Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD during Gmer scan [Solved]


  • This topic is locked This topic is locked

#1
enrico68

enrico68

    Member

  • Member
  • PipPip
  • 10 posts

Hello,

 

A few days ago I ran Roguekiller on my PC, and it found this "axryypog.sys" under:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.

 

I googled "axryypog.sys" for quite some time, but did not come up with any answer, and so I let Rogue killer deal with it, and deleted it from my computer.

 

After that, I ran Gmer, and it says it found some modifications to my computer that might be malware related, and asks me if I want to do a complete scan, and when it starts doing it, all of a sudden I get a BSOD, with the following message from windows:

 

DRIVER_IRQL_NOT_LESS_OR_EQUAL

 

due to axryypog.sys, the file I deleted through Roguekiller.

 

I have no idea if that BSOD is malware related, or maybe I got rid of a file that Windows needs, or I am just being paranoid. To make sure my filesystem is correct, I ran sfc /scannow, and it fixed a few files.

 

Anyways, Here are the logs from FRST.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.03.2019
Ran by erpino (administrator) on ERPINO-PC (09-03-2019 13:10:30)
Running from C:\Users\erpino\Desktop
Loaded Profiles: erpino (Available Profiles: erpino)
Platform: Windows 10 Pro Version 1803 17134.590 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\erpino\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Navigraph -> Navigraph) C:\Program Files (x86)\Navigraph\FMS Data Manager\NGFMSAgent.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7156296 2013-03-05] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Emsisoft Anti-Malware] => C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [9656576 2019-02-28] (Emsisoft Ltd -> Emsisoft Ltd)
HKLM-x32\...\Run: [Navigraph FMS Data Manager] => C:\Program Files (x86)\Navigraph\FMS Data Manager\NGFMSAgent.exe [992360 2017-12-01] (Navigraph -> Navigraph)
HKU\S-1-5-21-918345630-1214332388-3706368486-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22458328 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{beb01604-9a5e-4622-ba89-df2383ffdb5d}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
Edge Extension: (Emsisoft Browser Security) -> EdgeExtension_24598EmsisoftEmsisoftBrowserSecurity_qx27tcjycwb5c => C:\Program Files\WindowsApps\24598Emsisoft.EmsisoftBrowserSecurity_2018.12.10.0_neutral__qx27tcjycwb5c [2019-02-09]

