Another dllhost.exe*32 com surrogate issue

rampantfox83 · November 11, 2014

I'm afraid I too must join those that are having an issue with this piece of malware. I ran the malwarebytes anti-malware scanner and it removed several issues but the COM Surrogate dllhost.exe*32 issue still remains. Any help that can be provided will be extremely helpful!

Thanks,

Brian

Addition.txt

FRST.txt

rampantfox83 · November 12, 2014

Here is the malwarebytes anti-malware scan

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 11/11/2014

Scan Time: 3:46:02 PM

Logfile: malwarebytes.txt

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.11.11.08

Rootkit Database: v2014.11.11.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Swintal

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 428473

Time Elapsed: 20 min, 45 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 33

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878],

PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [e79d40fafe7e270fbe9b882d6c968878],

PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898, Quarantined, [e79d40fafe7e270fbe9b882d6c968878],

PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898, Quarantined, [e79d40fafe7e270fbe9b882d6c968878],

PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878],

PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [e79d40fafe7e270fbe9b882d6c968878],

PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878],

PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878],

Registry Values: 2

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15],

PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [394bb684f488b383c8367b3b8d758080],

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 3

Trojan.Ransom.ED, C:\Users\Swintal\AppData\Local\Temp\2A9C.tmp, Quarantined, [404476c47b015cdab8b442a036cb8080],

Trojan.Agent, C:\Users\Swintal\AppData\Local\Temp\FlyTampa_Libraries_FSX_P3D.exe, Quarantined, [8bf998a2413bd363f57b8bd7f0103ac6],

Trojan.Ransom.ED, C:\Users\Swintal\AppData\Local\Temp\2B47.tmp, Quarantined, [800484b6c5b7d660de8ea939738e867a],

Physical Sectors: 0

(No malicious items detected)

(end)

rampantfox83 · November 12, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014

Ran by Swintal (administrator) on SWINTAL-PC on 11-11-2014 21:37:28

Running from C:\Users\Swintal\Desktop

Loaded Profile: Swintal (Available profiles: Swintal & Brian)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe

(Microsoft Corporation) C:\Windows\System32\wbengine.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe

(Google Inc.) C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

(PI Engineering) C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Navigraph) C:\Program Files (x86)\Navigraph\FMS Data Manager\NGFMSAgent.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) E:\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Navigraph FMS Data Manager] => C:\Program Files (x86)\Navigraph\FMS Data Manager\NGFMSAgent.exe [1006576 2014-06-03] (Navigraph)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => E:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [Google Update] => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-10] (Google Inc.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [Google+ Auto Backup] => C:\Users\Swintal\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)

Startup: C:\Users\Swintal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MacroWorks 3.1.lnk

ShortcutTarget: MacroWorks 3.1.lnk -> C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe (PI Engineering)

ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear

SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://blueconnect.jetblue.com/dana-cached/sc/JuniperSetupClient.cab

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-4134620719-2527629264-1752102789-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-4134620719-2527629264-1752102789-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR Profile: C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13]

CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-07-18]

CHR Extension: (iCloud Bookmarks) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-10-03]

CHR Extension: (Hide My Ass) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjonpeiaiacbgfgemlchebljmfgjnmh [2014-07-18]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]

CHR Extension: (WeatherBug) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-07-18]

CHR Extension: (Google Wallet) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) [File not signed]

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)

U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-08-18] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)

R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-08-18] (ESET)

R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-08-18] (ESET)

R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-18] (ESET)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)

R3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [326784 2006-07-27] (Saitek)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 21:37 - 2014-11-11 21:37 - 00019905 _____ () C:\Users\Swintal\Desktop\FRST.txt

2014-11-11 21:07 - 2014-11-11 21:07 - 00292944 _____ () C:\Windows\Minidump\111114-30482-01.dmp

2014-11-11 16:20 - 2014-11-11 21:37 - 00000000 ____D () C:\FRST

2014-11-11 16:15 - 2014-11-11 16:16 - 00292784 _____ () C:\Windows\Minidump\111114-55255-01.dmp

2014-11-11 15:42 - 2014-11-11 15:42 - 00292944 _____ () C:\Windows\Minidump\111114-28922-01.dmp

2014-11-11 15:36 - 2014-11-11 15:36 - 02116096 _____ (Farbar) C:\Users\Swintal\Desktop\FRST64.exe

2014-11-11 15:25 - 2014-11-11 21:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-11 15:24 - 2014-11-11 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-11 15:24 - 2014-11-11 21:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-11 15:24 - 2014-11-11 15:24 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Swintal\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-11 15:24 - 2014-11-11 15:24 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-11 15:24 - 2014-11-11 15:24 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-11-11 15:24 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-11 15:24 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-11 15:24 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-11 15:07 - 2014-11-11 15:08 - 122472704 _____ (Microsoft Corporation) C:\Users\Swintal\Downloads\msert.exe

2014-11-11 14:51 - 2014-10-03 14:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2014-11-11 14:51 - 2014-10-03 14:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2014-11-11 13:41 - 2014-11-11 13:41 - 00292968 _____ () C:\Windows\Minidump\111114-28407-01.dmp

2014-11-11 13:34 - 2014-11-11 13:34 - 00000000 __SHD () C:\found.003

2014-11-11 13:07 - 2014-11-11 13:07 - 00000268 _____ () C:\Users\Swintal\DECRYPT_INSTRUCTION.URL

2014-11-11 13:00 - 2014-11-11 13:00 - 00000268 _____ () C:\Users\Swintal\Downloads\DECRYPT_INSTRUCTION.URL

2014-11-11 12:41 - 2014-11-11 12:41 - 00000268 _____ () C:\Users\Swintal\Documents\DECRYPT_INSTRUCTION.URL

2014-11-11 12:39 - 2014-11-11 12:39 - 00000268 _____ () C:\Users\Swintal\AppData\Roaming\DECRYPT_INSTRUCTION.URL

