay\Desktop\dds.txt
2013-10-07 11:36 - 2013-10-07 11:36 - 00023635 _____ C:\Users\Jay\Desktop\attach.txt
2013-10-07 11:31 - 2013-10-07 11:31 - 00001051 _____ C:\Users\Jay\Desktop\Malware forum text.txt
2013-10-07 11:28 - 2013-10-07 11:28 - 00688992 ____R (Swearware) C:\Users\Jay\Desktop\dds.com
2013-10-07 11:28 - 2013-10-07 11:28 - 00688992 _____ (Swearware) C:\Users\Jay\Desktop\dds.scr
2013-10-07 11:17 - 2013-10-07 11:17 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Jay\Desktop\mbam-clean-1.60.2.0003.exe
2013-10-07 08:55 - 2013-10-07 08:56 - 00000000 ____D C:\Users\Jay\AppData\Local\{257B8B5B-5B05-4B62-9EDD-3BECE0323587}
2013-10-06 09:03 - 2013-10-06 15:03 - 99477982 _____ C:\Windows\SysWOW64\敉儔A
2013-10-05 16:39 - 2013-10-07 10:44 - 00002684 _____ C:\Windows\PFRO.log
2013-10-05 14:10 - 2013-10-05 14:11 - 00000000 ____D C:\Users\Jay\AppData\Local\{6FBDF05F-4CFA-45F2-B168-568216BA99B0}
2013-10-05 13:10 - 2013-10-05 13:10 - 00000000 ____D C:\Users\Jay\AppData\Local\{B575D835-C06E-4AD5-971C-84303070828F}
2013-10-05 11:00 - 2013-10-05 11:00 - 00001068 _____ C:\Users\Public\Desktop\WinMerge.lnk
2013-10-05 11:00 - 2013-10-05 11:00 - 00000000 ____D C:\Users\Jay\Documents\WinMerge
2013-10-05 10:59 - 2013-10-05 11:00 - 00000000 ____D C:\Program Files (x86)\WinMerge
2013-10-04 13:03 - 2013-10-04 13:04 - 00000000 ____D C:\Users\Jay\AppData\Local\{A15849C5-CB7F-4412-8ECC-7C913EDFD6FA}
2013-10-03 13:37 - 2013-10-06 10:36 - 00002192 _____ C:\Users\Jay\Desktop\B5.txt
2013-10-03 12:22 - 2013-10-03 12:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{DB28843C-0AC0-484E-B90C-85066D47F991}
2013-10-03 10:21 - 2013-10-03 10:21 - 00000826 _____ C:\Users\Jay\Desktop\Stage3 - B5b - QualityWings Simulations Forum.url
2013-10-02 23:06 - 2013-10-02 23:06 - 00000000 ____D C:\Users\Jay\AppData\Local\{8BFF6287-0779-41B5-9955-09EB6E5EB19E}
2013-10-02 10:14 - 2013-10-02 10:14 - 00000288 _____ C:\Users\Jay\Desktop\Tor Browser Bundle.url
2013-10-02 09:03 - 2013-10-02 09:04 - 00000000 ____D C:\Users\Jay\AppData\Local\{189A3017-56D9-47D5-8C92-4E026BE0A6AD}
2013-10-01 09:55 - 2013-10-01 09:56 - 00000000 ____D C:\Users\Jay\AppData\Local\{F963F5BA-0BF4-49D1-A4A7-D3CE8FCA071A}
2013-09-30 18:07 - 2013-09-30 18:07 - 44927466 _____ C:\Users\Jay\Downloads\PPS2.zip
2013-09-30 18:03 - 2005-04-12 16:59 - 37498884 _____ C:\Users\Jay\Downloads\DefolianceFINAL2.mpg
2013-09-30 18:03 - 2003-02-09 23:29 - 06259007 _____ C:\Users\Jay\Downloads\DefolianceFINAL.wmv
2013-09-30 18:01 - 2013-09-30 18:01 - 35381742 _____ C:\Users\Jay\Downloads\Eggs PPS.zip
2013-09-30 08:53 - 2013-09-30 08:53 - 00000000 ____D C:\Users\Jay\AppData\Local\{1677F5E4-4D05-4081-9CC9-23D73236B2E6}
2013-09-29 17:38 - 2013-09-29 17:38 - 00000000 ____D C:\Users\Jay\AppData\Local\{A8024499-ACCB-431A-AAC4-C2E65325BFB4}
2013-09-29 16:41 - 2013-09-29 16:41 - 00000000 ____D C:\Users\Jay\AppData\Local\{D90E64BC-B511-4D1F-BD7B-098E060B5D51}
2013-09-29 08:54 - 2013-09-29 08:56 - 19992915 _____ C:\Users\Jay\Downloads\FA 2.5_Setup.rar
2013-09-28 19:13 - 2013-09-28 19:14 - 00000000 ____D C:\Users\Jay\AppData\Local\{05EA78DF-3ECE-49EE-BAB6-4DB0F587E906}
2013-09-28 12:07 - 2013-10-07 14:48 - 00001456 _____ C:\Windows\setupact.log
2013-09-28 12:07 - 2013-09-28 12:07 - 00000000 _____ C:\Windows\setuperr.log
2013-09-28 11:53 - 2013-09-28 11:53 - 00000192 _____ C:\Users\Jay\Desktop\Retail Detail Merchandising  Sealane Marketing  Category Management.url
2013-09-27 16:05 - 2013-09-27 16:05 - 00000380 _____ C:\Users\Jay\Desktop\Removing photo albums - Page 3.url
2013-09-27 09:03 - 2013-09-27 09:03 - 00000000 ____D C:\Users\Jay\AppData\Local\{CA69498B-FB7D-430E-875B-515F09DDE9DF}
2013-09-26 18:30 - 2013-09-26 18:31 - 00000000 ____D C:\Users\Jay\AppData\Local\{E4E6D6CC-87A7-41B5-8B6A-30C8E9D8F20F}
2013-09-26 14:31 - 2013-09-26 14:31 - 00000000 ____D C:\Users\Jay\AppData\Local\{512674DA-6F1C-4F8D-B302-C352D14105BA}
2013-09-26 14:13 - 2013-09-26 14:13 - 00000000 ____D C:\Users\Jay\AppData\Local\{8429FD20-FF4D-43E9-9C41-72B4B3319644}
2013-09-25 08:57 - 2013-09-25 08:58 - 00000000 ____D C:\Users\Jay\AppData\Local\{FAF2988F-6363-4FD3-9D2F-FCEABD84ABEF}
2013-09-24 09:05 - 2013-09-24 09:06 - 00000000 ____D C:\Users\Jay\AppData\Local\{FEC0F437-5E0C-4FA7-9310-430DEC128097}
2013-09-24 00:38 - 2013-09-24 00:38 - 00000000 ____D C:\Users\Jay\AppData\Local\{5E606A0A-032D-4AB2-984F-985DA904B840}
2013-09-23 12:22 - 2013-09-23 12:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{F42D03D3-C88D-4CEC-9C92-92843EB73656}
2013-09-23 09:00 - 2013-09-23 09:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{4D1D7E4E-4BE6-41B8-BDE6-2BC96E0C6A09}
2013-09-22 10:29 - 2013-09-22 10:30 - 00000000 ____D C:\Users\Jay\AppData\Local\{A8960DE0-5211-4E45-9BBA-15255633FA93}
2013-09-22 09:43 - 2013-09-22 09:43 - 98586517 _____ C:\Windows\SysWOW64\嗇鈺x
2013-09-21 09:34 - 2013-09-21 09:35 - 00000000 ____D C:\Users\Jay\AppData\Local\{0138E0B7-F5C0-4272-A96A-FE05BC44359F}
2013-09-20 13:48 - 2013-09-20 13:48 - 00000000 ____D C:\Users\Jay\AppData\Local\{B5136468-F33F-4475-9E3D-17474CCBBF54}
2013-09-19 10:10 - 2003-09-23 00:05 - 19964840 _____ C:\Users\Jay\Downloads\Faii_Setup.zip
2013-09-19 01:01 - 2013-09-19 01:02 - 00000000 ____D C:\Users\Jay\AppData\Local\{34E95386-D3F1-4295-98DB-8C3ADA1FB568}
2013-09-18 09:29 - 2013-09-18 09:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{0B62097D-882E-4F60-8838-E1F307C4D5A4}
2013-09-17 09:21 - 2013-09-17 09:21 - 00000000 ____D C:\Users\Jay\AppData\Local\{5728F226-F216-4466-A24C-A96D015640D0}
2013-09-16 20:31 - 2013-09-16 20:32 - 00000000 ____D C:\Users\Jay\AppData\Local\{FBF71B8C-6B49-4AC8-94C8-9CCA76B92A63}
2013-09-16 08:59 - 2013-09-16 08:59 - 00000141 _____ C:\Users\Jay\Desktop\FSXWX Instructions.url
2013-09-16 08:12 - 2013-09-16 08:13 - 00000000 ____D C:\Users\Jay\AppData\Local\{ACC6B9A8-649F-4160-84AF-BC60102DB2E6}
2013-09-15 16:28 - 2013-09-15 16:28 - 00000000 ____D C:\Users\Jay\AppData\Local\{689D4132-2883-44F8-AC10-D59F704CE136}
2013-09-14 17:45 - 2013-09-14 17:46 - 00000000 ____D C:\Users\Jay\AppData\Local\{32BA1E5C-6BD9-4550-A730-5C04170A0504}
2013-09-14 15:34 - 2013-09-14 15:34 - 97600188 _____ C:\Windows\SysWOW64\ॳ喫
2013-09-13 18:22 - 2013-09-13 18:22 - 00002069 _____ C:\Users\Jay\Desktop\Flightradar24.com - Live flight tracker!.url
2013-09-13 15:20 - 2013-09-13 15:20 - 00001561 _____ C:\Users\Jay\Desktop\MD80 Manager & Setup.lnk
2013-09-13 13:33 - 2013-09-13 13:33 - 00000000 ____D C:\Users\Jay\AppData\Local\{B0443BB6-D8F6-48F1-835F-46A9734F6F85}
2013-09-12 15:54 - 2013-09-12 15:55 - 00000000 ____D C:\Users\Jay\AppData\Local\{42EFBA76-8DC7-4E54-8EBA-A5E8D6178733}
2013-09-12 15:54 - 2013-09-12 15:54 - 00000000 ____D C:\Users\Jay\AppData\Local\{1F116570-7DA4-4C60-919D-F26196E39D2F}
2013-09-11 23:50 - 2013-09-11 23:50 - 00000000 ____D C:\Users\Jay\AppData\Local\{99B766E8-2A37-4794-B5CA-2FAEF2C62DE7}
2013-09-11 23:23 - 2013-09-11 23:23 - 00000265 _____ C:\Users\Jay\Desktop\Ground Environment X Series - SimForums.com Discussion - Page 1.url
2013-09-11 09:05 - 2013-07-31 10:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 09:05 - 2013-07-31 09:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 09:05 - 2013-07-31 09:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 09:05 - 2013-07-31 09:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 09:05 - 2013-07-31 09:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 09:05 - 2013-07-31 09:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 09:05 - 2013-07-31 09:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-11 09:05 - 2013-07-31 09:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 09:05 - 2013-07-31 09:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-11 09:05 - 2013-07-31 09:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 09:05 - 2013-07-31 09:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-11 09:05 - 2013-07-31 09:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 09:05 - 2013-07-31 09:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 09:05 - 2013-07-31 09:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-11 09:05 - 2013-07-31 09:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 09:05 - 2013-07-31 09:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 09:05 - 2013-07-31 06:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 09:05 - 2013-07-31 06:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 09:05 - 2013-07-31 06:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 09:05 - 2013-07-31 05:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 09:05 - 2013-07-31 05:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-11 09:05 - 2013-07-31 05:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 09:05 - 2013-07-31 05:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-11 09:05 - 2013-07-31 05:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 09:05 - 2013-07-31 05:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 09:05 - 2013-07-31 05:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-11 09:05 - 2013-07-31 05:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-11 09:05 - 2013-07-31 05:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 09:05 - 2013-07-31 05:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 09:05 - 2013-07-31 05:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 09:05 - 2013-07-31 05:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-11 09:05 - 2013-07-31 05:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 09:01 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:01 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 09:01 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 09:01 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 09:01 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 09:01 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 09:01 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 09:01 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 09:01 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 09:01 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 09:01 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 09:01 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 09:01 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 09:01 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 09:01 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 09:01 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 09:01 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 09:01 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 09:01 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 09:01 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 09:01 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 09:01 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 09:01 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 09:01 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 09:01 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 09:01 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 09:01 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 08:56 - 2013-09-11 08:56 - 00000000 ____D C:\Users\Jay\AppData\Local\{6BD4F19D-860A-46E9-837B-AC99237F7BD9}
2013-09-10 14:00 - 2013-09-10 14:00 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-10 14:00 - 2013-09-10 14:00 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-10 14:00 - 2013-09-10 14:00 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-10 14:00 - 2013-09-10 14:00 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-10 14:00 - 2013-09-10 14:00 - 00000000 ____D C:\Program Files\Java
2013-09-10 13:16 - 2013-09-10 13:16 - 00000000 ____D C:\Users\Jay\AppData\Local\Overwolf
2013-09-10 09:51 - 2013-09-10 09:52 - 00000000 ____D C:\Users\Jay\AppData\Local\{A4CA0E39-1E39-4448-A553-88BD764BF1DB}
2013-09-10 08:41 - 2013-09-10 20:41 - 97021647 _____ C:\Windows\SysWOW64\޼S
2013-09-09 22:32 - 2013-09-09 22:32 - 00000000 ____D C:\Users\Jay\AppData\Local\{FF8426E7-3A39-45DD-8A77-420C428852A1}
2013-09-09 21:00 - 2013-09-09 21:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{75F0FB43-E0F4-49B8-A184-86955E539600}
2013-09-09 08:29 - 2013-09-09 08:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{3C2DBFA8-FB5B-4CF5-8C3F-981BCAE9E50C}
2013-09-08 10:08 - 2013-09-08 10:08 - 00000000 ____D C:\Users\Jay\AppData\Local\{1790E52E-4A78-4E43-84A7-DBB405EF8634}
2013-09-07 20:00 - 2013-09-07 20:01 - 00000000 ____D C:\Users\Jay\AppData\Local\{E9F67324-4F39-48DD-A4DA-5D22C099F260}
2013-09-07 19:22 - 2013-09-07 19:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{771676A1-91FE-41D6-AEC6-B20347AAFF16}
2013-09-07 19:12 - 2013-09-07 19:12 - 00000000 ____D C:\Users\Jay\AppData\Local\{F02936EC-A1C0-4A64-8F6D-E19134A20776}
2013-09-07 16:37 - 2013-09-07 16:37 - 00000000 ____D C:\Users\Jay\AppData\Local\{9C5B5252-B6A4-4017-A7B8-CD4BBF6D6C88}
2013-09-07 09:50 - 2013-09-12 09:44 - 00000000 ____D C:\Users\Jay\Downloads\FSX Weather

