rampantfox83 Posted November 11, 2014 ID:906570 Share Posted November 11, 2014 I'm afraid I too must join those that are having an issue with this piece of malware. I ran the malwarebytes anti-malware scanner and it removed several issues but the COM Surrogate dllhost.exe*32 issue still remains. Any help that can be provided will be extremely helpful! Thanks, Brian Addition.txtFRST.txt Link to post Share on other sites More sharing options...
rampantfox83 Posted November 12, 2014 Author ID:906747 Share Posted November 12, 2014 Here is the malwarebytes anti-malware scan Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 11/11/2014Scan Time: 3:46:02 PMLogfile: malwarebytes.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.11.11.08Rootkit Database: v2014.11.11.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Swintal Scan Type: Threat ScanResult: CompletedObjects Scanned: 428473Time Elapsed: 20 min, 45 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 33PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], Registry Values: 2PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [394bb684f488b383c8367b3b8d758080], Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 3Trojan.Ransom.ED, C:\Users\Swintal\AppData\Local\Temp\2A9C.tmp, Quarantined, [404476c47b015cdab8b442a036cb8080], Trojan.Agent, C:\Users\Swintal\AppData\Local\Temp\FlyTampa_Libraries_FSX_P3D.exe, Quarantined, [8bf998a2413bd363f57b8bd7f0103ac6], Trojan.Ransom.ED, C:\Users\Swintal\AppData\Local\Temp\2B47.tmp, Quarantined, [800484b6c5b7d660de8ea939738e867a], Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
rampantfox83 Posted November 12, 2014 Author ID:906749 Share Posted November 12, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014Ran by Swintal (administrator) on SWINTAL-PC on 11-11-2014 21:37:28Running from C:\Users\Swintal\DesktopLoaded Profile: Swintal (Available profiles: Swintal & Brian)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Windows\System32\msiexec.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe(Microsoft Corporation) C:\Windows\System32\wbengine.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe(Google Inc.) C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe(PI Engineering) C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Navigraph) C:\Program Files (x86)\Navigraph\FMS Data Manager\NGFMSAgent.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Apple Inc.) E:\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Windows\System32\vds.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Navigraph FMS Data Manager] => C:\Program Files (x86)\Navigraph\FMS Data Manager\NGFMSAgent.exe [1006576 2014-06-03] (Navigraph)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => E:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [Google Update] => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-10] (Google Inc.)HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [Google+ Auto Backup] => C:\Users\Swintal\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)Startup: C:\Users\Swintal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MacroWorks 3.1.lnkShortcutTarget: MacroWorks 3.1.lnk -> C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe (PI Engineering)ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieHKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searSearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cabDPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://blueconnect.jetblue.com/dana-cached/sc/JuniperSetupClient.cabHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-4134620719-2527629264-1752102789-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-4134620719-2527629264-1752102789-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR HomePage: Default -> hxxp://www.google.comCHR StartupUrls: Default -> "hxxp://www.google.com"CHR Profile: C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13]CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-07-18]CHR Extension: (iCloud Bookmarks) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-10-03]CHR Extension: (Hide My Ass) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjonpeiaiacbgfgemlchebljmfgjnmh [2014-07-18]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]CHR Extension: (WeatherBug) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-07-18]CHR Extension: (Google Wallet) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) [File not signed]R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-08-18] (ESET)R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-08-18] (ESET)R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-08-18] (ESET)R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-18] (ESET)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)R3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [326784 2006-07-27] (Saitek)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 21:37 - 2014-11-11 21:37 - 00019905 _____ () C:\Users\Swintal\Desktop\FRST.txt2014-11-11 21:07 - 2014-11-11 21:07 - 00292944 _____ () C:\Windows\Minidump\111114-30482-01.dmp2014-11-11 16:20 - 2014-11-11 21:37 - 00000000 ____D () C:\FRST2014-11-11 16:15 - 2014-11-11 16:16 - 00292784 _____ () C:\Windows\Minidump\111114-55255-01.dmp2014-11-11 15:42 - 2014-11-11 15:42 - 00292944 _____ () C:\Windows\Minidump\111114-28922-01.dmp2014-11-11 15:36 - 2014-11-11 15:36 - 02116096 _____ (Farbar) C:\Users\Swintal\Desktop\FRST64.exe2014-11-11 15:25 - 2014-11-11 21:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-11 15:24 - 2014-11-11 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-11-11 15:24 - 2014-11-11 21:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-11 15:24 - 2014-11-11 15:24 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Swintal\Downloads\mbam-setup-2.0.3.1025.exe2014-11-11 15:24 - 2014-11-11 15:24 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-11-11 15:24 - 2014-11-11 15:24 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-11-11 15:24 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-11-11 15:24 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-11-11 15:24 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-11-11 15:07 - 2014-11-11 15:08 - 122472704 _____ (Microsoft Corporation) C:\Users\Swintal\Downloads\msert.exe2014-11-11 14:51 - 2014-10-03 14:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys2014-11-11 14:51 - 2014-10-03 14:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll2014-11-11 13:41 - 2014-11-11 13:41 - 00292968 _____ () C:\Windows\Minidump\111114-28407-01.dmp2014-11-11 13:34 - 2014-11-11 13:34 - 00000000 __SHD () C:\found.0032014-11-11 13:07 - 2014-11-11 13:07 - 00000268 _____ () C:\Users\Swintal\DECRYPT_INSTRUCTION.URL2014-11-11 13:00 - 2014-11-11 13:00 - 00000268 _____ () C:\Users\Swintal\Downloads\DECRYPT_INSTRUCTION.URL2014-11-11 12:41 - 2014-11-11 12:41 - 00000268 _____ () C:\Users\Swintal\Documents\DECRYPT_INSTRUCTION.URL2014-11-11 12:39 - 2014-11-11 12:39 - 00000268 _____ () C:\Users\Swintal\AppData\Roaming\DECRYPT_INSTRUCTION.URL2014-11-11 12:39 - 2014-11-11 12:39 - 00000268 _____ () C:\Users\Swintal\AppData\DECRYPT_INSTRUCTION.URL2014-11-11 12:38 - 2014-11-11 12:38 - 00000268 _____ () C:\Users\Swintal\AppData\Local\DECRYPT_INSTRUCTION.URL2014-11-11 12:36 - 2014-11-11 12:36 - 00000268 _____ () C:\Users\Swintal\AppData\Local\Apps\DECRYPT_INSTRUCTION.URL2014-11-11 12:35 - 2014-11-11 12:35 - 00000268 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.URL2014-11-11 12:35 - 2014-11-11 12:35 - 00000268 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL2014-11-11 12:34 - 2014-11-11 12:34 - 00000268 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL2014-11-11 12:09 - 2014-11-11 14:47 - 00000000 ___HD () C:\84c4f782014-11-11 11:33 - 2014-11-11 21:19 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Blue2014-11-11 11:33 - 2014-11-11 11:33 - 00003065 _____ () C:\Users\Swintal\Desktop\bluCARS.lnk2014-11-11 08:24 - 2014-11-11 08:24 - 00292968 _____ () C:\Windows\Minidump\111114-26566-01.dmp2014-11-11 07:56 - 2014-11-11 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FS2Crew20122014-11-11 07:56 - 2014-11-11 21:19 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\RAASPRO2014-11-09 20:19 - 2014-11-09 20:19 - 00039296 _____ () C:\Users\Swintal\Downloads\lizzys-support-materials.zip2014-11-09 14:07 - 2014-11-11 12:09 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage2014-11-09 11:40 - 2014-11-09 11:40 - 00262144 _____ () C:\Windows\Minidump\110914-52541-01.dmp2014-11-07 17:50 - 2014-11-07 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-11-07 17:49 - 2014-11-07 17:49 - 00001452 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\Program Files\iTunes2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\Program Files\iPod2014-11-07 11:00 - 2014-11-07 11:00 - 00000222 _____ () C:\Users\Swintal\Desktop\Ultimate General Gettysburg.url2014-11-07 10:31 - 2014-11-07 10:43 - 3016997751 _____ (DarthMod Productions) C:\Users\Swintal\Downloads\DarthModEmpirev80Platinuma.exe2014-11-05 10:16 - 2014-11-11 12:34 - 00000000 ____D () C:\ProgramData\Stardock2014-11-05 10:16 - 2014-11-05 10:16 - 00000000 ____D () C:\Users\Swintal\Documents\My Games2014-11-05 10:15 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll2014-11-05 10:15 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll2014-11-05 10:15 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll2014-11-05 10:15 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll2014-11-05 10:15 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll2014-11-05 10:15 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll2014-11-05 10:12 - 2014-11-11 12:54 - 00000000 ____D () C:\Users\Swintal\Downloads\PoliticalMachine20122014-11-05 10:12 - 2014-11-05 10:12 - 00001089 _____ () C:\Users\Swintal\Desktop\Cheat Engine.lnk2014-11-05 10:12 - 2014-11-05 10:12 - 00000000 ____D () C:\Users\Swintal\Documents\My Cheat Tables2014-11-05 10:12 - 2014-11-05 10:12 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.42014-11-05 10:11 - 2014-11-05 10:11 - 09052192 _____ (Cheat Engine ) C:\Users\Swintal\Downloads\CheatEngine64.exe2014-11-05 10:10 - 2014-11-05 10:10 - 02527824 _____ () C:\Users\Swintal\Downloads\PoliticalMachine2012.rar2014-11-05 10:08 - 2014-11-05 10:08 - 00000222 _____ () C:\Users\Swintal\Desktop\The Political Machine 2012.url2014-11-05 08:17 - 2014-11-11 12:51 - 00000000 ____D () C:\Users\Swintal\Downloads\FSXP3D_WorldNavaids2014-11-05 08:16 - 2014-11-05 08:16 - 08906528 _____ () C:\Users\Swintal\Downloads\FSXP3D_WorldNavaids.zip2014-11-05 06:32 - 2014-11-11 12:41 - 00000000 ____D () C:\Users\Swintal\Downloads\AS_Airport-Enhancement-Services_V2372014-11-04 16:54 - 2014-11-04 16:54 - 00292960 _____ () C:\Windows\Minidump\110414-20139-01.dmp2014-11-04 11:47 - 2014-11-04 11:48 - 79920816 _____ () C:\Users\Swintal\Downloads\AS_Airport-Enhancement-Services_V237.zip2014-11-02 07:48 - 2014-11-02 07:48 - 00001417 _____ () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-11-02 07:48 - 2014-11-02 07:48 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Adobe2014-11-02 07:47 - 2014-11-09 11:36 - 00000000 ____D () C:\Users\Brian\AppData\Local\NVIDIA Corporation2014-11-02 07:47 - 2014-11-02 07:48 - 00000000 ____D () C:\Users\Brian\AppData\Local\Google2014-11-02 07:47 - 2014-11-02 07:48 - 00000000 ____D () C:\Users\Brian2014-11-02 07:47 - 2014-11-02 07:47 - 00000020 ___SH () C:\Users\Brian\ntuser.ini2014-11-02 07:47 - 2014-11-02 07:47 - 00000000 ____D () C:\Users\Brian\AppData\Local\VirtualStore2014-11-02 07:47 - 2014-11-02 07:47 - 00000000 ____D () C:\Users\Brian\AppData\Local\NVIDIA2014-11-02 07:47 - 2014-04-10 05:12 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Garmin2014-11-02 07:47 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-11-02 07:47 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-11-01 19:56 - 2014-11-01 19:56 - 00292960 _____ () C:\Windows\Minidump\110114-24492-01.dmp2014-11-01 17:39 - 2014-11-11 12:42 - 00000000 ____D () C:\Users\Swintal\Downloads\AS_MEGA-AIRPORT-LONDON-HEATHROW-XTENDED_FSX2014-11-01 17:12 - 2014-11-01 17:32 - 58954784 _____ () C:\Users\Swintal\Downloads\AS_MEGA-AIRPORT-LONDON-HEATHROW-XTENDED_FSX.zip2014-11-01 16:33 - 2014-11-01 16:34 - 222931074 _____ () C:\Users\Swintal\Downloads\FlyTampa_Athens_FSX_P3D_12.exe2014-11-01 14:50 - 2014-11-01 14:50 - 00292960 _____ () C:\Windows\Minidump\110114-36644-01.dmp2014-11-01 10:47 - 2014-11-11 12:38 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Hifi2014-11-01 10:47 - 2014-11-01 10:47 - 00001112 _____ () C:\Users\Swintal\Desktop\Active