2014-11-11 12:39 - 2014-11-11 12:39 - 00000268 _____ () C:\Users\Swintal\AppData\DECRYPT_INSTRUCTION.URL

2014-11-11 12:38 - 2014-11-11 12:38 - 00000268 _____ () C:\Users\Swintal\AppData\Local\DECRYPT_INSTRUCTION.URL

2014-11-11 12:36 - 2014-11-11 12:36 - 00000268 _____ () C:\Users\Swintal\AppData\Local\Apps\DECRYPT_INSTRUCTION.URL

2014-11-11 12:35 - 2014-11-11 12:35 - 00000268 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.URL

2014-11-11 12:35 - 2014-11-11 12:35 - 00000268 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL

2014-11-11 12:34 - 2014-11-11 12:34 - 00000268 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL

2014-11-11 12:09 - 2014-11-11 14:47 - 00000000 ___HD () C:\84c4f78

2014-11-11 11:33 - 2014-11-11 21:19 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Blue

2014-11-11 11:33 - 2014-11-11 11:33 - 00003065 _____ () C:\Users\Swintal\Desktop\bluCARS.lnk

2014-11-11 08:24 - 2014-11-11 08:24 - 00292968 _____ () C:\Windows\Minidump\111114-26566-01.dmp

2014-11-11 07:56 - 2014-11-11 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FS2Crew2012

2014-11-11 07:56 - 2014-11-11 21:19 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\RAASPRO

2014-11-09 20:19 - 2014-11-09 20:19 - 00039296 _____ () C:\Users\Swintal\Downloads\lizzys-support-materials.zip

2014-11-09 14:07 - 2014-11-11 12:09 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage

2014-11-09 11:40 - 2014-11-09 11:40 - 00262144 _____ () C:\Windows\Minidump\110914-52541-01.dmp

2014-11-07 17:50 - 2014-11-07 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-11-07 17:49 - 2014-11-07 17:49 - 00001452 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\Program Files\iTunes

2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\Program Files\iPod

2014-11-07 11:00 - 2014-11-07 11:00 - 00000222 _____ () C:\Users\Swintal\Desktop\Ultimate General Gettysburg.url

2014-11-07 10:31 - 2014-11-07 10:43 - 3016997751 _____ (DarthMod Productions) C:\Users\Swintal\Downloads\DarthModEmpirev80Platinuma.exe

2014-11-05 10:16 - 2014-11-11 12:34 - 00000000 ____D () C:\ProgramData\Stardock

2014-11-05 10:16 - 2014-11-05 10:16 - 00000000 ____D () C:\Users\Swintal\Documents\My Games

2014-11-05 10:15 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll

2014-11-05 10:15 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2014-11-05 10:15 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll

2014-11-05 10:15 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2014-11-05 10:15 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll

2014-11-05 10:15 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2014-11-05 10:12 - 2014-11-11 12:54 - 00000000 ____D () C:\Users\Swintal\Downloads\PoliticalMachine2012

2014-11-05 10:12 - 2014-11-05 10:12 - 00001089 _____ () C:\Users\Swintal\Desktop\Cheat Engine.lnk

2014-11-05 10:12 - 2014-11-05 10:12 - 00000000 ____D () C:\Users\Swintal\Documents\My Cheat Tables

2014-11-05 10:12 - 2014-11-05 10:12 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4

2014-11-05 10:11 - 2014-11-05 10:11 - 09052192 _____ (Cheat Engine ) C:\Users\Swintal\Downloads\CheatEngine64.exe

2014-11-05 10:10 - 2014-11-05 10:10 - 02527824 _____ () C:\Users\Swintal\Downloads\PoliticalMachine2012.rar

2014-11-05 10:08 - 2014-11-05 10:08 - 00000222 _____ () C:\Users\Swintal\Desktop\The Political Machine 2012.url

2014-11-05 08:17 - 2014-11-11 12:51 - 00000000 ____D () C:\Users\Swintal\Downloads\FSXP3D_WorldNavaids

2014-11-05 08:16 - 2014-11-05 08:16 - 08906528 _____ () C:\Users\Swintal\Downloads\FSXP3D_WorldNavaids.zip

2014-11-05 06:32 - 2014-11-11 12:41 - 00000000 ____D () C:\Users\Swintal\Downloads\AS_Airport-Enhancement-Services_V237

2014-11-04 16:54 - 2014-11-04 16:54 - 00292960 _____ () C:\Windows\Minidump\110414-20139-01.dmp

2014-11-04 11:47 - 2014-11-04 11:48 - 79920816 _____ () C:\Users\Swintal\Downloads\AS_Airport-Enhancement-Services_V237.zip

2014-11-02 07:48 - 2014-11-02 07:48 - 00001417 _____ () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-11-02 07:48 - 2014-11-02 07:48 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Adobe

2014-11-02 07:47 - 2014-11-09 11:36 - 00000000 ____D () C:\Users\Brian\AppData\Local\NVIDIA Corporation

2014-11-02 07:47 - 2014-11-02 07:48 - 00000000 ____D () C:\Users\Brian\AppData\Local\Google

2014-11-02 07:47 - 2014-11-02 07:48 - 00000000 ____D () C:\Users\Brian

2014-11-02 07:47 - 2014-11-02 07:47 - 00000020 ___SH () C:\Users\Brian\ntuser.ini

2014-11-02 07:47 - 2014-11-02 07:47 - 00000000 ____D () C:\Users\Brian\AppData\Local\VirtualStore

2014-11-02 07:47 - 2014-11-02 07:47 - 00000000 ____D () C:\Users\Brian\AppData\Local\NVIDIA

2014-11-02 07:47 - 2014-04-10 05:12 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Garmin