==================== One Month Modified Files and Folders =======

2013-10-07 15:19 - 2013-10-07 15:19 - 00000165 ____H C:\Users\Jay\Desktop\~$PW.xlsx
2013-10-07 15:12 - 2012-09-27 16:48 - 00000000 ____D C:\Users\Jay\AppData\Roaming\MailWasherPro
2013-10-07 14:50 - 2010-05-16 21:13 - 02395321 _____ C:\Windows\system32\oodbs.lor
2013-10-07 14:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-10-07 14:48 - 2013-09-28 12:07 - 00001456 _____ C:\Windows\setupact.log
2013-10-07 14:48 - 2011-06-24 16:02 - 00000406 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2013-10-07 14:48 - 2010-05-17 23:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 14:48 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-07 13:49 - 2013-10-07 13:49 - 00034673 _____ C:\Users\Jay\Downloads\Addition.txt
2013-10-07 13:48 - 2013-10-07 13:48 - 00000000 ____D C:\FRST
2013-10-07 13:47 - 2013-10-07 13:47 - 01954124 _____ (Farbar) C:\Users\Jay\Downloads\FRST64.exe
2013-10-07 13:45 - 2013-10-07 13:45 - 01641768 _____ C:\Users\Jay\Desktop\Setup.exe.dap
2013-10-07 13:45 - 2013-04-04 13:10 - 00000000 ____D C:\Users\Jay\AppData\Roaming\EQATEC Analytics
2013-10-07 11:45 - 2010-05-20 18:09 - 00952832 ___SH C:\Users\Jay\Desktop\Thumbs.db
2013-10-07 11:36 - 2013-10-07 11:36 - 00024902 _____ C:\Users\Jay\Desktop\dds.txt
2013-10-07 11:36 - 2013-10-07 11:36 - 00023635 _____ C:\Users\Jay\Desktop\attach.txt
2013-10-07 11:31 - 2013-10-07 11:31 - 00001051 _____ C:\Users\Jay\Desktop\Malware forum text.txt
2013-10-07 11:28 - 2013-10-07 11:28 - 00688992 ____R (Swearware) C:\Users\Jay\Desktop\dds.com
2013-10-07 11:28 - 2013-10-07 11:28 - 00688992 _____ (Swearware) C:\Users\Jay\Desktop\dds.scr
2013-10-07 11:17 - 2013-10-07 11:17 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Jay\Desktop\mbam-clean-1.60.2.0003.exe
2013-10-07 11:17 - 2012-05-21 16:20 - 00000000 ____D C:\Users\Jay\Downloads\QW
2013-10-07 10:44 - 2013-10-05 16:39 - 00002684 _____ C:\Windows\PFRO.log
2013-10-07 09:38 - 2010-05-24 11:50 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-10-07 09:29 - 2011-06-07 15:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-07 09:17 - 2010-05-15 16:41 - 01424600 _____ C:\Windows\WindowsUpdate.log
2013-10-07 09:08 - 2011-12-12 13:32 - 00005718 __RSH C:\ProgramData\ntuser.pol
2013-10-07 09:07 - 2013-08-06 08:51 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-07 09:07 - 2013-08-06 08:50 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 09:07 - 2013-08-06 08:50 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 09:07 - 2013-08-06 08:50 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-07 08:56 - 2013-10-07 08:55 - 00000000 ____D C:\Users\Jay\AppData\Local\{257B8B5B-5B05-4B62-9EDD-3BECE0323587}
2013-10-07 08:48 - 2010-05-17 23:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-07 08:48 - 2009-07-14 00:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 08:48 - 2009-07-14 00:45 - 00015008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 08:43 - 2010-05-21 22:17 - 00000000 ____D C:\Users\Jay\AppData\Roaming\Skype
2013-10-07 08:41 - 2012-02-29 19:58 - 00171601 _____ C:\ProgramData\dleascan.log
2013-10-07 00:37 - 2013-03-19 07:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 19:29 - 2010-05-17 12:07 - 00000000 ____D C:\Users\Jay\Documents\Flight Simulator X Files
2013-10-06 18:45 - 2010-05-16 20:09 - 00007603 _____ C:\Users\Jay\AppData\Local\resmon.resmoncfg
2013-10-06 15:03 - 2013-10-06 09:03 - 99477982 _____ C:\Windows\SysWOW64\敉儔A
2013-10-06 10:36 - 2013-10-03 13:37 - 00002192 _____ C:\Users\Jay\Desktop\B5.txt
2013-10-05 21:10 - 2011-07-05 19:23 - 00000000 ____D C:\Users\Jay\AppData\Roaming\TS3Client
2013-10-05 14:11 - 2013-10-05 14:10 - 00000000 ____D C:\Users\Jay\AppData\Local\{6FBDF05F-4CFA-45F2-B168-568216BA99B0}
2013-10-05 13:10 - 2013-10-05 13:10 - 00000000 ____D C:\Users\Jay\AppData\Local\{B575D835-C06E-4AD5-971C-84303070828F}
2013-10-05 11:00 - 2013-10-05 11:00 - 00001068 _____ C:\Users\Public\Desktop\WinMerge.lnk
2013-10-05 11:00 - 2013-10-05 11:00 - 00000000 ____D C:\Users\Jay\Documents\WinMerge
2013-10-05 11:00 - 2013-10-05 10:59 - 00000000 ____D C:\Program Files (x86)\WinMerge
2013-10-04 13:04 - 2013-10-04 13:03 - 00000000 ____D C:\Users\Jay\AppData\Local\{A15849C5-CB7F-4412-8ECC-7C913EDFD6FA}
2013-10-04 08:10 - 2009-07-14 00:45 - 00481416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-03 12:22 - 2013-10-03 12:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{DB28843C-0AC0-484E-B90C-85066D47F991}
2013-10-03 10:53 - 2010-05-15 18:41 - 00146496 _____ C:\Users\Jay\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-03 10:48 - 2013-01-28 14:00 - 00000000 ____D C:\Users\Jay\Downloads\BS
2013-10-03 10:21 - 2013-10-03 10:21 - 00000826 _____ C:\Users\Jay\Desktop\Stage3 - B5b - QualityWings Simulations Forum.url
2013-10-02 23:06 - 2013-10-02 23:06 - 00000000 ____D C:\Users\Jay\AppData\Local\{8BFF6287-0779-41B5-9955-09EB6E5EB19E}
2013-10-02 21:49 - 2011-07-05 19:23 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-10-02 10:34 - 2009-07-14 01:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 10:30 - 2013-05-15 21:38 - 00000055 _____ C:\Users\Jay\Desktop\BLUESKY HOT LINK.txt
2013-10-02 10:14 - 2013-10-02 10:14 - 00000288 _____ C:\Users\Jay\Desktop\Tor Browser Bundle.url
2013-10-02 09:04 - 2013-10-02 09:03 - 00000000 ____D C:\Users\Jay\AppData\Local\{189A3017-56D9-47D5-8C92-4E026BE0A6AD}
2013-10-01 09:56 - 2013-10-01 09:55 - 00000000 ____D C:\Users\Jay\AppData\Local\{F963F5BA-0BF4-49D1-A4A7-D3CE8FCA071A}
2013-09-30 18:07 - 2013-09-30 18:07 - 44927466 _____ C:\Users\Jay\Downloads\PPS2.zip
2013-09-30 18:05 - 2010-05-29 11:04 - 00889856 ___SH C:\Users\Jay\Downloads\Thumbs.db
2013-09-30 18:01 - 2013-09-30 18:01 - 35381742 _____ C:\Users\Jay\Downloads\Eggs PPS.zip
2013-09-30 08:53 - 2013-09-30 08:53 - 00000000 ____D C:\Users\Jay\AppData\Local\{1677F5E4-4D05-4081-9CC9-23D73236B2E6}
2013-09-29 17:38 - 2013-09-29 17:38 - 00000000 ____D C:\Users\Jay\AppData\Local\{A8024499-ACCB-431A-AAC4-C2E65325BFB4}
2013-09-29 16:41 - 2013-09-29 16:41 - 00000000 ____D C:\Users\Jay\AppData\Local\{D90E64BC-B511-4D1F-BD7B-098E060B5D51}
2013-09-29 08:56 - 2013-09-29 08:54 - 19992915 _____ C:\Users\Jay\Downloads\FA 2.5_Setup.rar
2013-09-28 19:14 - 2013-09-28 19:13 - 00000000 ____D C:\Users\Jay\AppData\Local\{05EA78DF-3ECE-49EE-BAB6-4DB0F587E906}
2013-09-28 12:18 - 2013-08-19 22:42 - 00010398 _____ C:\Users\Jay\Desktop\Payment schedule.xlsx
2013-09-28 12:07 - 2013-09-28 12:07 - 00000000 _____ C:\Windows\setuperr.log
2013-09-28 11:53 - 2013-09-28 11:53 - 00000192 _____ C:\Users\Jay\Desktop\Retail Detail Merchandising  Sealane Marketing  Category Management.url
2013-09-27 16:05 - 2013-09-27 16:05 - 00000380 _____ C:\Users\Jay\Desktop\Removing photo albums - Page 3.url
2013-09-27 09:03 - 2013-09-27 09:03 - 00000000 ____D C:\Users\Jay\AppData\Local\{CA69498B-FB7D-430E-875B-515F09DDE9DF}
2013-09-26 18:31 - 2013-09-26 18:30 - 00000000 ____D C:\Users\Jay\AppData\Local\{E4E6D6CC-87A7-41B5-8B6A-30C8E9D8F20F}
2013-09-26 14:31 - 2013-09-26 14:31 - 00000000 ____D C:\Users\Jay\AppData\Local\{512674DA-6F1C-4F8D-B302-C352D14105BA}