FireFox:
========
FF DefaultProfile: cfvx9mua.default
FF ProfilePath: C:\Users\erpino\AppData\Roaming\Mozilla\Firefox\Profiles\cfvx9mua.default [2019-03-09]
FF Extension: (Emsisoft Browser Security) - C:\Users\erpino\AppData\Roaming\Mozilla\Firefox\Profiles\cfvx9mua.default\Extensions\{b21882eb-3211-44dc-964b-e6f35b33061f}.xpi [2019-01-05]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-01] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9591616 2019-02-28] (Emsisoft Ltd -> Emsisoft Ltd)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-03] (ASUSTeK Computer Inc. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\WINDOWS\System32\drivers\asahci64.sys [47512 2013-01-10] (ASMedia Technology Inc. -> Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-03] (ASUSTeK Computer Inc. -> )
R1 epp; C:\Program Files\Emsisoft Anti-Malware\epp.sys [168544 2019-02-28] (Emsisoft Ltd -> Emsisoft Ltd)
R0 eppdisk; C:\WINDOWS\System32\drivers\eppdisk.sys [37064 2018-04-02] (Emsisoft Ltd -> Emsisoft Ltd)
R1 eppwfp; C:\Program Files\Emsisoft Anti-Malware\eppwfp.sys [131952 2019-01-03] (Emsisoft Ltd -> Emsisoft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-02-09] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-03-07] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-03-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-09] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-03-07] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6992f55a2cc4b209\nvlddmkm.sys [20371952 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation)
R3 SaiH0762; C:\WINDOWS\System32\drivers\SaiH0762.sys [178304 2008-02-15] (Saitek -> Saitek)
S3 SaiH0BAC; C:\WINDOWS\System32\drivers\SaiH0BAC.sys [176128 2007-07-02] (Saitek -> Saitek)
S3 SaiH0C2D; C:\WINDOWS\System32\drivers\SaiH0C2D.sys [176128 2007-07-02] (Saitek -> Saitek)
R3 SaiK0764; C:\WINDOWS\System32\drivers\SaiK0764.sys [175624 2010-10-13] (Saitek -> Saitek)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-03-08] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
U3 axryypog; C:\Users\erpino\AppData\Local\Temp\axryypog.sys [56584 2019-03-07] (GMEREK Systemy Komputerowe Przemyslaw Gmerek -> GMER) [File not signed] <==== ATTENTION
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-09 13:10 - 2019-03-09 13:11 - 000012797 _____ C:\Users\erpino\Desktop\FRST.txt
2019-03-09 13:10 - 2019-03-09 13:10 - 000000000 ____D C:\FRST
2019-03-09 13:08 - 2019-03-09 13:08 - 002434560 _____ (Farbar) C:\Users\erpino\Desktop\FRST64.exe
2019-03-09 13:02 - 2019-03-09 13:02 - 000562956 _____ C:\WINDOWS\Minidump\030919-8781-01.dmp
2019-03-09 12:58 - 2019-03-09 12:59 - 000578756 _____ C:\WINDOWS\Minidump\030919-13671-01.dmp
2019-03-09 12:16 - 2019-03-09 12:16 - 000000000 ___HD C:\OneDriveTemp
2019-03-08 18:30 - 2019-03-08 18:30 - 003803065 _____ C:\Users\erpino\Desktop\20190308_112647.zip
2019-03-07 23:34 - 2019-03-07 23:35 - 000599212 _____ C:\WINDOWS\Minidump\030719-7500-01.dmp
2019-03-07 23:28 - 2019-03-09 13:02 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-03-07 23:28 - 2019-03-07 23:28 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-03-07 23:27 - 2019-03-09 13:02 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-07 23:27 - 2019-03-07 23:27 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-03-07 23:12 - 2019-03-09 13:02 - 518818425 _____ C:\WINDOWS\MEMORY.DMP
2019-03-07 23:12 - 2019-03-07 23:12 - 000584452 _____ C:\WINDOWS\Minidump\030719-7718-01.dmp
2019-03-07 22:49 - 2019-03-08 18:28 - 000028272 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2019-03-07 22:42 - 2019-03-07 22:49 - 000000000 ____D C:\Program Files\RogueKiller
2019-03-07 22:42 - 2019-03-07 22:42 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2019-03-07 22:42 - 2019-03-07 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-03-07 22:10 - 2019-03-09 13:02 - 000000000 ____D C:\WINDOWS\Minidump
2019-03-07 18:48 - 2019-03-07 18:48 - 005198336 _____ (AVAST Software) C:\Users\erpino\Desktop\aswMBR.exe
2019-03-06 18:37 - 2016-03-11 14:53 - 000380928 _____ C:\Users\erpino\Desktop\gmer.exe
2019-03-06 18:36 - 2019-03-07 22:29 - 000000000 ____D C:\Users\erpino\Desktop\gmer
2019-03-05 19:31 - 2019-03-05 19:36 - 002434560 _____ (Farbar) C:\Users\erpino\Downloads\FRSTEnglish.exe
2019-03-05 19:24 - 2019-03-05 19:25 - 000148794 _____ C:\TDSSKiller.3.1.0.26_05.03.2019_19.24.28_log.txt
2019-03-05 18:57 - 2019-03-05 18:58 - 000000000 ____D C:\KVRT_Data
2019-03-05 18:41 - 2019-03-07 22:49 - 000000000 ____D C:\ProgramData\RogueKiller
2019-03-05 18:16 - 2019-03-05 18:16 - 000000000 ____D C:\Users\erpino\AppData\Roaming\SUPERAntiSpyware.com
2019-03-05 18:15 - 2019-03-05 18:15 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2019-02-28 20:42 - 2019-02-28 20:42 - 000001409 _____ C:\Users\Public\Desktop\FSDT GSX Control Panel.lnk
2019-02-28 20:42 - 2019-02-28 20:42 - 000001334 _____ C:\Users\Public\Desktop\FSDT GSX Manual.lnk
2019-02-28 20:42 - 2019-02-28 20:42 - 000001161 _____ C:\Users\Public\Desktop\FSDT Installation Guide.lnk
2019-02-28 20:42 - 2019-02-28 20:42 - 000001141 _____ C:\Users\Public\Desktop\FSDT Live Update.lnk
2019-02-28 20:42 - 2019-02-28 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimObject Display Engine
2019-02-28 20:42 - 2019-02-28 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSDreamTeam
2019-02-28 20:42 - 2019-02-28 20:42 - 000000000 ____D C:\Program Files (x86)\12bPilot
2019-02-28 20:39 - 2019-02-28 20:43 - 000000000 ____D C:\ProgramData\Virtuali