2014-11-02 07:47 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-11-02 07:47 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-11-01 19:56 - 2014-11-01 19:56 - 00292960 _____ () C:\Windows\Minidump\110114-24492-01.dmp

2014-11-01 17:39 - 2014-11-11 12:42 - 00000000 ____D () C:\Users\Swintal\Downloads\AS_MEGA-AIRPORT-LONDON-HEATHROW-XTENDED_FSX

2014-11-01 17:12 - 2014-11-01 17:32 - 58954784 _____ () C:\Users\Swintal\Downloads\AS_MEGA-AIRPORT-LONDON-HEATHROW-XTENDED_FSX.zip

2014-11-01 16:33 - 2014-11-01 16:34 - 222931074 _____ () C:\Users\Swintal\Downloads\FlyTampa_Athens_FSX_P3D_12.exe

2014-11-01 14:50 - 2014-11-01 14:50 - 00292960 _____ () C:\Windows\Minidump\110114-36644-01.dmp

2014-11-01 10:47 - 2014-11-11 12:38 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Hifi

2014-11-01 10:47 - 2014-11-01 10:47 - 00001112 _____ () C:\Users\Swintal\Desktop\Active Sky Next for FSX SP1B.lnk

2014-11-01 10:47 - 2014-11-01 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiFi

2014-11-01 10:47 - 2014-11-01 10:47 - 00000000 ____D () C:\Program Files (x86)\HiFi

2014-11-01 08:49 - 2014-11-01 08:50 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-11-01 08:49 - 2014-11-01 08:49 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-11-01 08:49 - 2014-11-01 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-10-26 14:52 - 2014-10-26 14:59 - 159554687 _____ () C:\Users\Swintal\Downloads\EJets_FSX_v16.exe

2014-10-26 09:21 - 2014-10-26 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\United Virtual Airlines

2014-10-26 09:21 - 2014-10-26 09:21 - 00000000 ____D () C:\Program Files (x86)\United Virtual Airlines

2014-10-26 09:19 - 2014-10-26 09:20 - 31212496 _____ () C:\Users\Swintal\Downloads\acars_v3.3.15B.zip

2014-10-26 08:38 - 2014-10-26 08:38 - 00292960 _____ () C:\Windows\Minidump\102614-19359-01.dmp

2014-10-25 16:42 - 2014-10-25 16:42 - 00292968 _____ () C:\Windows\Minidump\102514-23150-01.dmp

2014-10-25 10:06 - 2014-10-25 10:06 - 00000000 __SHD () C:\found.002

2014-10-25 09:06 - 2014-11-11 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET

2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\ESET

2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\Users\Swintal\AppData\Local\ESET

2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\ProgramData\ESET

2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\Program Files\ESET

2014-10-25 09:00 - 2014-10-25 09:00 - 01661128 _____ (ESET) C:\Users\Swintal\Downloads\eset_smart_security_live_installer.exe

2014-10-25 08:28 - 2014-10-25 08:28 - 03834608 _____ (Catalina Marketing Corp) C:\Users\Swintal\Downloads\CatalinaSavingsPrinter.exe

2014-10-25 08:23 - 2014-10-25 08:23 - 00292936 _____ () C:\Windows\Minidump\102514-31715-01.dmp

2014-10-21 08:07 - 2014-10-21 08:07 - 00292920 _____ () C:\Windows\Minidump\102114-18330-01.dmp

2014-10-17 02:01 - 2014-10-17 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET

2014-10-16 18:55 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-16 18:55 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-16 18:55 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-16 18:55 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-16 18:55 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-16 18:55 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-16 18:55 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-16 18:55 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-16 18:55 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-16 18:55 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-16 18:55 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-16 18:55 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-16 18:55 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-16 18:55 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-16 18:55 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-16 18:55 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-16 18:55 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-16 18:55 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-16 18:55 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-16 18:55 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-16 18:55 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-16 18:55 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-16 18:55 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-16 18:55 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-16 18:55 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-16 18:55 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-16 18:55 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-16 18:55 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-16 18:55 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-16 18:55 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-16 18:55 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-16 18:55 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-16 18:55 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-16 18:55 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-16 18:55 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-16 18:55 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-16 18:55 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-16 18:55 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-16 18:55 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-16 18:55 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-16 18:55 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-16 18:55 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-16 18:55 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-16 18:55 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-16 18:55 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-16 18:55 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-16 18:55 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-16 18:55 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-16 18:55 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-16 18:55 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-16 18:55 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-16 18:55 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-16 18:55 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-16 18:55 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-16 18:55 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-16 18:55 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-16 18:55 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-16 18:55 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-16 18:55 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-16 18:55 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-10-16 18:55 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-10-16 18:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-10-16 18:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-10-16 18:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-10-16 18:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-10-16 18:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-10-16 18:55 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-10-16 18:55 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-10-16 18:55 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-16 18:55 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-16 18:55 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-16 18:55 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-16 18:55 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-16 18:55 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-16 18:52 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-16 18:52 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-16 18:52 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-16 18:52 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-16 18:52 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-16 18:52 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-16 18:52 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-16 18:52 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-16 18:52 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-16 18:52 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-16 18:52 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-16 18:52 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-16 18:52 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-16 18:52 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-16 18:52 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-16 18:52 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-16 18:52 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-16 18:52 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-16 18:52 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-16 18:52 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-15 13:24 - 2014-10-15 13:26 - 25074304 _____ () C:\Users\Swintal\Downloads\United 319.zip

2014-10-15 13:13 - 2014-10-15 13:13 - 00122208 _____ () C:\Users\Swintal\Downloads\Airbus_ECAMD2D.zip

2014-10-15 13:11 - 2014-10-15 13:11 - 00134976 _____ () C:\Users\Swintal\Downloads\AB_ND_GDI.zip

2014-10-15 13:03 - 2014-10-15 13:03 - 03873168 _____ () C:\Users\Swintal\Downloads\HF_AIRBUS31819_1_02c.zip