2013-09-26 14:14 - 2012-07-12 23:10 - 00000246 _____ C:\Users\Jay\Desktop\Tracking.txt
2013-09-26 14:13 - 2013-09-26 14:13 - 00000000 ____D C:\Users\Jay\AppData\Local\{8429FD20-FF4D-43E9-9C41-72B4B3319644}
2013-09-25 08:58 - 2013-09-25 08:57 - 00000000 ____D C:\Users\Jay\AppData\Local\{FAF2988F-6363-4FD3-9D2F-FCEABD84ABEF}
2013-09-24 09:06 - 2013-09-24 09:05 - 00000000 ____D C:\Users\Jay\AppData\Local\{FEC0F437-5E0C-4FA7-9310-430DEC128097}
2013-09-24 00:38 - 2013-09-24 00:38 - 00000000 ____D C:\Users\Jay\AppData\Local\{5E606A0A-032D-4AB2-984F-985DA904B840}
2013-09-23 18:32 - 2010-05-17 11:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2013-09-23 18:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-23 17:28 - 2009-07-14 01:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-23 12:22 - 2013-09-23 12:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{F42D03D3-C88D-4CEC-9C92-92843EB73656}
2013-09-23 11:20 - 2010-05-22 11:39 - 00000000 ____D C:\FSX Panel Store
2013-09-23 09:00 - 2013-09-23 09:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{4D1D7E4E-4BE6-41B8-BDE6-2BC96E0C6A09}
2013-09-22 10:30 - 2013-09-22 10:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{A8960DE0-5211-4E45-9BBA-15255633FA93}
2013-09-22 09:43 - 2013-09-22 09:43 - 98586517 _____ C:\Windows\SysWOW64\嗇鈺x
2013-09-21 09:35 - 2013-09-21 09:34 - 00000000 ____D C:\Users\Jay\AppData\Local\{0138E0B7-F5C0-4272-A96A-FE05BC44359F}
2013-09-20 13:48 - 2013-09-20 13:48 - 00000000 ____D C:\Users\Jay\AppData\Local\{B5136468-F33F-4475-9E3D-17474CCBBF54}
2013-09-20 10:14 - 2010-05-19 02:23 - 00000000 ____D C:\Users\Jay\Desktop\QW
2013-09-19 20:37 - 2013-03-19 07:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 20:37 - 2012-04-04 08:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 20:37 - 2011-05-20 10:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 01:02 - 2013-09-19 01:01 - 00000000 ____D C:\Users\Jay\AppData\Local\{34E95386-D3F1-4295-98DB-8C3ADA1FB568}
2013-09-18 09:29 - 2013-09-18 09:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{0B62097D-882E-4F60-8838-E1F307C4D5A4}
2013-09-17 18:04 - 2012-02-29 21:22 - 00066630 _____ C:\ProgramData\dleaJSW.log
2013-09-17 18:04 - 2012-02-29 20:47 - 00000000 ____D C:\ProgramData\Dl_cats
2013-09-17 09:21 - 2013-09-17 09:21 - 00000000 ____D C:\Users\Jay\AppData\Local\{5728F226-F216-4466-A24C-A96D015640D0}
2013-09-16 20:32 - 2013-09-16 20:31 - 00000000 ____D C:\Users\Jay\AppData\Local\{FBF71B8C-6B49-4AC8-94C8-9CCA76B92A63}
2013-09-16 08:59 - 2013-09-16 08:59 - 00000141 _____ C:\Users\Jay\Desktop\FSXWX Instructions.url
2013-09-16 08:13 - 2013-09-16 08:12 - 00000000 ____D C:\Users\Jay\AppData\Local\{ACC6B9A8-649F-4160-84AF-BC60102DB2E6}
2013-09-15 16:28 - 2013-09-15 16:28 - 00000000 ____D C:\Users\Jay\AppData\Local\{689D4132-2883-44F8-AC10-D59F704CE136}
2013-09-14 17:46 - 2013-09-14 17:45 - 00000000 ____D C:\Users\Jay\AppData\Local\{32BA1E5C-6BD9-4550-A730-5C04170A0504}
2013-09-14 15:34 - 2013-09-14 15:34 - 97600188 _____ C:\Windows\SysWOW64\ॳ喫
2013-09-13 18:22 - 2013-09-13 18:22 - 00002069 _____ C:\Users\Jay\Desktop\Flightradar24.com - Live flight tracker!.url
2013-09-13 15:20 - 2013-09-13 15:20 - 00001561 _____ C:\Users\Jay\Desktop\MD80 Manager & Setup.lnk
2013-09-13 14:37 - 2010-05-17 13:16 - 00000000 ____D C:\Users\Jay\AppData\Roaming\FileZilla
2013-09-13 13:33 - 2013-09-13 13:33 - 00000000 ____D C:\Users\Jay\AppData\Local\{B0443BB6-D8F6-48F1-835F-46A9734F6F85}
2013-09-12 15:55 - 2013-09-12 15:54 - 00000000 ____D C:\Users\Jay\AppData\Local\{42EFBA76-8DC7-4E54-8EBA-A5E8D6178733}
2013-09-12 15:54 - 2013-09-12 15:54 - 00000000 ____D C:\Users\Jay\AppData\Local\{1F116570-7DA4-4C60-919D-F26196E39D2F}
2013-09-12 11:30 - 2012-06-10 11:34 - 00014417 _____ C:\Users\Jay\Desktop\PW.xlsx
2013-09-12 09:48 - 2013-08-23 16:32 - 00000000 ____D C:\Users\Jay\Downloads\GEX
2013-09-12 09:44 - 2013-09-07 09:50 - 00000000 ____D C:\Users\Jay\Downloads\FSX Weather
2013-09-11 23:50 - 2013-09-11 23:50 - 00000000 ____D C:\Users\Jay\AppData\Local\{99B766E8-2A37-4794-B5CA-2FAEF2C62DE7}
2013-09-11 23:23 - 2013-09-11 23:23 - 00000265 _____ C:\Users\Jay\Desktop\Ground Environment X Series - SimForums.com Discussion - Page 1.url
2013-09-11 18:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-09-11 09:33 - 2010-05-15 16:42 - 00000000 ___RD C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 09:33 - 2010-05-15 16:42 - 00000000 ___RD C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 09:10 - 2013-07-11 16:13 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 09:06 - 2010-05-15 16:48 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 08:56 - 2013-09-11 08:56 - 00000000 ____D C:\Users\Jay\AppData\Local\{6BD4F19D-860A-46E9-837B-AC99237F7BD9}
2013-09-10 20:41 - 2013-09-10 08:41 - 97021647 _____ C:\Windows\SysWOW64\޼S
2013-09-10 14:55 - 2010-05-16 01:22 - 00000000 ____D C:\Users\Jay\AppData\Local\CrossLoop
2013-09-10 14:00 - 2013-09-10 14:00 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-10 14:00 - 2013-09-10 14:00 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-10 14:00 - 2013-09-10 14:00 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-10 14:00 - 2013-09-10 14:00 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-09-10 14:00 - 2013-09-10 14:00 - 00000000 ____D C:\Program Files\Java
2013-09-10 14:00 - 2013-01-04 21:58 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-10 14:00 - 2010-06-02 15:54 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-10 13:16 - 2013-09-10 13:16 - 00000000 ____D C:\Users\Jay\AppData\Local\Overwolf
2013-09-10 09:52 - 2013-09-10 09:51 - 00000000 ____D C:\Users\Jay\AppData\Local\{A4CA0E39-1E39-4448-A553-88BD764BF1DB}
2013-09-09 22:32 - 2013-09-09 22:32 - 00000000 ____D C:\Users\Jay\AppData\Local\{FF8426E7-3A39-45DD-8A77-420C428852A1}
2013-09-09 21:00 - 2013-09-09 21:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{75F0FB43-E0F4-49B8-A184-86955E539600}
2013-09-09 08:29 - 2013-09-09 08:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{3C2DBFA8-FB5B-4CF5-8C3F-981BCAE9E50C}
2013-09-08 10:08 - 2013-09-08 10:08 - 00000000 ____D C:\Users\Jay\AppData\Local\{1790E52E-4A78-4E43-84A7-DBB405EF8634}
2013-09-07 20:01 - 2013-09-07 20:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{E9F67324-4F39-48DD-A4DA-5D22C099F260}
2013-09-07 19:22 - 2013-09-07 19:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{771676A1-91FE-41D6-AEC6-B20347AAFF16}
2013-09-07 19:12 - 2013-09-07 19:12 - 00000000 ____D C:\Users\Jay\AppData\Local\{F02936EC-A1C0-4A64-8F6D-E19134A20776}
2013-09-07 16:37 - 2013-09-07 16:37 - 00000000 ____D C:\Users\Jay\AppData\Local\{9C5B5252-B6A4-4017-A7B8-CD4BBF6D6C88}
2013-09-07 09:51 - 2013-09-06 11:02 - 00001301 _____ C:\Users\Jay\Desktop\FSXWX.exe - Shortcut.lnk

Files to move or delete:
====================
C:\Users\Jay\QualityWings_Ultimate 757 Collection.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 00:37

==================== End Of Log ============================

Link to post
Share on other sites

We have to do something in the "recovery mode", you'll need a usb flash drive.