Sky Next for FSX SP1B.lnk2014-11-01 10:47 - 2014-11-01 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiFi2014-11-01 10:47 - 2014-11-01 10:47 - 00000000 ____D () C:\Program Files (x86)\HiFi2014-11-01 08:49 - 2014-11-01 08:50 - 00000000 ____D () C:\Program Files (x86)\QuickTime2014-11-01 08:49 - 2014-11-01 08:49 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-11-01 08:49 - 2014-11-01 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-10-26 14:52 - 2014-10-26 14:59 - 159554687 _____ () C:\Users\Swintal\Downloads\EJets_FSX_v16.exe2014-10-26 09:21 - 2014-10-26 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\United Virtual Airlines2014-10-26 09:21 - 2014-10-26 09:21 - 00000000 ____D () C:\Program Files (x86)\United Virtual Airlines2014-10-26 09:19 - 2014-10-26 09:20 - 31212496 _____ () C:\Users\Swintal\Downloads\acars_v3.3.15B.zip2014-10-26 08:38 - 2014-10-26 08:38 - 00292960 _____ () C:\Windows\Minidump\102614-19359-01.dmp2014-10-25 16:42 - 2014-10-25 16:42 - 00292968 _____ () C:\Windows\Minidump\102514-23150-01.dmp2014-10-25 10:06 - 2014-10-25 10:06 - 00000000 __SHD () C:\found.0022014-10-25 09:06 - 2014-11-11 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\ESET2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\Users\Swintal\AppData\Local\ESET2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\ProgramData\ESET2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\Program Files\ESET2014-10-25 09:00 - 2014-10-25 09:00 - 01661128 _____ (ESET) C:\Users\Swintal\Downloads\eset_smart_security_live_installer.exe2014-10-25 08:28 - 2014-10-25 08:28 - 03834608 _____ (Catalina Marketing Corp) C:\Users\Swintal\Downloads\CatalinaSavingsPrinter.exe2014-10-25 08:23 - 2014-10-25 08:23 - 00292936 _____ () C:\Windows\Minidump\102514-31715-01.dmp2014-10-21 08:07 - 2014-10-21 08:07 - 00292920 _____ () C:\Windows\Minidump\102114-18330-01.dmp2014-10-17 02:01 - 2014-10-17 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET2014-10-16 18:55 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-16 18:55 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-16 18:55 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-16 18:55 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-16 18:55 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-10-16 18:55 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-16 18:55 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-16 18:55 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-16 18:55 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-16 18:55 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-16 18:55 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-16 18:55 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-16 18:55 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-16 18:55 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-16 18:55 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-16 18:55 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-16 18:55 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-16 18:55 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-16 18:55 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-16 18:55 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-16 18:55 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-16 18:55 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-16 18:55 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-16 18:55 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-16 18:55 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-16 18:55 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-16 18:55 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-16 18:55 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-16 18:55 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-16 18:55 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-16 18:55 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-16 18:55 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-16 18:55 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-16 18:55 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-16 18:55 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-16 18:55 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-16 18:55 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-10-16 18:55 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-10-16 18:55 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-16 18:55 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-10-16 18:55 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-16 18:55 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-16 18:55 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-16 18:55 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-10-16 18:55 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-16 18:55 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-16 18:55 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-10-16 18:55 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-16 18:55 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-16 18:55 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-16 18:55 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-16 18:55 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-16 18:55 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-10-16 18:55 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-16 18:55 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-10-16 18:55 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-16 18:55 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-16 18:55 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-16 18:55 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-16 18:55 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL2014-10-16 18:55 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL2014-10-16 18:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL2014-10-16 18:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL2014-10-16 18:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL2014-10-16 18:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL2014-10-16 18:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL2014-10-16 18:55 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls2014-10-16 18:55 