2019-02-26 18:36 - 2019-02-26 18:36 - 000000000 ____D C:\fsad_backup_org
2019-02-26 18:33 - 2019-02-28 18:39 - 000000000 ____D C:\Users\erpino\Documents\fsAerodata Files
2019-02-26 18:33 - 2019-02-28 18:31 - 000000667 _____ C:\Users\Public\Desktop\fsAerodata.lnk
2019-02-26 18:33 - 2019-02-28 18:31 - 000000000 ____D C:\fsAerodata
2019-02-26 18:33 - 2019-02-26 18:33 - 000000000 ____D C:\Users\erpino\AppData\Roaming\fsAerodata
2019-02-26 18:30 - 2019-02-28 18:31 - 000000000 ____D C:\Users\erpino\Desktop\fsaerodata
2019-02-24 19:44 - 2019-02-24 19:44 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2019-02-24 18:30 - 2019-02-24 18:30 - 000001109 _____ C:\Users\Public\Desktop\A320X Docs (P3Dv4).lnk
2019-02-24 18:30 - 2019-02-24 18:30 - 000000148 _____ C:\Users\Public\Desktop\FSLA320-X Refuel Panel.url
2019-02-24 18:30 - 2019-02-24 18:30 - 000000137 _____ C:\Users\Public\Desktop\FSLA320-X MCDU.url
2019-02-24 18:29 - 2019-02-28 20:49 - 000000000 ____D C:\Users\erpino\AppData\Roaming\Virtuali
2019-02-24 18:29 - 2019-02-24 18:29 - 000000000 ____D C:\Program Files\FlightSimLabs
2019-02-24 18:20 - 2019-02-28 20:43 - 000000000 ____D C:\Users\erpino\Documents\Prepar3D v4 Add-ons
2019-02-24 18:20 - 2019-02-24 18:54 - 000000000 ____D C:\Users\erpino\Documents\Prepar3D v4 Files
2019-02-24 18:09 - 2019-02-24 18:09 - 000001527 _____ C:\Users\Public\Desktop\Prepar3D v4.lnk
2019-02-24 18:09 - 2019-02-24 18:09 - 000000000 ____D C:\Users\erpino\AppData\Roaming\Lockheed Martin
2019-02-24 18:09 - 2019-02-24 18:09 - 000000000 ____D C:\Users\erpino\AppData\Local\Lockheed Martin
2019-02-24 18:09 - 2019-02-24 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lockheed Martin
2019-02-24 18:09 - 2019-02-24 18:09 - 000000000 ____D C:\ProgramData\Lockheed Martin
2019-02-24 16:09 - 2019-02-24 16:10 - 000000000 ____D C:\Users\erpino\Desktop\free airports P3d
2019-02-24 16:04 - 2019-02-24 16:04 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2019-02-24 15:18 - 2019-02-28 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fsAerodata
2019-02-23 16:27 - 2019-02-23 16:27 - 000000000 ____D C:\Users\erpino\AppData\Local\VirtualStore
2019-02-19 15:05 - 2019-02-19 15:05 - 000000000 ____D C:\Users\erpino\AppData\Local\OneDrive
2019-02-14 21:44 - 2019-02-06 08:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-14 21:44 - 2019-02-06 08:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-14 21:44 - 2019-02-06 08:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-14 21:44 - 2019-02-06 08:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-14 21:44 - 2019-02-06 08:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-14 21:44 - 2019-02-06 08:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-14 21:44 - 2019-02-06 08:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-14 21:44 - 2019-02-06 08:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-14 21:44 - 2019-02-06 07:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-14 21:44 - 2019-02-06 07:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-14 21:44 - 2019-02-06 07:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-14 21:44 - 2019-02-06 07:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-14 21:44 - 2019-02-06 04:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-14 21:44 - 2019-02-06 04:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-14 21:44 - 2019-02-06 04:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-14 21:44 - 2019-02-06 04:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-14 21:44 - 2019-02-06 04:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-14 21:44 - 2019-02-06 04:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-14 21:44 - 2019-02-06 04:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-14 21:44 - 2019-02-06 04:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-14 21:44 - 2019-02-06 04:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-14 21:44 - 2019-02-06 04:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-14 21:44 - 2019-02-06 04:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-14 21:44 - 2019-02-06 04:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-14 21:44 - 2019-02-06 04:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-14 21:44 - 2019-02-06 04:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-14 21:44 - 2019-02-06 04:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-14 21:44 - 2019-02-06 04:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-14 21:44 - 2019-02-06 04:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-14 21:44 - 2019-02-06 04:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-14 21:44 - 2019-02-06 04:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-14 21:44 - 2019-02-06 04:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-14 21:44 - 2019-02-06 04:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-14 21:44 - 2019-02-06 04:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-14 21:44 - 2019-02-06 04:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-14 21:44 - 2019-02-06 04:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-14 21:44 - 2019-02-06 03:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-14 21:44 - 2019-02-06 03:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-14 21:44 - 2019-02-06 03:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-14 21:44 - 2019-02-06 03:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-14 21:44 - 2019-02-06 03:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-14 