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.

    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

    To enter System Recovery Options by using Windows installation disc:

    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
      • Startup Repair

        System Restore

        Windows Complete PC Restore

        Windows Memory Diagnostic Tool

        Command Prompt

        Select Command Prompt

        Once in the Command Prompt:

    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

      Note: Replace letter e with the drive letter of your flash drive.

    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
MrC
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-LHN3JHC on 07-10-2013 16:02:27
Running from I:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [dleamon.exe] - C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe [770728 2011-01-23] ()
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [searchProtection] - C:\ProgramData\Search Protection\_run.bat [168 2013-03-22] ()
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKU\Jay\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6588144 2013-10-04] (SUPERAntiSpyware)
HKU\Jay\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-17] (Google Inc.)
HKU\Jay\...\Run: [cdloader] - C:\Users\Jay\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\Jay\...\Run: [DownloadAccelerator] - C:\Program Files (x86)\DAP\DAP.EXE [3832464 2013-04-04] (Speedbit Ltd.)
HKU\Jay\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk
ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\MailWasher Pro\MailWasher.exe (eCOSM)
BootExecute: autocheck autochk * OODBS

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com)
S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-02-21] (Lavasoft Limited)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2010-07-20] (Adobe Systems)
S2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 Backup Exec System Recovery; C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Agent\VProSvc.exe [4591456 2010-03-03] (Symantec Corporation)
S2 CrossLoopService; C:\Users\Jay\AppData\Local\CrossLoop\CrossLoopService.exe [560792 2010-03-15] (CrossLoop Inc)
S2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
S2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
S3 GenericMount Helper Service; C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S2 O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2287360 2009-09-11] (O&O Software GmbH)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe [1097848 2013-02-27] (Speedbit Ltd.)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 SymSnapService; C:\Program Files (x86)\Symantec\Backup Exec System Recovery\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-26] (Windows ® Codename Longhorn DDK provider)
S2 cpuz132; C:\Windows\system32\drivers\cpuz132_x64.sys [19432 2009-03-26] (Windows ® Codename Longhorn DDK provider)
S2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [23816 2012-03-09] (CPUID)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-03-22] (GFI Software)
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-07-12] (Lavasoft AB)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
S3 lvsels64; C:\Windows\System32\DRIVERS\lvsels64.sys [67992 2009-10-07] (Logitech Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [40856 2013-02-27] ()
S0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\Jay\AppData\Local\Temp\ALSysIO64.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S2 V2iMount;
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-07 11:28 - 2013-10-07 11:28 - 00055388 _____ C:\Users\Jay\Downloads\FRST.txt
2013-10-07 09:49 - 2013-10-07 09:49 - 00034673 _____ C:\Users\Jay\Downloads\Addition.txt
2013-10-07 09:48 - 2013-10-07 09:48 - 00000000 ____D C:\FRST
2013-10-07 09:47 - 2013-10-07 09:47 - 01954124 _____ (Farbar) C:\Users\Jay\Downloads\FRST64.exe
2013-10-07 09:45 - 2013-10-07 09:45 - 01641768 _____ C:\Users\Jay\Desktop\Setup.exe.dap
2013-10-07 07:36 - 2013-10-07 07:36 - 00024902 _____ C:\Users\Jay\Desktop\dds.txt
2013-10-07 07:36 - 2013-10-07 07:36 - 00023635 _____ C:\Users\Jay\Desktop\attach.txt
2013-10-07 07:31 - 2013-10-07 07:31 - 00001051 _____ C:\Users\Jay\Desktop\Malware forum text.txt
2013-10-07 07:28 - 2013-10-07 07:28 - 00688992 ____R (Swearware) C:\Users\Jay\Desktop\dds.com
2013-10-07 07:28 - 2013-10-07 07:28 - 00688992 _____ (Swearware) C:\Users\Jay\Desktop\dds.scr
2013-10-07 07:17 - 2013-10-07 07:17 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Jay\Desktop\mbam-clean-1.60.2.0003.exe
2013-10-07 04:55 - 2013-10-07 04:56 - 00000000 ____D C:\Users\Jay\AppData\Local\{257B8B5B-5B05-4B62-9EDD-3BECE0323587}
2013-10-06 05:03 - 2013-10-06 11:03 - 99477982 _____ C:\Windows\SysWOW64\敉儔A
2013-10-05 12:39 - 2013-10-07 06:44 - 00002684 _____ C:\Windows\PFRO.log
2013-10-05 10:10 - 2013-10-05 10:11 - 00000000 ____D C:\Users\Jay\AppData\Local\{6FBDF05F-4CFA-45F2-B168-568216BA99B0}
2013-10-05 09:10 - 2013-10-05 09:10 - 00000000 ____D C:\Users\Jay\AppData\Local\{B575D835-C06E-4AD5-971C-84303070828F}
2013-10-05 07:00 - 2013-10-05 07:00 - 00001068 _____ C:\Users\Public\Desktop\WinMerge.lnk
2013-10-05 07:00 - 2013-10-05 07:00 - 00000000 ____D C:\Users\Jay\Documents\WinMerge
2013-10-05 06:59 - 2013-10-05 07:00 - 00000000 ____D C:\Program Files (x86)\WinMerge
2013-10-04 09:03 - 2013-10-04 09:04 - 00000000 ____D C:\Users\Jay\AppData\Local\{A15849C5-CB7F-4412-8ECC-7C913EDFD6FA}
2013-10-03 09:37 - 2013-10-06 06:36 - 00002192 _____ C:\Users\Jay\Desktop\B5.txt
2013-10-03 08:22 - 2013-10-03 08:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{DB28843C-0AC0-484E-B90C-85066D47F991}
2013-10-03 06:21 - 2013-10-03 06:21 - 00000826 _____ C:\Users\Jay\Desktop\Stage3 - B5b - QualityWings Simulations Forum.url
2013-10-02 19:06 - 2013-10-02 19:06 - 00000000 ____D C:\Users\Jay\AppData\Local\{8BFF6287-0779-41B5-9955-09EB6E5EB19E}
2013-10-02 06:14 - 2013-10-02 06:14 - 00000288 _____ C:\Users\Jay\Desktop\Tor Browser Bundle.url
2013-10-02 05:03 - 2013-10-02 05:04 - 00000000 ____D C:\Users\Jay\AppData\Local\{189A3017-56D9-47D5-8C92-4E026BE0A6AD}
2013-10-01 05:55 - 2013-10-01 05:56 - 00000000 ____D C:\Users\Jay\AppData\Local\{F963F5BA-0BF4-49D1-A4A7-D3CE8FCA071A}
2013-09-30 14:07 - 2013-09-30 14:07 - 44927466 _____ C:\Users\Jay\Downloads\PPS2.zip
2013-09-30 14:03 - 2005-04-12 12:59 - 37498884 _____ C:\Users\Jay\Downloads\DefolianceFINAL2.mpg
2013-09-30 14:03 - 2003-02-09 19:29 - 06259007 _____ C:\Users\Jay\Downloads\DefolianceFINAL.wmv
2013-09-30 14:01 - 2013-09-30 14:01 - 35381742 _____ C:\Users\Jay\Downloads\Eggs PPS.zip
2013-09-30 04:53 - 2013-09-30 04:53 - 00000000 ____D C:\Users\Jay\AppData\Local\{1677F5E4-4D05-4081-9CC9-23D73236B2E6}
2013-09-29 13:38 - 2013-09-29 13:38 - 00000000 ____D C:\Users\Jay\AppData\Local\{A8024499-ACCB-431A-AAC4-C2E65325BFB4}
2013-09-29 12:41 - 2013-09-29 12:41 - 00000000 ____D C:\Users\Jay\AppData\Local\{D90E64BC-B511-4D1F-BD7B-098E060B5D51}
2013-09-29 04:54 - 2013-09-29 04:56 - 19992915 _____ C:\Users\Jay\Downloads\FA 2.5_Setup.rar
2013-09-28 15:13 - 2013-09-28 15:14 - 00000000 ____D C:\Users\Jay\AppData\Local\{05EA78DF-3ECE-49EE-BAB6-4DB0F587E906}
2013-09-28 08:07 - 2013-10-07 10:48 - 00001456 _____ C:\Windows\setupact.log
2013-09-28 08:07 - 2013-09-28 08:07 - 00000000 _____ C:\Windows\setuperr.log
2013-09-28 07:53 - 2013-09-28 07:53 - 00000192 _____ C:\Users\Jay\Desktop\Retail Detail Merchandising  Sealane Marketing  Category Management.url
2013-09-27 12:05 - 2013-09-27 12:05 - 00000380 _____ C:\Users\Jay\Desktop\Removing photo albums - Page 3.url
2013-09-27 05:03 - 2013-09-27 05:03 - 00000000 ____D C:\Users\Jay\AppData\Local\{CA69498B-FB7D-430E-875B-515F09DDE9DF}
2013-09-26 14:30 - 2013-09-26 14:31 - 00000000 ____D C:\Users\Jay\AppData\Local\{E4E6D6CC-87A7-41B5-8B6A-30C8E9D8F20F}
2013-09-26 10:31 - 2013-09-26 10:31 - 00000000 ____D C:\Users\Jay\AppData\Local\{512674DA-6F1C-4F8D-B302-C352D14105BA}
2013-09-26 10:13 - 2013-09-26 10:13 - 00000000 ____D C:\Users\Jay\AppData\Local\{8429FD20-FF4D-43E9-9C41-72B4B3319644}
2013-09-25 04:57 - 2013-09-25 04:58 - 00000000 ____D C:\Users\Jay\AppData\Local\{FAF2988F-6363-4FD3-9D2F-FCEABD84ABEF}
2013-09-24 05:05 - 2013-09-24 05:06 - 00000000 ____D C:\Users\Jay\AppData\Local\{FEC0F437-5E0C-4FA7-9310-430DEC128097}
2013-09-23 20:38 - 2013-09-23 20:38 - 00000000 ____D C:\Users\Jay\AppData\Local\{5E606A0A-032D-4AB2-984F-985DA904B840}
2013-09-23 08:22 - 2013-09-23 08:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{F42D03D3-C88D-4CEC-9C92-92843EB73656}
2013-09-23 05:00 - 2013-09-23 05:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{4D1D7E4E-4BE6-41B8-BDE6-2BC96E0C6A09}
2013-09-22 06:29 - 2013-09-22 06:30 - 00000000 ____D C:\Users\Jay\AppData\Local\{A8960DE0-5211-4E45-9BBA-15255633FA93}
2013-09-22 05:43 - 2013-09-22 05:43 - 98586517 _____ C:\Windows\SysWOW64\嗇鈺x
2013-09-21 05:34 - 2013-09-21 05:35 - 00000000 ____D C:\Users\Jay\AppData\Local\{0138E0B7-F5C0-4272-A96A-FE05BC44359F}
2013-09-20 09:48 - 2013-09-20 09:48 - 00000000 ____D C:\Users\Jay\AppData\Local\{B5136468-F33F-4475-9E3D-17474CCBBF54}
2013-09-19 06:10 - 2003-09-22 20:05 - 19964840 _____ C:\Users\Jay\Downloads\Faii_Setup.zip
2013-09-18 21:01 - 2013-09-18 21:02 - 00000000 ____D C:\Users\Jay\AppData\Local\{34E95386-D3F1-4295-98DB-8C3ADA1FB568}
2013-09-18 05:29 - 2013-09-18 05:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{0B62097D-882E-4F60-8838-E1F307C4D5A4}
2013-09-17 05:21 - 2013-09-17 05:21 - 00000000 ____D C:\Users\Jay\AppData\Local\{5728F226-F216-4466-A24C-A96D015640D0}
2013-09-16 16:31 - 2013-09-16 16:32 - 00000000 ____D C:\Users\Jay\AppData\Local\{FBF71B8C-6B49-4AC8-94C8-9CCA76B92A63}
2013-09-16 04:59 - 2013-09-16 04:59 - 00000141 _____ C:\Users\Jay\Desktop\FSXWX Instructions.url
2013-09-16 04:12 - 2013-09-16 04:13 - 00000000 ____D C:\Users\Jay\AppData\Local\{ACC6B9A8-649F-4160-84AF-BC60102DB2E6}
2013-09-15 12:28 - 2013-09-15 12:28 - 00000000 ____D C:\Users\Jay\AppData\Local\{689D4132-2883-44F8-AC10-D59F704CE136}
2013-09-14 13:45 - 2013-09-14 13:46 - 00000000 ____D C:\Users\Jay\AppData\Local\{32BA1E5C-6BD9-4550-A730-5C04170A0504}
2013-09-14 11:34 - 2013-09-14 11:34 - 97600188 _____ C:\Windows\SysWOW64\ॳ喫
2013-09-13 14:22 - 2013-09-13 14:22 - 00002069 _____ C:\Users\Jay\Desktop\Flightradar24.com - Live flight tracker!.url
2013-09-13 11:20 - 2013-09-13 11:20 - 00001561 _____ C:\Users\Jay\Desktop\MD80 Manager & Setup.lnk
2013-09-13 09:33 - 2013-09-13 09:33 - 00000000 ____D C:\Users\Jay\AppData\Local\{B0443BB6-D8F6-48F1-835F-46A9734F6F85}
2013-09-12 11:54 - 2013-09-12 11:55 - 00000000 ____D C:\Users\Jay\AppData\Local\{42EFBA76-8DC7-4E54-8EBA-A5E8D6178733}
2013-09-12 11:54 - 2013-09-12 11:54 - 00000000 ____D C:\Users\Jay\AppData\Local\{1F116570-7DA4-4C60-919D-F26196E39D2F}
2013-09-11 19:50 - 2013-09-11 19:50 - 00000000 ____D C:\Users\Jay\AppData\Local\{99B766E8-2A37-4794-B5CA-2FAEF2C62DE7}
2013-09-11 19:23 - 2013-09-11 19:23 - 00000265 _____ C:\Users\Jay\Desktop\Ground Environment X Series - SimForums.com Discussion - Page 1.url
2013-09-11 05:05 - 2013-07-31 06:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-11 05:05 - 2013-07-31 05:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-11 05:05 - 2013-07-31 05:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-11 05:05 - 2013-07-31 05:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-11 05:05 - 2013-07-31 05:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-11 05:05 - 2013-07-31 05:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-09-11 05:05 - 2013-07-31 05:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-09-11 05:05 - 2013-07-31 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-11 05:05 - 2013-07-31 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-09-11 05:05 - 2013-07-31 05:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-11 05:05 - 2013-07-31 05:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-09-11 05:05 - 2013-07-31 05:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-11 05:05 - 2013-07-31 05:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-11 05:05 - 2013-07-31 05:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-09-11 05:05 - 2013-07-31 05:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-11 05:05 - 2013-07-31 05:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-11 05:05 - 2013-07-31 02:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 05:05 - 2013-07-31 02:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 05:05 - 2013-07-31 02:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 05:05 - 2013-07-31 01:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 05:05 - 2013-07-31 01:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-11 05:05 - 2013-07-31 01:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 05:05 - 2013-07-31 01:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-11 05:05 - 2013-07-31 01:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 05:05 - 2013-07-31 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 05:05 - 2013-07-31 01:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-11 05:05 - 2013-07-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-11 05:05 - 2013-07-31 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 05:05 - 2013-07-31 01:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 05:05 - 2013-07-31 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 05:05 - 2013-07-31 01:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-11 05:05 - 2013-07-31 01:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 05:01 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-11 05:01 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-11 05:01 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-11 05:01 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-11 05:01 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-09-11 05:01 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-09-11 05:01 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-09-11 05:01 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-11 05:01 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-09-11 05:01 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-11 05:01 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 05:01 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 05:01 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 05:01 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 05:01 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 05:01 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-11 05:01 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-11 05:01 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 05:01 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 05:01 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 05:01 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 05:01 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 05:01 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 05:01 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-11 05:01 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-11 05:01 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 05:01 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 04:56 - 2013-09-11 04:56 - 00000000 ____D C:\Users\Jay\AppData\Local\{6BD4F19D-860A-46E9-837B-AC99237F7BD9}
2013-09-10 10:00 - 2013-09-10 10:00 - 00312232 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-09-10 10:00 - 2013-09-10 10:00 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-09-10 10:00 - 2013-09-10 10:00 - 00188840 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-09-10 10:00 - 2013-09-10 10:00 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-09-10 10:00 - 2013-09-10 10:00 - 00000000 ____D C:\Program Files\Java
2013-09-10 09:16 - 2013-09-10 09:16 - 00000000 ____D C:\Users\Jay\AppData\Local\Overwolf
2013-09-10 05:51 - 2013-09-10 05:52 - 00000000 ____D C:\Users\Jay\AppData\Local\{A4CA0E39-1E39-4448-A553-88BD764BF1DB}
2013-09-10 04:41 - 2013-09-10 16:41 - 97021647 _____ C:\Windows\SysWOW64\޼S
2013-09-09 18:32 - 2013-09-09 18:32 - 00000000 ____D C:\Users\Jay\AppData\Local\{FF8426E7-3A39-45DD-8A77-420C428852A1}
2013-09-09 17:00 - 2013-09-09 17:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{75F0FB43-E0F4-49B8-A184-86955E539600}
2013-09-09 04:29 - 2013-09-09 04:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{3C2DBFA8-FB5B-4CF5-8C3F-981BCAE9E50C}
2013-09-08 06:08 - 2013-09-08 06:08 - 00000000 ____D C:\Users\Jay\AppData\Local\{1790E52E-4A78-4E43-84A7-DBB405EF8634}
2013-09-07 16:00 - 2013-09-07 16:01 - 00000000 ____D C:\Users\Jay\AppData\Local\{E9F67324-4F39-48DD-A4DA-5D22C099F260}
2013-09-07 15:22 - 2013-09-07 15:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{771676A1-91FE-41D6-AEC6-B20347AAFF16}
2013-09-07 15:12 - 2013-09-07 15:12 - 00000000 ____D C:\Users\Jay\AppData\Local\{F02936EC-A1C0-4A64-8F6D-E19134A20776}
2013-09-07 12:37 - 2013-09-07 12:37 - 00000000 ____D C:\Users\Jay\AppData\Local\{9C5B5252-B6A4-4017-A7B8-CD4BBF6D6C88}
2013-09-07 05:50 - 2013-09-12 05:44 - 00000000 ____D C:\Users\Jay\Downloads\FSX Weather