2014-10-12 13:36 - 2014-10-12 13:36 - 00262144 _____ () C:\Windows\Minidump\101214-20841-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 21:33 - 2014-03-14 19:49 - 00004990 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Swintal-PC-Swintal Swintal-PC

2014-11-11 21:32 - 2014-10-03 14:53 - 00000000 ___RD () C:\Users\Swintal\iCloudDrive

2014-11-11 21:31 - 2014-03-01 12:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-11 21:31 - 2009-07-13 23:51 - 00120950 _____ () C:\Windows\setupact.log

2014-11-11 21:30 - 2014-03-01 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-11-11 21:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-11 21:24 - 2014-07-03 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navtech

2014-11-11 21:24 - 2014-03-02 13:18 - 00000000 ____D () C:\ProgramData\Licenses

2014-11-11 21:24 - 2014-03-01 19:40 - 00000000 ____D () C:\Microsoft Flight Simulator X

2014-11-11 21:24 - 2014-03-01 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-11-11 21:24 - 2014-03-01 16:22 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-11-11 21:24 - 2014-03-01 16:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-11-11 21:19 - 2014-07-10 17:00 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2014-11-11 21:19 - 2014-07-10 17:00 - 00000000 ____D () C:\Windows\system32\Macromed

2014-11-11 21:19 - 2014-05-17 14:39 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-11-11 21:19 - 2014-03-16 13:14 - 00000000 ___RD () C:\Users\Swintal\Google Drive

2014-11-11 21:19 - 2014-03-02 15:57 - 00000000 ____D () C:\Windows\Minidump

2014-11-11 21:19 - 2014-03-02 13:18 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Virtuali

2014-11-11 21:19 - 2014-03-01 12:28 - 00000000 ____D () C:\Users\Swintal

2014-11-11 21:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration

2014-11-11 21:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-11-11 21:16 - 2014-08-10 14:33 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA.job

2014-11-11 21:13 - 2014-03-01 15:15 - 01648133 _____ () C:\Windows\WindowsUpdate.log

2014-11-11 21:13 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-11 21:13 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-11 21:07 - 2014-03-02 15:57 - 1095844079 _____ () C:\Windows\MEMORY.DMP

2014-11-11 17:05 - 2014-07-10 17:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-11 16:58 - 2014-03-01 12:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-11 16:15 - 2010-11-20 22:47 - 00099780 _____ () C:\Windows\PFRO.log

2014-11-11 15:05 - 2014-07-10 17:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-11-11 15:05 - 2014-07-10 17:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-11-11 15:05 - 2014-07-10 17:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-11-11 14:56 - 2014-06-07 15:03 - 00000000 ____D () C:\Users\Public\Documents\PFPX Data

2014-11-11 14:56 - 2014-03-02 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft

2014-11-11 14:56 - 2014-03-01 12:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-11-11 13:19 - 2014-03-02 13:18 - 00000000 ____D () C:\ProgramData\TEMP

2014-11-11 13:18 - 2014-03-01 20:09 - 00000000 ____D () C:\Users\Swintal\Documents\Flight Simulator X Files

2014-11-11 13:00 - 2014-03-08 12:42 - 00000000 ____D () C:\Users\Swintal\Downloads\WOAi

2014-11-11 12:54 - 2014-03-03 10:22 - 00000000 ____D () C:\Users\Swintal\Downloads\LUVCARS_4_Build_1_Beta_6

2014-11-11 12:41 - 2014-09-14 14:16 - 00000000 ____D () C:\Users\Swintal\Documents\Paradox Interactive

2014-11-11 12:41 - 2014-06-30 18:01 - 00000000 ____D () C:\Users\Swintal\Documents\RCT3

2014-11-11 12:40 - 2014-09-29 18:55 - 00000000 ____D () C:\Users\Swintal\Desktop\Jake Photos

2014-11-11 12:40 - 2014-08-16 13:04 - 00000000 ____D () C:\Users\Swintal\Documents\FS Flight Keeper

2014-11-11 12:40 - 2014-05-11 15:32 - 00000000 ___SD () C:\Users\Swintal\Documents\My Data Sources

2014-11-11 12:40 - 2014-03-15 11:44 - 00000000 ____D () C:\Users\Swintal\Documents\Garmin

2014-11-11 12:40 - 2014-03-14 13:01 - 00000000 ____D () C:\Users\Swintal\Documents\Aerosoft

2014-11-11 12:40 - 2014-03-07 16:55 - 00000000 ____D () C:\Users\Swintal\Documents\Andreas Folder

2014-11-11 12:39 - 2014-10-04 11:39 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\NBSoftSolutions

2014-11-11 12:39 - 2014-03-02 12:38 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\PMDG

2014-11-11 12:38 - 2014-09-27 06:31 - 00000000 ____D () C:\Users\Swintal\AppData\Local\PI Engineering

2014-11-11 12:38 - 2014-06-30 18:01 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Atari

2014-11-11 12:38 - 2014-06-20 16:15 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Juniper Networks

2014-11-11 12:38 - 2014-05-16 07:45 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Origin

2014-11-11 12:38 - 2014-04-05 18:19 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Apple Computer

2014-11-11 12:38 - 2014-03-15 11:38 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Garmin

2014-11-11 12:37 - 2014-03-16 09:43 - 00000000 ____D () C:\Users\Swintal\AppData\Local\HP

2014-11-11 12:37 - 2014-03-01 12:59 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Google

2014-11-11 12:36 - 2014-03-02 16:42 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Apps\2.0

2014-11-11 12:35 - 2014-10-03 14:52 - 00000000 ____D () C:\Users\Swintal\AppData\Local\AAC7AD0A-50D1-41BC-A353-7B7B50729544.aplzod

2014-11-11 12:35 - 2014-04-05 18:19 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Apple Computer