21:44 - 2019-02-06 03:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-14 21:44 - 2019-02-06 03:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-14 21:44 - 2019-02-06 03:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-14 21:44 - 2019-02-06 03:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-14 21:44 - 2019-02-06 03:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-14 21:44 - 2019-02-06 03:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-14 21:44 - 2019-02-06 03:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-14 21:44 - 2019-02-06 03:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-14 21:44 - 2019-02-06 03:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-14 21:44 - 2019-02-06 03:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-14 21:44 - 2019-02-06 03:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-14 21:44 - 2019-02-06 03:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-14 21:44 - 2019-02-06 03:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-14 21:44 - 2019-02-06 03:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-14 21:44 - 2019-02-06 03:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-14 21:44 - 2019-02-06 03:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-14 21:44 - 2019-02-06 03:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-14 21:44 - 2019-02-06 03:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-14 21:44 - 2019-02-06 03:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-14 21:44 - 2019-02-06 03:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-14 21:44 - 2019-02-06 03:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-14 21:44 - 2019-02-06 03:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-14 21:44 - 2019-02-06 03:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-14 21:44 - 2019-02-06 03:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-14 21:44 - 2019-02-06 03:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-14 21:44 - 2019-02-06 03:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-14 21:44 - 2019-02-06 03:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-14 21:44 - 2019-02-06 03:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-14 21:44 - 2019-02-06 03:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-14 21:44 - 2019-02-06 03:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-14 21:44 - 2019-02-06 03:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-14 21:44 - 2019-02-06 02:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-14 21:44 - 2019-01-12 09:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-14 21:44 - 2019-01-12 03:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-14 21:44 - 2019-01-09 19:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-14 21:44 - 2019-01-09 18:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-14 21:44 - 2019-01-09 18:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-14 21:44 - 2019-01-09 18:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-14 21:44 - 2019-01-09 18:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-14 21:44 - 2019-01-09 18:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-14 21:44 - 2019-01-09 18:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-14 21:44 - 2019-01-09 18:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-14 21:44 - 2019-01-09 11:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-14 21:44 - 2019-01-09 10:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-14 21:44 - 2019-01-09 10:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-14 21:44 - 2019-01-09 09:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-14 21:44 - 2019-01-09 09:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-14 21:44 - 2019-01-09 06:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-14 21:44 - 2019-01-09 06:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-14 21:44 - 2019-01-09 06:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-14 21:44 - 2019-01-09 06:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-14 21:44 - 2019-01-09 06:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-14 21:44 - 2019-01-09 06:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-14 21:44 - 2019-01-09 06:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-14 21:44 - 2019-01-09 06:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-14 21:44 - 2019-01-09 06:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-14 21:44 - 2019-01-09 06:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-14 21:44 - 2019-01-09 06:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-14 21:44 - 2019-01-09 06:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-14 21:44 - 2019-01-09 06:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-14 21:44 - 2019-01-09 06:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-14 21:44 - 2019-01-09 06:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-14 21:44 - 2019-01-09 06:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-14 21:44 - 2019-01-09 06:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-14 21:44 - 2019-01-09 06:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-14 21:44 - 2019-01-09 06:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-14 21:44 - 2019-01-09 06:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-14 21:44 - 2019-01-09 06:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-14 21:44 - 2019-01-09 06:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-14 