==================== One Month Modified Files and Folders =======

2013-10-07 11:55 - 2012-06-10 07:34 - 00014419 _____ C:\Users\Jay\Desktop\PW.xlsx
2013-10-07 11:51 - 2009-07-13 21:13 - 00779266 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-07 11:28 - 2013-10-07 11:28 - 00055388 _____ C:\Users\Jay\Downloads\FRST.txt
2013-10-07 11:12 - 2012-09-27 12:48 - 00000000 ____D C:\Users\Jay\AppData\Roaming\MailWasherPro
2013-10-07 10:50 - 2010-05-16 17:13 - 02395321 _____ C:\Windows\System32\oodbs.lor
2013-10-07 10:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-10-07 10:48 - 2013-09-28 08:07 - 00001456 _____ C:\Windows\setupact.log
2013-10-07 10:48 - 2011-06-24 12:02 - 00000406 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2013-10-07 10:48 - 2010-05-17 19:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-07 10:48 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-07 09:49 - 2013-10-07 09:49 - 00034673 _____ C:\Users\Jay\Downloads\Addition.txt
2013-10-07 09:48 - 2013-10-07 09:48 - 00000000 ____D C:\FRST
2013-10-07 09:47 - 2013-10-07 09:47 - 01954124 _____ (Farbar) C:\Users\Jay\Downloads\FRST64.exe
2013-10-07 09:45 - 2013-10-07 09:45 - 01641768 _____ C:\Users\Jay\Desktop\Setup.exe.dap
2013-10-07 09:45 - 2013-04-04 09:10 - 00000000 ____D C:\Users\Jay\AppData\Roaming\EQATEC Analytics
2013-10-07 07:45 - 2010-05-20 14:09 - 00952832 ___SH C:\Users\Jay\Desktop\Thumbs.db
2013-10-07 07:36 - 2013-10-07 07:36 - 00024902 _____ C:\Users\Jay\Desktop\dds.txt
2013-10-07 07:36 - 2013-10-07 07:36 - 00023635 _____ C:\Users\Jay\Desktop\attach.txt
2013-10-07 07:31 - 2013-10-07 07:31 - 00001051 _____ C:\Users\Jay\Desktop\Malware forum text.txt
2013-10-07 07:28 - 2013-10-07 07:28 - 00688992 ____R (Swearware) C:\Users\Jay\Desktop\dds.com
2013-10-07 07:28 - 2013-10-07 07:28 - 00688992 _____ (Swearware) C:\Users\Jay\Desktop\dds.scr
2013-10-07 07:17 - 2013-10-07 07:17 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Jay\Desktop\mbam-clean-1.60.2.0003.exe
2013-10-07 07:17 - 2012-05-21 12:20 - 00000000 ____D C:\Users\Jay\Downloads\QW
2013-10-07 06:44 - 2013-10-05 12:39 - 00002684 _____ C:\Windows\PFRO.log
2013-10-07 05:38 - 2010-05-24 07:50 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-10-07 05:29 - 2011-06-07 11:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-07 05:17 - 2010-05-15 12:41 - 01424600 _____ C:\Windows\WindowsUpdate.log
2013-10-07 05:08 - 2011-12-12 09:32 - 00005718 __RSH C:\ProgramData\ntuser.pol
2013-10-07 05:07 - 2013-08-06 04:51 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-10-07 05:07 - 2013-08-06 04:50 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-10-07 05:07 - 2013-08-06 04:50 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-10-07 05:07 - 2013-08-06 04:50 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-10-07 04:56 - 2013-10-07 04:55 - 00000000 ____D C:\Users\Jay\AppData\Local\{257B8B5B-5B05-4B62-9EDD-3BECE0323587}
2013-10-07 04:48 - 2010-05-17 19:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-07 04:48 - 2009-07-13 20:45 - 00015008 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-07 04:48 - 2009-07-13 20:45 - 00015008 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-07 04:43 - 2010-05-21 18:17 - 00000000 ____D C:\Users\Jay\AppData\Roaming\Skype
2013-10-07 04:41 - 2012-02-29 15:58 - 00171601 _____ C:\ProgramData\dleascan.log
2013-10-06 20:37 - 2013-03-19 03:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-06 15:29 - 2010-05-17 08:07 - 00000000 ____D C:\Users\Jay\Documents\Flight Simulator X Files
2013-10-06 14:45 - 2010-05-16 16:09 - 00007603 _____ C:\Users\Jay\AppData\Local\resmon.resmoncfg
2013-10-06 11:03 - 2013-10-06 05:03 - 99477982 _____ C:\Windows\SysWOW64\敉儔A
2013-10-06 06:36 - 2013-10-03 09:37 - 00002192 _____ C:\Users\Jay\Desktop\B5.txt
2013-10-05 17:10 - 2011-07-05 15:23 - 00000000 ____D C:\Users\Jay\AppData\Roaming\TS3Client
2013-10-05 10:11 - 2013-10-05 10:10 - 00000000 ____D C:\Users\Jay\AppData\Local\{6FBDF05F-4CFA-45F2-B168-568216BA99B0}
2013-10-05 09:10 - 2013-10-05 09:10 - 00000000 ____D C:\Users\Jay\AppData\Local\{B575D835-C06E-4AD5-971C-84303070828F}
2013-10-05 07:00 - 2013-10-05 07:00 - 00001068 _____ C:\Users\Public\Desktop\WinMerge.lnk
2013-10-05 07:00 - 2013-10-05 07:00 - 00000000 ____D C:\Users\Jay\Documents\WinMerge
2013-10-05 07:00 - 2013-10-05 06:59 - 00000000 ____D C:\Program Files (x86)\WinMerge
2013-10-04 09:04 - 2013-10-04 09:03 - 00000000 ____D C:\Users\Jay\AppData\Local\{A15849C5-CB7F-4412-8ECC-7C913EDFD6FA}
2013-10-04 04:10 - 2009-07-13 20:45 - 00481416 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-03 08:22 - 2013-10-03 08:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{DB28843C-0AC0-484E-B90C-85066D47F991}
2013-10-03 06:53 - 2010-05-15 14:41 - 00146496 _____ C:\Users\Jay\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-03 06:48 - 2013-01-28 10:00 - 00000000 ____D C:\Users\Jay\Downloads\BS
2013-10-03 06:21 - 2013-10-03 06:21 - 00000826 _____ C:\Users\Jay\Desktop\Stage3 - B5b - QualityWings Simulations Forum.url
2013-10-02 19:06 - 2013-10-02 19:06 - 00000000 ____D C:\Users\Jay\AppData\Local\{8BFF6287-0779-41B5-9955-09EB6E5EB19E}
2013-10-02 17:49 - 2011-07-05 15:23 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-10-02 06:34 - 2009-07-13 21:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-02 06:30 - 2013-05-15 17:38 - 00000055 _____ C:\Users\Jay\Desktop\BLUESKY HOT LINK.txt
2013-10-02 06:14 - 2013-10-02 06:14 - 00000288 _____ C:\Users\Jay\Desktop\Tor Browser Bundle.url
2013-10-02 05:04 - 2013-10-02 05:03 - 00000000 ____D C:\Users\Jay\AppData\Local\{189A3017-56D9-47D5-8C92-4E026BE0A6AD}
2013-10-01 05:56 - 2013-10-01 05:55 - 00000000 ____D C:\Users\Jay\AppData\Local\{F963F5BA-0BF4-49D1-A4A7-D3CE8FCA071A}
2013-09-30 14:07 - 2013-09-30 14:07 - 44927466 _____ C:\Users\Jay\Downloads\PPS2.zip
2013-09-30 14:05 - 2010-05-29 07:04 - 00889856 ___SH C:\Users\Jay\Downloads\Thumbs.db
2013-09-30 14:01 - 2013-09-30 14:01 - 35381742 _____ C:\Users\Jay\Downloads\Eggs PPS.zip
2013-09-30 04:53 - 2013-09-30 04:53 - 00000000 ____D C:\Users\Jay\AppData\Local\{1677F5E4-4D05-4081-9CC9-23D73236B2E6}
2013-09-29 13:38 - 2013-09-29 13:38 - 00000000 ____D C:\Users\Jay\AppData\Local\{A8024499-ACCB-431A-AAC4-C2E65325BFB4}
2013-09-29 12:41 - 2013-09-29 12:41 - 00000000 ____D C:\Users\Jay\AppData\Local\{D90E64BC-B511-4D1F-BD7B-098E060B5D51}
2013-09-29 04:56 - 2013-09-29 04:54 - 19992915 _____ C:\Users\Jay\Downloads\FA 2.5_Setup.rar
2013-09-28 15:14 - 2013-09-28 15:13 - 00000000 ____D C:\Users\Jay\AppData\Local\{05EA78DF-3ECE-49EE-BAB6-4DB0F587E906}
2013-09-28 08:18 - 2013-08-19 18:42 - 00010398 _____ C:\Users\Jay\Desktop\Payment schedule.xlsx
2013-09-28 08:07 - 2013-09-28 08:07 - 00000000 _____ C:\Windows\setuperr.log
2013-09-28 07:53 - 2013-09-28 07:53 - 00000192 _____ C:\Users\Jay\Desktop\Retail Detail Merchandising  Sealane Marketing  Category Management.url