2014-11-11 12:34 - 2014-05-16 07:42 - 00000000 ____D () C:\ProgramData\Origin

2014-11-11 12:34 - 2014-03-15 11:42 - 00000000 ____D () C:\ProgramData\Garmin

2014-11-11 10:16 - 2014-08-10 14:33 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core.job

2014-11-11 08:01 - 2014-03-02 12:38 - 00116616 _____ () C:\Users\Swintal\AppData\Local\GDIPFONTCACHEV1.DAT

2014-11-11 07:59 - 2009-07-13 23:45 - 00448104 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-11 07:57 - 2014-03-01 19:17 - 00729172 _____ () C:\Windows\DirectX.log

2014-11-09 20:19 - 2014-03-02 13:08 - 00002010 _____ () C:\Users\Swintal\AppData\Roaming\mainhst.zgh

2014-11-09 17:26 - 2014-07-03 17:20 - 00002609 _____ () C:\Users\Public\Desktop\Navtech PBS.lnk

2014-11-08 13:44 - 2014-06-30 16:00 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-11-08 08:30 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-07 17:49 - 2014-10-03 14:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-11-07 17:49 - 2014-04-05 18:18 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-11-06 12:06 - 2014-09-01 15:44 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2014-11-06 12:06 - 2014-09-01 15:44 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2014-11-06 12:06 - 2014-03-01 16:24 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2014-11-06 12:06 - 2014-03-01 16:24 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2014-11-05 12:48 - 2014-05-18 08:27 - 00000000 ____D () C:\ProgramData\ACARS

2014-11-05 11:00 - 2014-03-16 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2014-11-04 15:40 - 2014-03-01 18:40 - 00000000 ____D () C:\Windows\system32\MRT

2014-11-01 17:05 - 2014-06-07 15:06 - 00000777 _____ () C:\Users\Public\Desktop\Aerosoft Launcher.lnk

2014-11-01 16:54 - 2014-08-16 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK2000 Scenery

2014-11-01 13:07 - 2014-03-02 12:28 - 00014352 _____ () C:\Users\Swintal\Downloads\Activation Code Workbook.xlsx

2014-10-28 09:00 - 2014-03-01 13:00 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-10-28 08:14 - 2009-07-14 00:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-10-28 05:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-26 09:21 - 2014-05-18 08:27 - 00002041 _____ () C:\Users\Public\Desktop\UVACARS.lnk

2014-10-25 09:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-10-25 07:53 - 2014-03-03 09:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-10-19 08:53 - 2014-03-01 12:59 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-19 08:53 - 2014-03-01 12:59 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-18 09:11 - 2014-08-10 14:33 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA

2014-10-18 09:11 - 2014-08-10 14:33 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core

2014-10-17 03:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

Files to move or delete:

====================

C:\Users\Swintal\FlightBeam_Denver International - HD.reg

C:\Users\Swintal\FlightBeam_Washington Dulles Intl - HD.reg

C:\Users\Swintal\FSDreamTeam_JFK.reg

C:\Users\Swintal\FSDreamTeam_KIAH.reg

C:\Users\Swintal\FSDreamTeam_Los Angeles V2.reg

C:\Users\Swintal\QualityWings_Ultimate 757 Collection.reg

Some content of TEMP:

====================

C:\Users\Swintal\AppData\Local\Temp\Couponscom.exe

C:\Users\Swintal\AppData\Local\Temp\dsHostCheckerSetup.exe

C:\Users\Swintal\AppData\Local\Temp\InstHelper.exe

C:\Users\Swintal\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Swintal\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Swintal\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Swintal\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe

C:\Users\Swintal\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Swintal\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Swintal\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 12:09

==================== End Of Log ============================

rampantfox83 · November 12, 2014

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014

Ran by Swintal at 2014-11-11 21:38:57

Running from C:\Users\Swintal\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A2A C172 Trainer for FSX (HKLM-x32\...\A2A C172 Trainer for FSX) (Version: - )

ACARS - 1 (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\2acd65cafe4fafc9) (Version: 2.21.0.22 - United Virtual Airlines)

ACARS (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\ca11877970cf2b3f) (Version: 2.0.0.48 - United Virtual Airlines)

Active Sky Next for FSX SP1B (HKLM-x32\...\{F1AE1E08-5094-46AD-AA4D-670C482723B2}_is1) (Version: 1.0.5410.16208 - HiFi Technologies, Inc.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)

Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)

Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)

Aerosoft's - Airbus A318-A319 - FSX (HKLM-x32\...\Airbus A318-A319 - FSX) (Version: 1.10 - Aerosoft)

Aerosoft's - Airbus A320-A321 - FSX (HKLM-x32\...\Airbus A320-A321 - FSX) (Version: 1.00 - Aerosoft)

Aerosoft's - Anchorage X - FSX (HKLM-x32\...\Anchorage X - FSX) (Version: - )

Aerosoft's - Mega Airport Dublin - FSX (HKLM-x32\...\Mega Airport Dublin - FSX) (Version: 1.10 - Aerosoft)

Aerosoft's - Mega Airport Duesseldorf - FSX (HKLM-x32\...\Mega Airport Duesseldorf - FSX) (Version: - )

aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.04 - aerosoft)

Aerosoft's - Mega Airport London Heathrow Xtended - FSX (HKLM-x32\...\Mega Airport London Heathrow Xtended - FSX) (Version: 1.00 - Aerosoft)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASConnect for FSX Installer (HKLM-x32\...\{7E1270D4-42C4-49A4-9EC4-3300D2E47331}_is1) (Version: 1.0.5410.16224 - HiFi Technologies, Inc.)

Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)

B1900D HD SERIES FSX/P3D (HKLM-x32\...\B1900D HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)

Black ICE 6.21r2945 (HKLM-x32\...\{015E0577-7D4A-456C-A435-DD9EE7E72589}_is1) (Version: 6.21r2945 - Panzeroo, Inc.)

bluCARS (HKLM-x32\...\{BD892214-8231-4910-8DBB-F277EE572B15}) (Version: 1.0.1014 - FS Products)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)

CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)

Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)

Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)

Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)

Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)

Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)

Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)

Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)

Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden

Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)

ESET Smart Security (HKLM\...\{C082CDB9-D173-4740-AE0E-C685E6F44850}) (Version: 8.0.304.0 - ESET, spol s r. o.)

Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - )

Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: - )

FlightBeam Denver FSX (HKLM-x32\...\FlightBeam Denver FSX_is1) (Version: 1.0 - FlightBeam.)

FlightBeam San Francisco International FSX (HKLM-x32\...\FlightBeam San Francisco International FSX_is1) (Version: 2.1 - FlightBeam.)

FlightBeam Washington Dulles FSX (HKLM-x32\...\FlightBeam Washington Dulles FSX_is1) (Version: 1.2.3 - FlightBeam.)

FS Flight Keeper (HKLM-x32\...\{B7057895-A93D-44D6-B87A-D3C1FCF28E01}) (Version: 3.5.1 - Thomas Molitor & Aerosoft GmbH)

FSDreamTeam Hawaiian Airports Volume 2 FSX (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 2 FSX_is1) (Version: 1.5.1 - VIRTUALI Sagl)

FSDreamTeam Honolulu International FSX (HKLM-x32\...\FSDreamTeam Honolulu International FSX_is1) (Version: 1.4 - VIRTUALI s.a.s.)

FSDreamTeam Houston Intercontinental Airport FSX (HKLM-x32\...\FSDreamTeam Houston Intercontinental Airport FSX_is1) (Version: 1.0.2 - VIRTUALI Sagl)

FSDreamTeam KJFK FSX (HKLM-x32\...\FSDreamTeam KJFK FSX_is1) (Version: 1.3 - VIRTUALI s.a.s.)

FSDreamTeam Las Vegas McCarran FSX (HKLM-x32\...\FSDreamTeam Las Vegas McCarran FSX_is1) (Version: 1.3 - VIRTUALI s.a.s.)

FSDreamTeam Los Angeles International FSX (HKLM-x32\...\FSDreamTeam Los Angeles International FSX_is1) (Version: 1.5 - VIRTUALI s.a.s.)

FSDreamTeam OHareX FSX (HKLM-x32\...\FSDreamTeam OHareX FSX_is1) (Version: 2.3 - VIRTUALI s.a.s.)

FSFDT FSCopilot (HKLM-x32\...\FSFDT FSCopilot) (Version: - )

FSFDT FSInn (HKLM-x32\...\FSFDT FSInn) (Version: - )

Galeao Intl Airport FSX Prepar3d 2.1 (HKLM-x32\...\sbgl2012fsx) (Version: 2.1 - TropicalSim)

Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Globe Cargo PIREP (HKLM-x32\...\{93E6FA87-33AD-429C-BE11-F947250FE3BA}) (Version: 3.0.1 - Globe Cargo Virtual Airlines)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

Google+ Auto Backup (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)

Hearts of Iron III (HKLM-x32\...\Steam App 25890) (Version: - Paradox Development Studio)

HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)

HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)

Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Juniper Networks Host Checker (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Neoteris_Host_Checker) (Version: 7.1.0.20169 - Juniper Networks)

Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Juniper_Setup_Client) (Version: 7.1.6.17115 - Juniper Networks, Inc.)

MacroWorks 3.1 (HKLM-x32\...\MacroWorks 3.1) (Version: - PI Engineering)

Majestic MJC8Q400 Version 1.008 (HKLM-x32\...\MJC8Q400) (Version: - )

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

Navigraph FMS Data Manager 1.0.11.0603 (HKLM-x32\...\{7E4D5716-374A-4DB6-90CF-D2AEB67362CE}_is1) (Version: 1.0.11.0603 - Navigraph)

Navtech PBS (HKLM-x32\...\{3582DCD8-F0DF-4B2A-808A-2A67BEFEAFA0}) (Version: 14.5.5 - Navtech Inc)

NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)

NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.)

PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.)

PMDG 747-400/400F for FSX (HKLM-x32\...\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}) (Version: 2.10.0040 - Precision Manuals Development Group)

PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6155 - PMDG Simulations, LLC.)

PMDG 777-300ER Expansion (HKLM-x32\...\{E65EFDE6-0864-40BA-8DDF-E31F736D9000}) (Version: 1.10.6155 - PMDG Simulations, LLC.)

PMDG744X_GE_LH (HKLM-x32\...\{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}) (Version: 1.00.0000 - Precision Manuals Development Group)

PMDG744X_PW_UA2 (HKLM-x32\...\{2B5DDFFF-F347-489E-861D-98D02D00472D}) (Version: 1.10.0000 - Precision Manuals Development Group)

PMDG744X_PW_UA3 (HKLM-x32\...\{EAB979F7-84A6-47B6-AB39-CA73A6EEAE69}) (Version: 1.00.0000 - Precision Manuals Development Group)

Punta Cana X-Generation FSX v1.0 (HKLM-x32\...\tsimmdpcxx) (Version: - )

QualityWings Ultimate 757 Collection FSX (HKLM-x32\...\QualityWings Ultimate 757 Collection FSX_is1) (Version: 1.3.2 - QualityWings)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

RAAS Professional by FS2Crew (LOCKED) (HKLM-x32\...\RAAS Professional by FS2Crew (LOCKED)) (Version: - )

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)

Rio Santos Dumont FSX P3D 1.1 (HKLM-x32\...\sbrjfsx) (Version: 1.1 - TropicalSim)

RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version: - Frontier)

SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden

SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)

St Thomas TIST2010 2.0 (HKLM-x32\...\tist2010fsx) (Version: 2.0 - TropicalSim)

Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)

The Political Machine 2012 (HKLM-x32\...\Steam App 211120) (Version: - Stardock Entertainment)

Tocumen Intl', Panama City FSX 1.0 (HKLM-x32\...\tsimmptoxx) (Version: - )

TOPCAT 2.74 Beta 1 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.74 Beta 1 - FSS GmbH)

Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version: - RailSimulator.com)

Ultimate General: Gettysburg (HKLM-x32\...\Steam App 306660) (Version: - Game-Labs)

UVACARS (HKLM-x32\...\{8FA014EE-A721-428F-89F7-82F7B82D4386}) (Version: 3.3.15 - United Virtual Airlines)

VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden

VIRTUALI Addon ManagerX FSX (HKLM-x32\...\VIRTUALI Addon ManagerX FSX_is1) (Version: 2.9.0.23 - VIRTUALI Sagl)

vroute.info (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\ea913c639d7ea423) (Version: 1.1.1.3 - vroute)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

ZipGenius 6.3 (HKLM-x32\...\{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1) (Version: 6.3 - Wininizio.it Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

09-11-2014 22:24:34 Installed Navtech PBS

11-11-2014 12:28:51 Windows Update

11-11-2014 12:56:25 Installed DirectX

11-11-2014 16:30:13 Removed bluCARS

11-11-2014 16:32:59 Installed bluCARS

11-11-2014 19:52:02 Installed DirectX

11-11-2014 19:56:23 Removed Professional Flight Planner X

12-11-2014 02:12:03 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CFCAE88-C488-4548-AEA2-F7CCD8E91383} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.)

Task: {1F1F653A-9A63-4693-A116-3801A0037465} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)

Task: {1FC54D89-1B6C-4516-8C55-88DBB102F513} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)

Task: {2FB88A66-255E-4A6A-A935-E740E57BAF93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-10] (Google Inc.)

Task: {40AC2BF1-F61D-4558-B612-A4BA032B00C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)

Task: {4BD843C3-CFEA-40A4-9AE5-9C55460199CA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {4F161FB8-515E-44F8-B090-EBA22AED117E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-10] (Google Inc.)

Task: {668ACBED-DED4-49A0-BF68-DEA3DED3165A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {7496BE44-E7B5-4B6D-99ED-83342B76092D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {77877023-269F-4E8B-B766-EBB3BC7D4AD1} - System32\Tasks\HP AR Program Upload - b6f1b5de96b0434191ee7a5939bcdd2fed889e11d632473bb14d345dcf17970a => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)

Task: {7DCE01C5-DA32-4944-9E28-BD300B1CE1CD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Swintal-PC-Swintal Swintal-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)

Task: {81F4DB92-CFD7-4E7B-AE0E-F77A560732A9} - System32\Tasks\ASUS\i-Setup132150 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)

Task: {84E00E03-EFA2-40C3-A897-3B5ED119201A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {8BFD38ED-AEEE-4BF9-A623-86D53F843A53} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)

Task: {AE001CD3-A7A1-42E3-9B33-B152E1D23274} - System32\Tasks\ASUS\i-Setup132035 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)

Task: {C9CA414C-B003-452A-9D78-C78A251B18E7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {DB2AFA52-A0DE-4770-BDEA-1CE2AE2C6C30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {F71B3540-246F-452A-B331-044D7D4C5D0D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)

Task: {FA4859D3-569B-462F-90CE-053288C3DEC7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()

Task: {FFAE2AEB-409D-4600-A1EA-B0633B5EC4FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core.job => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA.job => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-01 12:32 - 2012-10-29 02:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe

2014-03-01 16:22 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-03-03 09:26 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-10-25 07:48 - 2014-09-09 09:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

2014-09-26 11:31 - 2014-09-26 11:31 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream64.dll

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-03-01 12:32 - 2014-11-11 21:30 - 00031232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll

2014-03-01 12:32 - 2012-05-07 11:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll

2014-10-25 07:48 - 2014-09-09 08:12 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2012-09-24 08:24 - 2012-09-24 08:24 - 00020480 _____ () C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\Interfaces.dll

2014-03-02 14:28 - 2013-12-08 20:23 - 00732160 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\libGLESv2.dll

2014-03-02 14:28 - 2013-12-08 20:32 - 00854016 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\platforms\qwindows.dll

2014-03-02 14:28 - 2013-12-08 20:23 - 00047104 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\libEGL.dll

2014-03-02 14:28 - 2013-12-08 20:31 - 00021504 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\imageformats\qico.dll

2014-10-28 09:00 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll

2014-10-28 09:00 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll

2014-10-28 09:00 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll

2014-10-28 09:00 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:00934A10

AlternateDataStreams: C:\ProgramData\TEMP:74603393

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-4134620719-2527629264-1752102789-500 - Administrator - Disabled)

Brian (S-1-5-21-4134620719-2527629264-1752102789-1004 - Limited - Enabled) => C:\Users\Brian

Guest (S-1-5-21-4134620719-2527629264-1752102789-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-4134620719-2527629264-1752102789-1003 - Limited - Enabled)

Swintal (S-1-5-21-4134620719-2527629264-1752102789-1000 - Administrator - Enabled) => C:\Users\Swintal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (11/11/2014 09:35:56 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)

Description: Chrome has encountered a fatal error.

ver=38.0.2125.111;lang=;guid=1E499807DE364B569E83CEEACDEA246E;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\7d62fd68-5e25-4b57-9e2b-329ba36424f1.dmp

Error: (11/11/2014 09:33:02 PM) (Source: System Restore) (EventID: 8210) (User: )

Description: An unspecified error occurred during System Restore: (Installed Navtech PBS). Additional information: 0x80070005.