21:44 - 2019-01-09 06:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-14 21:44 - 2019-01-09 06:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-14 21:44 - 2019-01-09 06:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-14 21:44 - 2019-01-09 06:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-14 21:44 - 2019-01-09 06:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-14 21:44 - 2019-01-09 06:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-14 21:44 - 2019-01-09 06:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-14 21:44 - 2019-01-09 06:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-14 21:44 - 2019-01-09 06:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-14 21:44 - 2019-01-09 06:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-14 21:44 - 2019-01-09 06:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-14 21:44 - 2019-01-09 06:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-14 21:44 - 2019-01-09 06:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-14 21:44 - 2019-01-09 06:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-14 21:44 - 2019-01-09 06:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-14 21:44 - 2019-01-09 06:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-14 21:44 - 2019-01-09 06:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-14 21:44 - 2019-01-09 06:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-14 21:44 - 2019-01-09 06:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-14 21:44 - 2019-01-09 06:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-14 21:44 - 2019-01-09 06:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-14 21:44 - 2019-01-09 06:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-14 21:44 - 2019-01-09 06:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-14 21:44 - 2019-01-09 06:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-14 21:44 - 2019-01-09 06:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-14 21:44 - 2019-01-09 06:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-14 21:44 - 2019-01-09 06:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-14 21:44 - 2019-01-09 06:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-14 21:44 - 2019-01-09 06:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-14 21:44 - 2019-01-09 06:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-14 21:44 - 2019-01-09 06:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-14 21:44 - 2019-01-09 06:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-14 21:44 - 2019-01-09 06:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-14 21:44 - 2019-01-09 06:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-14 21:44 - 2019-01-09 06:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-14 21:44 - 2019-01-09 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-14 21:44 - 2019-01-09 06:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-14 21:44 - 2019-01-09 06:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-14 21:44 - 2019-01-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 21:44 - 2019-01-09 06:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-14 21:44 - 2019-01-09 06:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-14 21:44 - 2019-01-09 06:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-14 21:44 - 2019-01-09 06:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-14 21:44 - 2019-01-09 06:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-14 21:44 - 2019-01-09 06:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-14 21:44 - 2019-01-09 06:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-14 21:44 - 2019-01-09 06:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-14 21:44 - 2019-01-09 06:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-14 21:44 - 2019-01-09 06:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-14 21:44 - 2019-01-09 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-14 21:44 - 2019-01-09 06:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-14 21:44 - 2019-01-09 06:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-14 21:44 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-14 21:44 - 2019-01-09 05:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-14 21:44 - 2019-01-08 10:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-14 21:44 - 2019-01-08 04:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-14 21:44 - 2019-01-08 04:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-14 21:44 - 2019-01-08 04:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-10 15:10 - 2019-02-10 15:10 - 000001294 _____ C:\Users\erpino\Desktop\smartCARS - vEZY (en-US).lnk
2019-02-10 15:10 - 2019-02-10 15:10 - 000000000 ____D C:\Program Files (x86)\smartCARS
2019-02-10 14:08 - 2019-02-21 14:17 - 000001222 _____ C:\65cf4439-6c3c-425b-8640-4d77bc17d7aa.index
2019-02-09 18:28 - 2019-02-09 18:28 - 000002048 _____ C:\WINDOWS\gep3d.lic
2019-02-09 13:08 - 2019-02-09 13:08 - 001137216 _____ C:\Users\erpino\Desktop\qw3159.pdf
2019-02-09 12:53 - 2019-02-09 12:53 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-02-09 12:53 - 2019-02-09 12:53 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-02-09 12:53 - 2019-02-09 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-02-09 12:53 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-02-09 12:53 - 2019-01-08 15:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-02-09 11:43 - 2019-02-09 11:43 - 000000000 ____D C:\ProgramData\Mozilla