2013-09-27 12:05 - 2013-09-27 12:05 - 00000380 _____ C:\Users\Jay\Desktop\Removing photo albums - Page 3.url
2013-09-27 05:03 - 2013-09-27 05:03 - 00000000 ____D C:\Users\Jay\AppData\Local\{CA69498B-FB7D-430E-875B-515F09DDE9DF}
2013-09-26 14:31 - 2013-09-26 14:30 - 00000000 ____D C:\Users\Jay\AppData\Local\{E4E6D6CC-87A7-41B5-8B6A-30C8E9D8F20F}
2013-09-26 10:31 - 2013-09-26 10:31 - 00000000 ____D C:\Users\Jay\AppData\Local\{512674DA-6F1C-4F8D-B302-C352D14105BA}
2013-09-26 10:14 - 2012-07-12 19:10 - 00000246 _____ C:\Users\Jay\Desktop\Tracking.txt
2013-09-26 10:13 - 2013-09-26 10:13 - 00000000 ____D C:\Users\Jay\AppData\Local\{8429FD20-FF4D-43E9-9C41-72B4B3319644}
2013-09-25 04:58 - 2013-09-25 04:57 - 00000000 ____D C:\Users\Jay\AppData\Local\{FAF2988F-6363-4FD3-9D2F-FCEABD84ABEF}
2013-09-24 05:06 - 2013-09-24 05:05 - 00000000 ____D C:\Users\Jay\AppData\Local\{FEC0F437-5E0C-4FA7-9310-430DEC128097}
2013-09-23 20:38 - 2013-09-23 20:38 - 00000000 ____D C:\Users\Jay\AppData\Local\{5E606A0A-032D-4AB2-984F-985DA904B840}
2013-09-23 14:32 - 2010-05-17 07:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2013-09-23 14:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-09-23 08:22 - 2013-09-23 08:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{F42D03D3-C88D-4CEC-9C92-92843EB73656}
2013-09-23 07:20 - 2010-05-22 07:39 - 00000000 ____D C:\FSX Panel Store
2013-09-23 05:00 - 2013-09-23 05:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{4D1D7E4E-4BE6-41B8-BDE6-2BC96E0C6A09}
2013-09-22 06:30 - 2013-09-22 06:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{A8960DE0-5211-4E45-9BBA-15255633FA93}
2013-09-22 05:43 - 2013-09-22 05:43 - 98586517 _____ C:\Windows\SysWOW64\嗇鈺x
2013-09-21 05:35 - 2013-09-21 05:34 - 00000000 ____D C:\Users\Jay\AppData\Local\{0138E0B7-F5C0-4272-A96A-FE05BC44359F}
2013-09-20 09:48 - 2013-09-20 09:48 - 00000000 ____D C:\Users\Jay\AppData\Local\{B5136468-F33F-4475-9E3D-17474CCBBF54}
2013-09-20 06:14 - 2010-05-18 22:23 - 00000000 ____D C:\Users\Jay\Desktop\QW
2013-09-19 16:37 - 2013-03-19 03:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 16:37 - 2012-04-04 04:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 16:37 - 2011-05-20 06:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-18 21:02 - 2013-09-18 21:01 - 00000000 ____D C:\Users\Jay\AppData\Local\{34E95386-D3F1-4295-98DB-8C3ADA1FB568}
2013-09-18 05:29 - 2013-09-18 05:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{0B62097D-882E-4F60-8838-E1F307C4D5A4}
2013-09-17 14:04 - 2012-02-29 17:22 - 00066630 _____ C:\ProgramData\dleaJSW.log
2013-09-17 14:04 - 2012-02-29 16:47 - 00000000 ____D C:\ProgramData\Dl_cats
2013-09-17 05:21 - 2013-09-17 05:21 - 00000000 ____D C:\Users\Jay\AppData\Local\{5728F226-F216-4466-A24C-A96D015640D0}
2013-09-16 16:32 - 2013-09-16 16:31 - 00000000 ____D C:\Users\Jay\AppData\Local\{FBF71B8C-6B49-4AC8-94C8-9CCA76B92A63}
2013-09-16 04:59 - 2013-09-16 04:59 - 00000141 _____ C:\Users\Jay\Desktop\FSXWX Instructions.url
2013-09-16 04:13 - 2013-09-16 04:12 - 00000000 ____D C:\Users\Jay\AppData\Local\{ACC6B9A8-649F-4160-84AF-BC60102DB2E6}
2013-09-15 12:28 - 2013-09-15 12:28 - 00000000 ____D C:\Users\Jay\AppData\Local\{689D4132-2883-44F8-AC10-D59F704CE136}
2013-09-14 13:46 - 2013-09-14 13:45 - 00000000 ____D C:\Users\Jay\AppData\Local\{32BA1E5C-6BD9-4550-A730-5C04170A0504}
2013-09-14 11:34 - 2013-09-14 11:34 - 97600188 _____ C:\Windows\SysWOW64\ॳ喫
2013-09-13 14:22 - 2013-09-13 14:22 - 00002069 _____ C:\Users\Jay\Desktop\Flightradar24.com - Live flight tracker!.url
2013-09-13 11:20 - 2013-09-13 11:20 - 00001561 _____ C:\Users\Jay\Desktop\MD80 Manager & Setup.lnk
2013-09-13 10:37 - 2010-05-17 09:16 - 00000000 ____D C:\Users\Jay\AppData\Roaming\FileZilla
2013-09-13 09:33 - 2013-09-13 09:33 - 00000000 ____D C:\Users\Jay\AppData\Local\{B0443BB6-D8F6-48F1-835F-46A9734F6F85}
2013-09-12 11:55 - 2013-09-12 11:54 - 00000000 ____D C:\Users\Jay\AppData\Local\{42EFBA76-8DC7-4E54-8EBA-A5E8D6178733}
2013-09-12 11:54 - 2013-09-12 11:54 - 00000000 ____D C:\Users\Jay\AppData\Local\{1F116570-7DA4-4C60-919D-F26196E39D2F}
2013-09-12 05:48 - 2013-08-23 12:32 - 00000000 ____D C:\Users\Jay\Downloads\GEX
2013-09-12 05:44 - 2013-09-07 05:50 - 00000000 ____D C:\Users\Jay\Downloads\FSX Weather
2013-09-11 19:50 - 2013-09-11 19:50 - 00000000 ____D C:\Users\Jay\AppData\Local\{99B766E8-2A37-4794-B5CA-2FAEF2C62DE7}
2013-09-11 19:23 - 2013-09-11 19:23 - 00000265 _____ C:\Users\Jay\Desktop\Ground Environment X Series - SimForums.com Discussion - Page 1.url
2013-09-11 14:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-09-11 05:10 - 2013-07-11 12:13 - 00000000 ____D C:\Windows\System32\MRT
2013-09-11 05:06 - 2010-05-15 12:48 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-11 04:56 - 2013-09-11 04:56 - 00000000 ____D C:\Users\Jay\AppData\Local\{6BD4F19D-860A-46E9-837B-AC99237F7BD9}
2013-09-10 16:41 - 2013-09-10 04:41 - 97021647 _____ C:\Windows\SysWOW64\޼S
2013-09-10 10:55 - 2010-05-15 21:22 - 00000000 ____D C:\Users\Jay\AppData\Local\CrossLoop
2013-09-10 10:00 - 2013-09-10 10:00 - 00312232 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-09-10 10:00 - 2013-09-10 10:00 - 00189352 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-09-10 10:00 - 2013-09-10 10:00 - 00188840 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-09-10 10:00 - 2013-09-10 10:00 - 00108968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-09-10 10:00 - 2013-09-10 10:00 - 00000000 ____D C:\Program Files\Java
2013-09-10 10:00 - 2013-01-04 17:58 - 01093032 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-09-10 10:00 - 2010-06-02 11:54 - 00972712 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-09-10 09:16 - 2013-09-10 09:16 - 00000000 ____D C:\Users\Jay\AppData\Local\Overwolf
2013-09-10 05:52 - 2013-09-10 05:51 - 00000000 ____D C:\Users\Jay\AppData\Local\{A4CA0E39-1E39-4448-A553-88BD764BF1DB}
2013-09-09 18:32 - 2013-09-09 18:32 - 00000000 ____D C:\Users\Jay\AppData\Local\{FF8426E7-3A39-45DD-8A77-420C428852A1}
2013-09-09 17:00 - 2013-09-09 17:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{75F0FB43-E0F4-49B8-A184-86955E539600}
2013-09-09 04:29 - 2013-09-09 04:29 - 00000000 ____D C:\Users\Jay\AppData\Local\{3C2DBFA8-FB5B-4CF5-8C3F-981BCAE9E50C}
2013-09-08 06:08 - 2013-09-08 06:08 - 00000000 ____D C:\Users\Jay\AppData\Local\{1790E52E-4A78-4E43-84A7-DBB405EF8634}
2013-09-07 16:01 - 2013-09-07 16:00 - 00000000 ____D C:\Users\Jay\AppData\Local\{E9F67324-4F39-48DD-A4DA-5D22C099F260}
2013-09-07 15:22 - 2013-09-07 15:22 - 00000000 ____D C:\Users\Jay\AppData\Local\{771676A1-91FE-41D6-AEC6-B20347AAFF16}
2013-09-07 15:12 - 2013-09-07 15:12 - 00000000 ____D C:\Users\Jay\AppData\Local\{F02936EC-A1C0-4A64-8F6D-E19134A20776}
2013-09-07 12:37 - 2013-09-07 12:37 - 00000000 ____D C:\Users\Jay\AppData\Local\{9C5B5252-B6A4-4017-A7B8-CD4BBF6D6C88}
2013-09-07 05:51 - 2013-09-06 07:02 - 00001301 _____ C:\Users\Jay\Desktop\FSXWX.exe - Shortcut.lnk