Error: (11/11/2014 09:32:13 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 09:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: HPWia2_EN4500.dll, version: 30.0.411.0, time stamp: 0x505b7712

Exception code: 0x40000015

Fault offset: 0x00000000000324ad

Faulting process id: 0x44c

Faulting application start time: 0xsvchost.exe_stisvc0

Faulting application path: svchost.exe_stisvc1

Faulting module path: svchost.exe_stisvc2

Report Id: svchost.exe_stisvc3

Error: (11/11/2014 09:08:40 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 04:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: Flash32_15_0_0_223.ocx, version: 15.0.0.223, time stamp: 0x544ecba4

Exception code: 0xc0000005

Fault offset: 0x005e96c7

Faulting process id: 0x1f28

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

Error: (11/11/2014 04:21:14 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000005

Fault offset: 0x000379ed

Faulting process id: 0x73c

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

Error: (11/11/2014 04:17:52 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 04:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: HPWia2_EN4500.dll, version: 30.0.411.0, time stamp: 0x505b7712

Exception code: 0x40000015

Fault offset: 0x00000000000324ad

Faulting process id: 0x538

Faulting application start time: 0xsvchost.exe_stisvc0

Faulting application path: svchost.exe_stisvc1

Faulting module path: svchost.exe_stisvc2

Report Id: svchost.exe_stisvc3

Error: (11/11/2014 04:10:10 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:

=============

Error: (11/11/2014 09:33:35 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/11/2014 09:32:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).

Error: (11/11/2014 09:31:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Garmin Core Update Service service failed to start due to the following error:

%%1053

Error: (11/11/2014 09:31:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

Error: (11/11/2014 09:09:54 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/11/2014 09:08:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The IPsec Policy Agent service failed to start due to the following error:

%%1053

Error: (11/11/2014 09:08:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

Error: (11/11/2014 09:07:13 PM) (Source: BugCheck) (EventID: 1001) (User: )

Description: 0x00000024 (0x00000000001904fb, 0xfffff880033385e8, 0xfffff88003337e40, 0xfffff80002eb8c50)C:\Windows\MEMORY.DMP111114-30482-01

Error: (11/11/2014 09:07:13 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 5:30:10 PM on ‎11/‎11/‎2014 was unexpected.

Error: (11/11/2014 04:20:44 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:

=========================

Error: (11/11/2014 09:35:56 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)

Description: Chrome has encountered a fatal error.

ver=38.0.2125.111;lang=;guid=1E499807DE364B569E83CEEACDEA246E;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\7d62fd68-5e25-4b57-9e2b-329ba36424f1.dmp

Error: (11/11/2014 09:33:02 PM) (Source: System Restore) (EventID: 8210) (User: )

Description: Installed Navtech PBS0x80070005

Error: (11/11/2014 09:32:13 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 09:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1HPWia2_EN4500.dll30.0.411.0505b77124000001500000000000324ad44c01cffe20ca755d39C:\Windows\system32\svchost.exeC:\Windows\system32\HPWia2_EN4500.dll139dab8c-6a14-11e4-af9d-ac220b2a544f

Error: (11/11/2014 09:08:40 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 04:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7Flash32_15_0_0_223.ocx15.0.0.223544ecba4c0000005005e96c71f2801cffdf6c5f923c7C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_223.ocx141502f9-69eb-11e4-b41e-ac220b2a544f

Error: (11/11/2014 04:21:14 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7ntdll.dll6.1.7601.18247521ea8e7c0000005000379ed73c01cffdf55f40e0d4C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dllaa530802-69e8-11e4-b41e-ac220b2a544f

Error: (11/11/2014 04:17:52 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2014 04:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1HPWia2_EN4500.dll30.0.411.0505b77124000001500000000000324ad53801cffdf4e146e30dC:\Windows\system32\svchost.exeC:\Windows\system32\HPWia2_EN4500.dll2ca5b8e0-69e8-11e4-b41e-ac220b2a544f

Error: (11/11/2014 04:10:10 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core i7-4771 CPU @ 3.50GHz

Percentage of memory in use: 22%

Total physical RAM: 16322.27 MB

Available physical RAM: 12717.07 MB

Total Pagefile: 32642.72 MB

Available Pagefile: 28962.79 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:721.61 GB) NTFS

Drive e: (Second Drive) (Fixed) (Total:931.51 GB) (Free:844.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ACBBF63B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 76A56381)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

rampantfox83 · November 12, 2014

RogueKiller V10.0.5.0 (x64) [Nov 11 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Swintal [Administrator]

Mode : Scan -- Date : 11/11/2014 21:54:42

¤¤¤ Processes : 2 ¤¤¤

[Proc.Injected] ekrn.exe -- [x] -> Killed [DrvNtTerm]

[Proc.Injected] dllhost.exe -- [x] -> Killed [TermProc]

¤¤¤ Registry : 15 ¤¤¤

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Swintal\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart -> Found

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Swintal\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46F98522-0B7E-4616-8783-34B23EF7FE3A} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{46F98522-0B7E-4616-8783-34B23EF7FE3A} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{46F98522-0B7E-4616-8783-34B23EF7FE3A} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)] -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] dd024e018e30dfaad67172ee7859e3c8

[bSP] 7c67bdb6eea5fc037f2fb1fde4966781 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB

User = LL1 ... OK

User = LL2 ... OK

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] 617240ae40078ba5b2d63715af595c39

[bSP] 130a6938a2838fcaeb361cefc3bc8c6d : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB

User = LL1 ... OK

User = LL2 ... OK

AdvancedSetup · February 24, 2015

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

Sign In

Another dllhost.exe*32 com surrogate issue

Recommended Posts

rampantfox83

Link to post

Share on other sites

rampantfox83

Link to post

Share on other sites

rampantfox83

Link to post

Share on other sites

rampantfox83

Link to post

Share on other sites

rampantfox83

Link to post

Share on other sites

AdvancedSetup

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information