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-09 13:09 - 2018-12-09 20:53 - 000000000 ____D C:\WINDOWS\INF
2019-03-09 13:09 - 2018-12-09 12:36 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2019-03-09 13:09 - 2018-12-09 12:08 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-09 13:04 - 2017-06-02 21:51 - 000000000 ____D C:\Users\erpino\AppData\LocalLow\Mozilla
2019-03-09 13:03 - 2017-06-02 13:20 - 000000000 ___RD C:\Users\erpino\OneDrive
2019-03-09 13:02 - 2018-12-09 20:54 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-09 13:02 - 2018-12-09 12:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-09 13:02 - 2018-12-09 12:00 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-09 13:02 - 2018-12-09 11:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-09 12:59 - 2018-12-09 20:54 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-09 12:59 - 2018-12-09 12:01 - 000000000 ____D C:\Users\erpino
2019-03-09 12:19 - 2018-12-09 20:54 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-07 23:27 - 2018-12-09 20:50 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-03-07 18:31 - 2018-12-31 15:58 - 000000000 ____D C:\Program Files\Microsoft Office
2019-03-07 18:31 - 2018-12-09 20:54 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-03-07 18:26 - 2018-12-09 12:01 - 000002366 _____ C:\Users\erpino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-05 19:26 - 2018-12-09 12:36 - 000000000 ____D C:\ProgramData\Emsisoft
2019-03-05 19:21 - 2018-12-09 20:50 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-05 18:11 - 2018-12-25 00:00 - 000000000 ____D C:\Users\erpino\AppData\Local\CrashDumps
2019-03-04 18:21 - 2018-12-09 14:24 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-03-04 18:21 - 2018-12-09 14:24 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-03-03 14:59 - 2018-12-09 12:27 - 000000112 _____ C:\Users\erpino\AppData\Local\X-Plane_drm_11.prf
2019-03-03 14:57 - 2018-12-23 17:44 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-03-03 14:56 - 2018-12-09 12:29 - 000000102 _____ C:\Users\erpino\AppData\Local\X-Plane_xdd_11.prf
2019-03-03 14:26 - 2019-01-06 13:12 - 000012338 _____ C:\Users\erpino\Desktop\X-Plane Installer Log.txt
2019-03-03 14:26 - 2018-12-09 19:03 - 000000037 _____ C:\Users\erpino\AppData\Local\X-Plane Installer.prf
2019-03-03 14:10 - 2019-01-06 13:39 - 000001122 _____ C:\Users\erpino\Desktop\X-Plane.exe - Shortcut.lnk
2019-03-03 10:12 - 2018-12-09 14:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-03-03 10:12 - 2018-12-09 14:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-02 20:54 - 2018-12-09 14:22 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-03-02 11:41 - 2018-12-23 16:09 - 000000000 ____D C:\Program Files\rempl
2019-02-28 20:42 - 2018-12-23 18:51 - 000000000 ____D C:\Program Files (x86)\Addon Manager
2019-02-24 18:08 - 2018-12-09 17:22 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-23 15:33 - 2018-12-09 20:54 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-23 15:13 - 2018-12-09 12:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-02-23 11:20 - 2017-06-02 12:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-21 19:14 - 2018-12-09 12:02 - 000000000 ____D C:\Users\erpino\AppData\Local\Packages
2019-02-21 18:38 - 2019-01-01 17:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Games
2019-02-16 13:30 - 2018-12-09 11:59 - 000405824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-14 22:59 - 2018-12-09 20:54 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-14 22:59 - 2018-12-09 20:54 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-14 22:59 - 2018-12-09 20:54 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-14 22:59 - 2018-12-09 20:54 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-14 22:59 - 2018-12-09 20:54 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-14 22:59 - 2018-12-09 20:54 - 000000000 ____D C:\Program Files\Windows Defender
2019-02-14 21:52 - 2018-12-29 17:47 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-02-14 21:46 - 2018-12-09 20:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-02-14 21:43 - 2018-12-23 16:17 - 129330784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-02-14 21:43 - 2018-12-23 16:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-02-10 18:36 - 2018-12-09 14:24 - 000000000 ____D C:\Program Files\CCleaner
2019-02-10 13:57 - 2019-01-01 15:42 - 000000000 ____D C:\Users\erpino\AppData\Local\ElevatedDiagnostics
2019-02-09 16:10 - 2018-12-09 12:04 - 000000000 ____D C:\Users\erpino\AppData\Local\PlaceholderTileLogoFolder
2019-02-09 12:53 - 2018-12-09 20:54 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-02-09 11:44 - 2018-12-09 12:06 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-918345630-1214332388-3706368486-1000
2019-02-07 21:27 - 2018-12-09 12:18 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories =======