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls2014-10-16 18:55 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-16 18:55 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-16 18:55 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-16 18:55 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-16 18:55 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-16 18:55 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-16 18:52 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-16 18:52 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-16 18:52 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-16 18:52 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-16 18:52 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-16 18:52 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-16 18:52 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-16 18:52 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-16 18:52 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-10-16 18:52 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-16 18:52 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-16 18:52 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-16 18:52 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-16 18:52 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-16 18:52 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-16 18:52 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-16 18:52 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-16 18:52 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-16 18:52 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-16 18:52 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-15 13:24 - 2014-10-15 13:26 - 25074304 _____ () C:\Users\Swintal\Downloads\United 319.zip2014-10-15 13:13 - 2014-10-15 13:13 - 00122208 _____ () C:\Users\Swintal\Downloads\Airbus_ECAMD2D.zip2014-10-15 13:11 - 2014-10-15 13:11 - 00134976 _____ () C:\Users\Swintal\Downloads\AB_ND_GDI.zip2014-10-15 13:03 - 2014-10-15 13:03 - 03873168 _____ () C:\Users\Swintal\Downloads\HF_AIRBUS31819_1_02c.zip2014-10-12 13:36 - 2014-10-12 13:36 - 00262144 _____ () C:\Windows\Minidump\101214-20841-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 21:33 - 2014-03-14 19:49 - 00004990 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Swintal-PC-Swintal Swintal-PC2014-11-11 21:32 - 2014-10-03 14:53 - 00000000 ___RD () C:\Users\Swintal\iCloudDrive2014-11-11 21:31 - 2014-03-01 12:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-11-11 21:31 - 2009-07-13 23:51 - 00120950 _____ () C:\Windows\setupact.log2014-11-11 21:30 - 2014-03-01 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA2014-11-11 21:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-11 21:24 - 2014-07-03 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navtech2014-11-11 21:24 - 2014-03-02 13:18 - 00000000 ____D () C:\ProgramData\Licenses2014-11-11 21:24 - 2014-03-01 19:40 - 00000000 ____D () C:\Microsoft Flight Simulator X2014-11-11 21:24 - 2014-03-01 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2014-11-11 21:24 - 2014-03-01 16:22 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-11-11 21:24 - 2014-03-01 16:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2014-11-11 21:19 - 2014-07-10 17:00 - 00000000 ____D () C:\Windows\SysWOW64\Macromed2014-11-11 21:19 - 2014-07-10 17:00 - 00000000 ____D () C:\Windows\system32\Macromed2014-11-11 21:19 - 2014-05-17 14:39 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-11-11 21:19 - 2014-03-16 13:14 - 00000000 ___RD () C:\Users\Swintal\Google Drive2014-11-11 21:19 - 2014-03-02 15:57 - 00000000 ____D () C:\Windows\Minidump2014-11-11 21:19 - 2014-03-02 13:18 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Virtuali2014-11-11 21:19 - 2014-03-01 12:28 - 00000000 ____D () C:\Users\Swintal2014-11-11 21:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration2014-11-11 21:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-11-11 21:16 - 2014-08-10 14:33 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA.job2014-11-11 21:13 - 2014-03-01 15:15 - 01648133 _____ () C:\Windows\WindowsUpdate.log2014-11-11 21:13 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-11 21:13 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-11 21:07 - 2014-03-02 15:57 - 1095844079 _____ () C:\Windows\MEMORY.DMP2014-11-11 17:05 - 2014-07-10 17:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-11 16:58 - 2014-03-01 12:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-11 16:15 - 2010-11-20 22:47 - 00099780 _____ () C:\Windows\PFRO.log2014-11-11 15:05 - 2014-07-10 17:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-11-11 15:05 - 2014-07-10 17:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-11-11 15:05 - 2014-07-10 17:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-11-11 14:56 - 2014-06-07 15:03 - 00000000 ____D () C:\Users\Public\Documents\PFPX Data2014-11-11 14:56 - 2014-03-02 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft2014-11-11 14:56 - 2014-03-01 12:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-11-11 13:19 - 2014-03-02 13:18 - 00000000 ____D () C:\ProgramData\TEMP2014-11-11 13:18 - 2014-03-01 20:09 - 00000000 ____D () C:\Users\Swintal\Documents\Flight Simulator X Files2014-11-11 13:00 - 2014-03-08 12:42 - 00000000 ____D () C:\Users\Swintal\Downloads\WOAi2014-11-11 12:54 - 2014-03-03 10:22 - 00000000 ____D () C:\Users\Swintal\Downloads\LUVCARS_4_Build_1_Beta_62014-11-11 12:41 - 2014-09-14 14:16 - 00000000 ____D () C:\Users\Swintal\Documents\Paradox Interactive2014-11-11 12:41 - 2014-06-30 18:01 - 00000000 ____D () C:\Users\Swintal\Documents\RCT32014-11-11 12:40 - 2014-09-29 18:55 - 00000000 ____D () C:\Users\Swintal\Desktop\Jake Photos2014-11-11 12:40 - 2014-08-16 13:04 - 00000000 ____D () C:\Users\Swintal\Documents\FS Flight Keeper2014-11-11 12:40 - 2014-05-11 15:32 - 00000000 ___SD () C:\Users\Swintal\Documents\My Data Sources2014-11-11 12:40 - 2014-03-15 11:44 - 00000000 ____D () C:\Users\Swintal\Documents\Garmin2014-11-11 12:40 - 2014-03-14 13:01 - 00000000 ____D () C:\Users\Swintal\Documents\Aerosoft2014-11-11 12:40 - 2014-03-07 16:55 - 00000000 ____D () C:\Users\Swintal\Documents\Andreas Folder2014-11-11 12:39 - 2014-10-04 11:39 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\NBSoftSolutions2014-11-11 