Files to move or delete:
====================
C:\Users\Jay\QualityWings_Ultimate 757 Collection.reg

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 6135.14 MB
Available physical RAM: 5389.18 MB
Total Pagefile: 6133.29 MB
Available Pagefile: 5379.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:261.49 GB) NTFS
Drive d: (Video 1-INTERNAL) (Fixed) (Total:69.25 GB) (Free:56.53 GB) NTFS
Drive e: (Video 2-INTERNAL) (Fixed) (Total:69.25 GB) (Free:54.76 GB) NTFS
Drive h: (PHONE) (Removable) (Total:0.02 GB) (Free:0.02 GB) FAT
Drive i: (FLASH120MEG) (Removable) (Total:0.12 GB) (Free:0.07 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F8FB00A2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 69 GB) (Disk ID: DD5DEA52)
Partition 1: (Not Active) - (Size=69 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 69 GB) (Disk ID: 6E697373)
No partition Table on disk 2.
 Could not read MBR for disk 3.

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 122 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=122 MB) - (Type=0B)

LastRegBack: 2013-09-30 20:37

==================== End Of Log ============================

Link to post
Share on other sites

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the computer boots normally now.

MrC

Link to post
Share on other sites

I thought for a minute it was going to boot up normaly, it went past the Welcome screen, showed the taskbar for about 20 seconds and a DOS window opened for a split second, then back to balck screenm still can only boot in safe mode... log....

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-07 17:07:12 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2013-09-30 20:37

*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

Link to post
Share on other sites

I followed the clean boot for W7 using msconfig. Disabled all MS services then rebooted But since it turned everything off then restarted some of them I dont see a way to ID what caused the problem.

 

I really need to find it because my laptop with XP has that damn popup on it and no way to get rid of it. If I cant remove it then the laptop will have to remain on forever! 

Link to post
Share on other sites

You have to follow the instructions to find out what causing the problem:

On that page under......
Windows 7 and Windows Vista

Click the Services tab, and then click to select the Hide all Microsoft services check box.
Click to select half of the check boxes in the Service list.
Click OK, and then click Restart.
After the computer finishes restarting, determine whether the problem still occurs.
If the problem still occurs, repeat steps 1 through 4, but clear half of the checked boxes in the Service list that you originally selected.
If the problem does not occur, repeat steps 1 through 4, selecting only half of the remaining check boxes that are cleared in the Service list. Repeat these steps until you have selected all the check boxes.
If you still experience the problem after only one service is selected in the Service list, this means that the selected service causes the problem. Go to step 10. If no service causes this problem, go to step 7.
Perform a clean boot by repeating steps 1 and 2.
Click the Startup tab, and then click to select half of the check boxes in the Startup Item list.

etc...........

Link to post
Share on other sites

Thanks, I will work on that and report back.

 

Do you have any idea how I can get that popup off my laptop desktop? If I reboot that machine with it there I am afraid its going to infect that one too. As it is now its ok but I can find any way to remove the popup

Link to post
Share on other sites

On the laptop.

 

Bring up your task manager and look under applications or processes for it.

 

or

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Addition.txtIt showed in task mgr but couldnt close it......logs ......