12:39 - 2014-03-02 12:38 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\PMDG2014-11-11 12:38 - 2014-09-27 06:31 - 00000000 ____D () C:\Users\Swintal\AppData\Local\PI Engineering2014-11-11 12:38 - 2014-06-30 18:01 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Atari2014-11-11 12:38 - 2014-06-20 16:15 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Juniper Networks2014-11-11 12:38 - 2014-05-16 07:45 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Origin2014-11-11 12:38 - 2014-04-05 18:19 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Apple Computer2014-11-11 12:38 - 2014-03-15 11:38 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Garmin2014-11-11 12:37 - 2014-03-16 09:43 - 00000000 ____D () C:\Users\Swintal\AppData\Local\HP2014-11-11 12:37 - 2014-03-01 12:59 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Google2014-11-11 12:36 - 2014-03-02 16:42 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Apps\2.02014-11-11 12:35 - 2014-10-03 14:52 - 00000000 ____D () C:\Users\Swintal\AppData\Local\AAC7AD0A-50D1-41BC-A353-7B7B50729544.aplzod2014-11-11 12:35 - 2014-04-05 18:19 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Apple Computer2014-11-11 12:34 - 2014-05-16 07:42 - 00000000 ____D () C:\ProgramData\Origin2014-11-11 12:34 - 2014-03-15 11:42 - 00000000 ____D () C:\ProgramData\Garmin2014-11-11 10:16 - 2014-08-10 14:33 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core.job2014-11-11 08:01 - 2014-03-02 12:38 - 00116616 _____ () C:\Users\Swintal\AppData\Local\GDIPFONTCACHEV1.DAT2014-11-11 07:59 - 2009-07-13 23:45 - 00448104 _____ () C:\Windows\system32\FNTCACHE.DAT2014-11-11 07:57 - 2014-03-01 19:17 - 00729172 _____ () C:\Windows\DirectX.log2014-11-09 20:19 - 2014-03-02 13:08 - 00002010 _____ () C:\Users\Swintal\AppData\Roaming\mainhst.zgh2014-11-09 17:26 - 2014-07-03 17:20 - 00002609 _____ () C:\Users\Public\Desktop\Navtech PBS.lnk2014-11-08 13:44 - 2014-06-30 16:00 - 00000000 ____D () C:\Program Files (x86)\Steam2014-11-08 08:30 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-07 17:49 - 2014-10-03 14:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-11-07 17:49 - 2014-04-05 18:18 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-11-06 12:06 - 2014-09-01 15:44 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll2014-11-06 12:06 - 2014-09-01 15:44 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2014-11-06 12:06 - 2014-03-01 16:24 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll2014-11-06 12:06 - 2014-03-01 16:24 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll2014-11-05 12:48 - 2014-05-18 08:27 - 00000000 ____D () C:\ProgramData\ACARS2014-11-05 11:00 - 2014-03-16 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2014-11-04 15:40 - 2014-03-01 18:40 - 00000000 ____D () C:\Windows\system32\MRT2014-11-01 17:05 - 2014-06-07 15:06 - 00000777 _____ () C:\Users\Public\Desktop\Aerosoft Launcher.lnk2014-11-01 16:54 - 2014-08-16 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK2000 Scenery2014-11-01 13:07 - 2014-03-02 12:28 - 00014352 _____ () C:\Users\Swintal\Downloads\Activation Code Workbook.xlsx2014-10-28 09:00 - 2014-03-01 13:00 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-28 08:14 - 2009-07-14 00:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-10-28 05:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-10-26 09:21 - 2014-05-18 08:27 - 00002041 _____ () C:\Users\Public\Desktop\UVACARS.lnk2014-10-25 09:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-10-25 07:53 - 2014-03-03 09:26 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-10-19 08:53 - 2014-03-01 12:59 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-10-19 08:53 - 2014-03-01 12:59 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-10-18 09:11 - 2014-08-10 14:33 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA2014-10-18 09:11 - 2014-08-10 14:33 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core2014-10-17 03:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache Files to move or delete:====================C:\Users\Swintal\FlightBeam_Denver International - HD.regC:\Users\Swintal\FlightBeam_Washington Dulles Intl - HD.regC:\Users\Swintal\FSDreamTeam_JFK.regC:\Users\Swintal\FSDreamTeam_KIAH.regC:\Users\Swintal\FSDreamTeam_Los Angeles V2.regC:\Users\Swintal\QualityWings_Ultimate 757 Collection.reg Some content of TEMP:====================C:\Users\Swintal\AppData\Local\Temp\Couponscom.exeC:\Users\Swintal\AppData\Local\Temp\dsHostCheckerSetup.exeC:\Users\Swintal\AppData\Local\Temp\InstHelper.exeC:\Users\Swintal\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Swintal\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exeC:\Users\Swintal\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Swintal\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exeC:\Users\Swintal\AppData\Local\Temp\nvSCPAPI.dllC:\Users\Swintal\AppData\Local\Temp\nvSCPAPI64.dllC:\Users\Swintal\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 12:09 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
rampantfox83 Posted November 12, 2014 Author ID:906750 Share Posted November 12, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014Ran by Swintal at 2014-11-11 21:38:57Running from C:\Users\Swintal\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) A2A C172 Trainer for FSX (HKLM-x32\...\A2A C172 Trainer for FSX) (Version: - )ACARS - 1 (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\2acd65cafe4fafc9) (Version: 2.21.0.22 - United Virtual Airlines)ACARS (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\ca11877970cf2b3f) (Version: 2.0.0.48 - United Virtual Airlines)Active Sky Next for FSX SP1B (HKLM-x32\...\{F1AE1E08-5094-46AD-AA4D-670C482723B2}_is1) (Version: 1.0.5410.16208 - HiFi Technologies, Inc.)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)Aerosoft's - Airbus A318-A319 - FSX (HKLM-x32\...\Airbus A318-A319 - FSX) (Version: 1.10 - Aerosoft)Aerosoft's - Airbus A320-A321 - FSX (HKLM-x32\...\Airbus A320-A321 - FSX) (Version: 1.00 - Aerosoft)Aerosoft's - Anchorage X - FSX (HKLM-x32\...\Anchorage X - FSX) (Version: - )Aerosoft's - Mega Airport Dublin - FSX (HKLM-x32\...\Mega Airport Dublin - FSX) (Version: 1.10 - Aerosoft)Aerosoft's - Mega Airport Duesseldorf - FSX (HKLM-x32\...\Mega Airport Duesseldorf - FSX) (Version: - )aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.04 - aerosoft)Aerosoft's - Mega Airport London Heathrow Xtended - FSX (HKLM-x32\...\Mega Airport London Heathrow Xtended - FSX) (Version: 1.00 - Aerosoft)ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) HiddenApple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASConnect for FSX Installer (HKLM-x32\...\{7E1270D4-42C4-49A4-9EC4-3300D2E47331}_is1) (Version: 1.0.5410.16224 - HiFi Technologies, Inc.)Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)B1900D HD SERIES FSX/P3D (HKLM-x32\...\B1900D HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)Black ICE 6.21r2945 (HKLM-x32\...\{015E0577-7D4A-456C-A435-DD9EE7E72589}_is1) (Version: 6.21r2945 - Panzeroo, Inc.)bluCARS (HKLM-x32\...\{BD892214-8231-4910-8DBB-F277EE572B15}) (Version: 1.0.1014 - FS Products)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenElevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) HiddenEmpire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)ESET Smart Security (HKLM\...\{C082CDB9-D173-4740-AE0E-C685E6F44850}) (Version: 8.0.304.0 - ESET, spol s r. o.)Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - )Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - )FlightBeam Denver FSX (HKLM-x32\...\FlightBeam Denver FSX_is1) (Version: 1.0 - FlightBeam.)FlightBeam San Francisco International FSX (HKLM-x32\...\FlightBeam San Francisco International FSX_is1) (Version: 2.1 - FlightBeam.)FlightBeam Washington Dulles FSX (HKLM-x32\...\FlightBeam Washington Dulles FSX_is1) (Version: 1.2.3 - FlightBeam.)FS Flight Keeper (HKLM-x32\...\{B7057895-A93D-44D6-B87A-D3C1FCF28E01}) (Version: 3.5.1 - Thomas Molitor & Aerosoft GmbH)FSDreamTeam Hawaiian Airports Volume 2 FSX (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 2 FSX_is1) (Version: 1.5.1 - VIRTUALI Sagl)FSDreamTeam Honolulu International FSX (HKLM-x32\...\FSDreamTeam Honolulu International FSX_is1) (Version: 1.4 - VIRTUALI s.a.s.)FSDreamTeam Houston Intercontinental Airport FSX (HKLM-x32\...\FSDreamTeam Houston Intercontinental Airport FSX_is1) (Version: 1.0.2 - VIRTUALI Sagl)FSDreamTeam KJFK FSX (HKLM-x32\...\FSDreamTeam KJFK FSX_is1) (Version: 1.3 - VIRTUALI s.a.s.)FSDreamTeam Las Vegas McCarran FSX (HKLM-x32\...\FSDreamTeam Las Vegas McCarran FSX_is1) (Version: 1.3 - VIRTUALI s.a.s.)FSDreamTeam Los Angeles International FSX (HKLM-x32\...\FSDreamTeam Los Angeles International FSX_is1) (Version: 1.5 - VIRTUALI s.a.s.)FSDreamTeam OHareX FSX (HKLM-x32\...\FSDreamTeam OHareX FSX_is1) (Version: 2.3 - VIRTUALI s.a.s.)FSFDT FSCopilot (HKLM-x32\...\FSFDT FSCopilot) (Version: - )FSFDT FSInn (HKLM-x32\...\FSFDT FSInn) (Version: - )Galeao Intl Airport FSX Prepar3d 2.1 (HKLM-x32\...\sbgl2012fsx) (Version: 2.1 - TropicalSim)Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) HiddenGarmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) HiddenGarmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)Globe Cargo PIREP (HKLM-x32\...\{93E6FA87-33AD-429C-BE11-F947250FE3BA}) (Version: 3.0.1 - Globe Cargo Virtual Airlines)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) HiddenGoogle+ Auto Backup (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)Hearts of Iron III (HKLM-x32\...\Steam App 25890) (Version: - Paradox Development Studio)HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)Juniper Networks Host Checker (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Neoteris_Host_Checker) (Version: 7.1.0.20169 - Juniper Networks)Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Juniper_Setup_Client) (Version: 7.1.6.17115 - Juniper Networks, Inc.)MacroWorks 3.1 (HKLM-x32\...\MacroWorks 3.1) (Version: - PI Engineering)Majestic MJC8Q400 Version 1.008 (HKLM-x32\...\MJC8Q400) (Version: - )Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)Navigraph FMS Data Manager 1.0.11.0603 (HKLM-x32\...\{7E4D5716-374A-4DB6-90CF-D2AEB67362CE}_is1) (Version: 1.0.11.0603 - Navigraph)Navtech PBS (HKLM-x32\...\{3582DCD8-F0DF-4B2A-808A-2A67BEFEAFA0}) (Version: 14.5.5 - Navtech Inc)NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) HiddenOrigin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenPhoto Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenPicasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.)PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.)PMDG 747-400/400F for FSX (HKLM-x32\...\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}) (Version: 2.10.0040 - Precision Manuals Development Group)PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6155 - PMDG Simulations, LLC.)PMDG 777-300ER Expansion (HKLM-x32\...\{E65EFDE6-0864-40BA-8DDF-E31F736D9000}) (Version: 1.10.6155 - PMDG Simulations, LLC.)PMDG744X_GE_LH (HKLM-x32\...\{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}) (Version: 1.00.0000 - Precision Manuals Development Group)PMDG744X_PW_UA2 (HKLM-x32\...\{2B5DDFFF-F347-489E-861D-98D02D00472D}) (Version: 1.10.0000 - Precision Manuals Development Group)PMDG744X_PW_UA3 (HKLM-x32\...\{EAB979F7-84A6-47B6-AB39-CA73A6EEAE69}) (Version: 1.00.0000 - Precision Manuals Development Group)Punta Cana X-Generation FSX v1.0 (HKLM-x32\...\tsimmdpcxx) (Version: - )QualityWings Ultimate 757 Collection FSX (HKLM-x32\...\QualityWings Ultimate 757 Collection FSX_is1) (Version: 1.3.2 - QualityWings)QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)RAAS Professional by FS2Crew (LOCKED) (HKLM-x32\...\RAAS Professional by FS2Crew (LOCKED)) (Version: - )Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)Rio Santos Dumont FSX P3D 1.1 (HKLM-x32\...\sbrjfsx) (Version: 1.1 - TropicalSim)RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version: - Frontier)SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) HiddenSimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)St Thomas TIST2010 2.0 (HKLM-x32\...\tist2010fsx) (Version: 2.0 - TropicalSim)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)The Political Machine 2012 (HKLM-x32\...\Steam App 211120) (Version: - Stardock Entertainment)Tocumen Intl', Panama City FSX 1.0 (HKLM-x32\...\tsimmptoxx) (Version: - )TOPCAT 2.74 Beta 1 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.74 Beta 1 - FSS GmbH)Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com)Ultimate General: Gettysburg (HKLM-x32\...