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Jay (administrator) on JAYLAPTOP on 07-10-2013 20:24:27
Running from C:\Temp 1
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
() C:\WINDOWS\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Dell V310-V510 Series\dleamon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
() C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dleaserv.exe
( ) C:\WINDOWS\system32\dleacoms.exe
(Hewlett-Packard) C:\WINDOWS\system32\HPConfig.exe
(Hewlett-Packard Co.) C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
() C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG10\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgcsrvx.exe
(Avira Operations GmbH & Co. KG) C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
(Avira Operations GmbH & Co. KG) C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [dleamon.exe] - C:\Program Files\Dell V310-V510 Series\dleamon.exe [770728 2011-01-23] ()
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2404376 2013-10-02] ()
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\runonceex: [] - [x]
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={68071881-B1E0-4C09-A298-E5F2C4DAAAC6}&mid=c2ee2707ae8707834b8c629fceb2879a-5ba394a111c738190b076eadd8ce397db190f3b3〈=us&ds=AVG&pr=fr&d=2011-12-12 12:11:23&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A0E2079C-A239-414C-8473-9E0F0702DCE6} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10400&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABY&apn_dtid=^YYYYYY^YY^US&apn_uid=ed9af7ac-4a3c-49a5-89b8-84f63a47a08a&apn_sauid=61EC1C94-1631-492B-9A6C-4D2D96D5DFAD
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Watch for Browser Events - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\PROGRA~1\KEYBOA~1\kie.dll (Insight Software Solutions)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM -  No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU -Dell Toolbar - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU -Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} http://ca1mikpws002.ops.placeware.com/etc/place/MIKE/MIKpws-2a/5.1.4.243/lib/quicksilver.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 24 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1

Chrome:
=======


CHR Extension: (YouTube) - C:\DOCUME~1\Jay\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0
CHR HKLM\...\Chrome\Extension: [aaaangaohdajkgeopjhpbnlpkehbhmbj] - C:\Documents and Settings\Jay\Local Settings\Application Data\APN\GoogleCRXs\aaaangaohdajkgeopjhpbnlpkehbhmbj_7.15.2.0.crx
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG10\Chrome\safesearch.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\17.0.1.12\avg.crx

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-02] (Avira Operations GmbH & Co. KG)
R2 Ati HotKey Poller; C:\Windows\System32\Ati2evxx.exe [397312 2004-05-15] ()
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 dleaCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe [193192 2010-05-21] ()
R2 dlea_device; C:\WINDOWS\system32\dleacoms.exe [598696 2010-05-21] ( )
R2 HPConfig; C:\WINDOWS\system32\HPConfig.exe [151552 2002-08-15] (Hewlett-Packard)
R2 HPWirelessMgr; C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe [53248 2003-01-14] (Hewlett-Packard Co.)
S3 KodakCCS; C:\Windows\system32\drivers\KodakCCS.exe [411920 2005-03-30] (Eastman Kodak Company)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-02] (AVG Secure Search)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
S2 Retrospect Helper; "C:\Program Files\Dantz\Client\rthlpsvc.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 allegro; C:\Windows\System32\drivers\es198x.sys [174464 2001-08-17] (ESS Technology, Inc.)
S3 atimpab; C:\Windows\System32\DRIVERS\atimpab.sys [289664 2001-08-17] (ATI Technologies Inc.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [27216 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-02] (Avira Operations GmbH & Co. KG)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-02] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-27] (Avira Operations GmbH & Co. KG)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [604928 2006-10-13] (Broadcom Corporation)
S3 Ca100v; C:\Windows\System32\Drivers\Ca100v.sys [516635 2002-08-30] (Digital Camera)
R0 caboagp; C:\Windows\System32\DRIVERS\atisgkaf.sys [23570 2002-08-30] (ATI Technologies Inc.)
R3 CALIAUD; C:\Windows\System32\drivers\caliaud.sys [292352 2004-02-17] (Conexant Systems Inc.)
R3 CALIHALA; C:\Windows\System32\drivers\calihal.sys [273536 2004-02-17] (Conexant Systems Inc.)
R1 Cdr4_xp; C:\Windows\System32\Drivers\Cdr4_xp.sys [62288 2003-03-26] (Roxio)
R1 Cdralw2k; C:\Windows\System32\Drivers\Cdralw2k.sys [23436 2003-03-26] (Roxio)
R1 cdudf_xp; C:\Windows\System32\Drivers\cdudf_xp.sys [241280 2003-03-26] (Roxio)
R1 DcCam; C:\Windows\System32\DRIVERS\DcCam.sys [37150 2005-06-16] (Eastman Kodak Company)
S3 DcFpoint; C:\Windows\System32\DRIVERS\DcFpoint.sys [61564 2005-03-31] (Eastman Kodak Company)
R2 DCFS2K; C:\Windows\System32\drivers\dcfs2k.sys [38673 2005-03-31] (Eastman Kodak Company)
S3 DcLps; C:\Windows\System32\DRIVERS\DcLps.sys [8022 2005-03-31] (Eastman Kodak Company)
S3 DcPTP; C:\Windows\System32\DRIVERS\DcPTP.sys [70262 2005-03-31] (Eastman Kodak Company)
R3 DP83815; C:\Windows\System32\DRIVERS\DP83815.SYS [18432 2004-07-15] (National Semiconductor Corp.)
S3 dvd_2K; C:\Windows\System32\Drivers\dvd_2K.sys [25930 2003-03-26] (Roxio)
S1 Exportit; C:\Windows\System32\DRIVERS\exportit.sys [152081 2005-03-31] (Eastman Kodak Company)
S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23832 2008-07-26] (Logitech Inc.)
S3 HPCI; C:\Windows\System32\DRIVERS\hpci.sys [14504 2002-07-17] (Hewlett-Packard)
R3 HSFHWALI; C:\Windows\System32\DRIVERS\HSFHWALI.sys [205696 2004-12-15] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [1038208 2004-12-15] (Conexant Systems, Inc.)
S3 lvselsus; C:\Windows\System32\DRIVERS\lvselsus.sys [66456 2008-07-26] (Logitech Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 mmc_2K; C:\Windows\System32\Drivers\mmc_2K.sys [30662 2003-03-26] (Roxio)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [14604 2003-08-11] (Padus, Inc.)
R1 pwd_2k; C:\Windows\System32\Drivers\pwd_2k.sys [144250 2003-03-26] (Roxio)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 StreamDispatcher; C:\Windows\System32\DRIVERS\strmdisp.sys [30592 2003-05-21] (Conexant Systems, Inc.)
R1 UdfReadr_xp; C:\Windows\System32\Drivers\UdfReadr_xp.sys [206464 2003-03-26] (Roxio)
S3 USBCamera; C:\Windows\System32\Drivers\Bulk100.sys [10986 2002-07-26] (USB BULK)
S3 CE3; System32\DRIVERS\ce3n5.sys [x]
S3 GenericMount; system32\DRIVERS\GenericMount.sys [x]
S4 hpt3xx; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U2 V2iMount;
S3 WSIMD; system32\DRIVERS\wsimd.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: Ip6FwHlp -> No Registry Path.

==================== One Month Created Files and Folders ========

2013-10-07 20:24 - 2013-10-07 20:24 - 00000000 ____D C:\FRST
2013-10-06 15:16 - 2013-10-06 15:16 - 99477982 _____ C:\WINDOWS\system32\♧叵嗔7
2013-09-30 09:00 - 2013-09-30 09:00 - 98499637 _____ C:\WINDOWS\system32\姛꟢嗔7
2013-09-22 16:37 - 2013-09-22 16:37 - 98597466 _____ C:\WINDOWS\system32\屨嗔7
2013-09-18 11:11 - 2013-10-06 19:31 - 00016438 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-18 10:50 - 2013-09-18 10:50 - 00000060 _____ C:\WINDOWS\setupact.log
2013-09-18 10:50 - 2013-09-18 10:50 - 00000000 _____ C:\WINDOWS\setuperr.log

==================== One Month Modified Files and Folders =======

2013-10-07 20:24 - 2013-10-07 20:24 - 00000000 ____D C:\FRST
2013-10-07 20:23 - 2004-01-21 17:58 - 00000000 ____D C:\Temp 1
2013-10-07 19:48 - 2010-10-27 10:59 - 00000000 ____D C:\WINDOWS\system32\Drivers\AVG
2013-10-07 17:49 - 2013-03-22 09:54 - 00000000 ____D C:\Documents and Settings\Jay\Application Data\Skype
2013-10-07 17:46 - 2004-06-18 20:01 - 00000000 ____D C:\Documents and Settings\Jay\Application Data\MailWasherPro
2013-10-07 17:19 - 2011-07-07 12:01 - 00000000 ____D C:\Documents and Settings\Jay\Application Data\TS3Client
2013-10-07 10:02 - 2012-06-23 07:43 - 00000829 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-07 10:02 - 2010-03-19 13:06 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-07 10:02 - 2010-03-19 13:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-07 09:59 - 2012-06-23 08:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-07 09:52 - 2013-03-22 09:53 - 00002265 ____C C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-10-07 08:57 - 2002-09-09 11:15 - 00012620 ____C C:\WINDOWS\system32\wpa.dbl
2013-10-07 08:54 - 2012-03-01 11:31 - 00046482 ____C C:\Documents and Settings\All Users\dleascan.log
2013-10-07 08:54 - 2002-09-09 03:39 - 00000159 ____C C:\WINDOWS\wiadebug.log
2013-10-07 08:54 - 2002-09-09 03:39 - 00000049 ____C C:\WINDOWS\wiaservc.log
2013-10-06 19:31 - 2013-09-18 11:11 - 00016438 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-06 19:31 - 2004-01-22 01:09 - 00000278 __SHC C:\Documents and Settings\Jay\ntuser.ini
2013-10-06 19:31 - 2004-01-22 01:09 - 00000000 ____D C:\Documents and Settings\Jay
2013-10-06 15:16 - 2013-10-06 15:16 - 99477982 _____ C:\WINDOWS\system32\♧叵嗔7
2013-10-02 11:23 - 2012-01-18 13:17 - 00000000 ____D C:\WINDOWS\system32\cache
2013-10-02 11:23 - 2011-12-12 13:11 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-10-02 11:22 - 2012-11-13 12:24 - 00037664 ____C (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-10-02 10:36 - 2012-12-30 11:54 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-10-02 10:35 - 2003-01-01 06:49 - 00000000 ____D C:\WINDOWS\Registration
2013-10-02 10:28 - 2011-07-07 12:00 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-09-30 09:00 - 2013-09-30 09:00 - 98499637 _____ C:\WINDOWS\system32\姛꟢嗔7
2013-09-26 14:20 - 2013-03-22 09:53 - 00000000 ___RD C:\Program Files\Skype
2013-09-22 16:37 - 2013-09-22 16:37 - 98597466 _____ C:\WINDOWS\system32\屨嗔7
2013-09-18 10:50 - 2013-09-18 10:50 - 00000060 _____ C:\WINDOWS\setupact.log
2013-09-18 10:50 - 2013-09-18 10:50 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-09-18 10:49 - 2010-03-08 19:04 - 00000000 ____D C:\WINDOWS\Minidump

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Link to post
Share on other sites

Seems like it's already installed and needs a reboot to finish it up.

I see you have AVG and Avira running on the computer, this is not good!!
You should only have one anti-virus installed and running.

You could uninstall Avira, that would stop it, seems like it may be a legitimate update though.

Just a note:
Your running XP and it's not that easy to fix incase it doesn't boot back up.

Let me know what you want to do....MrC

Link to post
Share on other sites

Ok, I just removed Avira, then went back to task manager and this time it let me remove it. I rebooted and it came up ok, WHEWWWW

 

I also removed Avira from my main computer (this one), and rebooted again, it also came up ok!!

 

I cant begin to thank you for your time and all you help with this, I know it's been a loooooong day :-)

 

Hopefully when I start them up in the morning all is normal....thanks again you are the best

 

BTW, its definatly not a 'legitimate' update, I Googled it and this has been going on for a few years with Avira. You would think by now they would have fixed it

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.