\Steam App 306660) (Version: - Game-Labs)UVACARS (HKLM-x32\...\{8FA014EE-A721-428F-89F7-82F7B82D4386}) (Version: 3.3.15 - United Virtual Airlines)VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) HiddenVIRTUALI Addon ManagerX FSX (HKLM-x32\...\VIRTUALI Addon ManagerX FSX_is1) (Version: 2.9.0.23 - VIRTUALI Sagl)vroute.info (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\ea913c639d7ea423) (Version: 1.1.1.3 - vroute)Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)ZipGenius 6.3 (HKLM-x32\...\{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1) (Version: 6.3 - Wininizio.it Software) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 09-11-2014 22:24:34 Installed Navtech PBS11-11-2014 12:28:51 Windows Update11-11-2014 12:56:25 Installed DirectX11-11-2014 16:30:13 Removed bluCARS11-11-2014 16:32:59 Installed bluCARS11-11-2014 19:52:02 Installed DirectX11-11-2014 19:56:23 Removed Professional Flight Planner X12-11-2014 02:12:03 Restore Operation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1CFCAE88-C488-4548-AEA2-F7CCD8E91383} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.)Task: {1F1F653A-9A63-4693-A116-3801A0037465} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)Task: {1FC54D89-1B6C-4516-8C55-88DBB102F513} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)Task: {2FB88A66-255E-4A6A-A935-E740E57BAF93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-10] (Google Inc.)Task: {40AC2BF1-F61D-4558-B612-A4BA032B00C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)Task: {4BD843C3-CFEA-40A4-9AE5-9C55460199CA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)Task: {4F161FB8-515E-44F8-B090-EBA22AED117E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-10] (Google Inc.)Task: {668ACBED-DED4-49A0-BF68-DEA3DED3165A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)Task: {7496BE44-E7B5-4B6D-99ED-83342B76092D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)Task: {77877023-269F-4E8B-B766-EBB3BC7D4AD1} - System32\Tasks\HP AR Program Upload - b6f1b5de96b0434191ee7a5939bcdd2fed889e11d632473bb14d345dcf17970a => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)Task: {7DCE01C5-DA32-4944-9E28-BD300B1CE1CD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Swintal-PC-Swintal Swintal-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)Task: {81F4DB92-CFD7-4E7B-AE0E-F77A560732A9} - System32\Tasks\ASUS\i-Setup132150 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)Task: {84E00E03-EFA2-40C3-A897-3B5ED119201A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)Task: {8BFD38ED-AEEE-4BF9-A623-86D53F843A53} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)Task: {AE001CD3-A7A1-42E3-9B33-B152E1D23274} - System32\Tasks\ASUS\i-Setup132035 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)Task: {C9CA414C-B003-452A-9D78-C78A251B18E7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)Task: {DB2AFA52-A0DE-4770-BDEA-1CE2AE2C6C30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {F71B3540-246F-452A-B331-044D7D4C5D0D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)Task: {FA4859D3-569B-462F-90CE-053288C3DEC7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()Task: {FFAE2AEB-409D-4600-A1EA-B0633B5EC4FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core.job => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA.job => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-01 12:32 - 2012-10-29 02:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe2014-03-01 16:22 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-03-03 09:26 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2014-10-25 07:48 - 2014-09-09 09:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll2014-09-26 11:31 - 2014-09-26 11:31 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream64.dll2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-03-01 12:32 - 2014-11-11 21:30 - 00031232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll2014-03-01 12:32 - 2012-05-07 11:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll2014-10-25 07:48 - 2014-09-09 08:12 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll2012-09-24 08:24 - 2012-09-24 08:24 - 00020480 _____ () C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\Interfaces.dll2014-03-02 14:28 - 2013-12-08 20:23 - 00732160 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\libGLESv2.dll2014-03-02 14:28 - 2013-12-08 20:32 - 00854016 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\platforms\qwindows.dll2014-03-02 14:28 - 2013-12-08 20:23 - 00047104 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\libEGL.dll2014-03-02 14:28 - 2013-12-08 20:31 - 00021504 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\imageformats\qico.dll2014-10-28 09:00 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-28 09:00 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-10-28 09:00 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-28 09:00 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\Windows\mod_frst.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:00934A10AlternateDataStreams: C:\ProgramData\TEMP:74603393 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-4134620719-2527629264-1752102789-500 - Administrator - Disabled)Brian (S-1-5-21-4134620719-2527629264-1752102789-1004 - Limited - Enabled) => C:\Users\BrianGuest (S-1-5-21-4134620719-2527629264-1752102789-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-4134620719-2527629264-1752102789-1003 - Limited - Enabled)Swintal (S-1-5-21-4134620719-2527629264-1752102789-1000 - Administrator - Enabled) => C:\Users\Swintal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/11/2014 09:35:56 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=38.0.2125.111;lang=;guid=1E499807DE364B569E83CEEACDEA246E;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\7d62fd68-5e25-4b57-9e2b-329ba36424f1.dmp Error: (11/11/2014 09:33:02 PM) (Source: System Restore) (EventID: 8210) (User: )Description: An unspecified error occurred during System Restore: (Installed Navtech PBS). Additional information: 0x80070005. Error: (11/11/2014 09:32:13 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2014 09:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1Faulting module name: HPWia2_EN4500.dll, version: 30.0.411.0, time stamp: 0x505b7712Exception code: 0x40000015Fault offset: 0x00000000000324adFaulting process id: 0x44cFaulting application start time: 0xsvchost.exe_stisvc0Faulting application path: svchost.exe_stisvc1Faulting module path: svchost.exe_stisvc2Report Id: svchost.exe_stisvc3 Error: (11/11/2014 09:08:40 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2014 04:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7Faulting module name: Flash32_15_0_0_223.ocx, version: 15.0.0.223, time stamp: 0x544ecba4Exception code: 0xc0000005Fault offset: 0x005e96c7Faulting process id: 0x1f28Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (11/11/2014 04:21:14 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000005Fault offset: 0x000379edFaulting process id: 0x73cFaulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (11/11/2014 04:17:52 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2014 04:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1Faulting module name: HPWia2_EN4500.dll, version: 30.0.411.0, time stamp: 0x505b7712Exception code: 0x40000015Fault offset: 0x00000000000324adFaulting process id: 0x538Faulting application start time: 0xsvchost.exe_stisvc0Faulting application path: svchost.exe_stisvc1Faulting module path: svchost.exe_stisvc2Report Id: svchost.exe_stisvc3 Error: (11/11/2014 04:10:10 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (11/11/2014 09:33:35 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/11/2014 09:32:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s). Error: (11/11/2014 09:31:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Garmin Core Update Service service failed to start due to the following error: %%1053 Error: (11/11/2014 09:31:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect. Error: (11/11/2014 09:09:54 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/11/2014 09:08:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The IPsec Policy Agent service failed to start due to the following error: %%1053 Error: (11/11/2014 09:08:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect. Error: (11/11/2014 09:07:13 PM) (Source: BugCheck) (EventID: 1001) (User: )Description: 0x00000024 (0x00000000001904fb, 0xfffff880033385e8, 0xfffff88003337e40, 0xfffff80002eb8c50)C:\Windows\MEMORY.DMP111114-30482-01 Error: (11/11/2014 09:07:13 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 5:30:10 PM on 11/11/2014 was unexpected. Error: (11/11/2014 04:20:44 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Microsoft Office Sessions:=========================Error: (11/11/2014 09:35:56 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=38.0.2125.111;lang=;guid=1E499807DE364B569E83CEEACDEA246E;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\7d62fd68-5e25-4b57-9e2b-329ba36424f1.dmp Error: (11/11/2014 09:33:02 PM) (Source: System Restore) (EventID: 8210) (User: )Description: Installed Navtech PBS0x80070005 Error: (11/11/2014 09:32:13 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2014 09:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1HPWia2_EN4500.dll30.0.411.0505b77124000001500000000000324ad44c01cffe20ca755d39C:\Windows\system32\svchost.exeC:\Windows\system32\HPWia2_EN4500.dll139dab8c-6a14-11e4-af9d-ac220b2a544f Error: (11/11/2014 09:08:40 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2014 04:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe11.0.9600.173444a5bc6b7Flash32_15_0_0_223.ocx15.0.0.223544ecba4c0000005005e96c71f2801cffdf6c5f923c7C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_223.ocx141502f9-69eb-11e4-b41e-ac220b2a544f Error: (11/11/2014 04:21:14 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe11.0.9600.173444a5bc6b7ntdll.dll6.1.7601.18247521ea8e7c0000005000379ed73c01cffdf55f40e0d4C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dllaa530802-69e8-11e4-b41e-ac220b2a544f Error: (11/11/2014 04:17:52 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/11/2014 04:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1HPWia2_EN4500.dll30.0.411.0505b77124000001500000000000324ad53801cffdf4e146e30dC:\Windows\system32\svchost.exeC:\Windows\system32\HPWia2_EN4500.dll2ca5b8e0-69e8-11e4-b41e-ac220b2a544f Error: (11/11/2014 04:10:10 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel® Core i7-4771 CPU @ 3.50GHzPercentage of memory in use: 22%Total physical RAM: 16322.27 MBAvailable physical RAM: 12717.07 MBTotal Pagefile: 32642.72 MBAvailable Pagefile: 28962.79 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:721.61 GB) NTFSDrive e: (Second Drive) (Fixed) (Total:931.51 GB) (Free:844.12 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ACBBF63B)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 76A56381)Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
rampantfox83 Posted November 12, 2014 Author ID:906754 Share Posted November 12, 2014 RogueKiller V10.0.5.0 (x64) [Nov 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Swintal [Administrator]Mode : Scan -- Date : 11/11/2014 21:54:42 ¤¤¤ Processes : 2 ¤¤¤[Proc.Injected] ekrn.exe -- [x] -> Killed [DrvNtTerm][Proc.Injected] dllhost.exe -- [x] -> Killed [TermProc] ¤¤¤ Registry : 15 ¤¤¤[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Swintal\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart -> Found[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Swintal\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46F98522-0B7E-4616-8783-34B23EF7FE3A} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{46F98522-0B7E-4616-8783-34B23EF7FE3A} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{46F98522-0B7E-4616-8783-34B23EF7FE3A} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: +++++--- User ---[MBR] dd024e018e30dfaad67172ee7859e3c8[bSP] 7c67bdb6eea5fc037f2fb1fde4966781 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: +++++--- User ---[MBR] 617240ae40078ba5b2d63715af595c39[bSP] 130a6938a2838fcaeb361cefc3bc8c6d : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MBUser = LL1 ... OKUser = LL2 ... OK Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 24, 2015 Root Admin ID:942559 Share Posted February 24, 2015 We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you. Thank you and sorry we missed your topic. Link to post Share on other sites More sharing options...
Recommended Posts