2018-04-08 09:46 - 2018-12-25 09:36 - 000000179 _____ () C:\Users\erpino\FSDreamTeam_GSX.reg
2018-12-09 12:27 - 2018-12-09 12:27 - 000000056 _____ () C:\Users\erpino\AppData\Local\X-Plane 11 Preferences.prf
2018-12-09 19:03 - 2019-03-03 14:26 - 000000037 _____ () C:\Users\erpino\AppData\Local\X-Plane Installer.prf
2018-12-09 12:27 - 2019-03-03 14:59 - 000000112 _____ () C:\Users\erpino\AppData\Local\X-Plane_drm_11.prf
2018-12-09 12:27 - 2019-01-06 13:14 - 000000059 _____ () C:\Users\erpino\AppData\Local\x-plane_install_11.txt
2018-12-09 12:29 - 2019-03-03 14:56 - 000000102 _____ () C:\Users\erpino\AppData\Local\X-Plane_xdd_11.prf

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-12-09 11:59

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.03.2019
Ran by erpino (09-03-2019 13:11:16)
Running from C:\Users\erpino\Desktop
Windows 10 Pro Version 1803 17134.590 (X64) (2018-12-09 11:02:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-918345630-1214332388-3706368486-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-918345630-1214332388-3706368486-503 - Limited - Disabled)
erpino (S-1-5-21-918345630-1214332388-3706368486-1000 - Administrator - Enabled) => C:\Users\erpino
Guest (S-1-5-21-918345630-1214332388-3706368486-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-918345630-1214332388-3706368486-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-918345630-1214332388-3706368486-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.54 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7041 - CDBurnerXP)
CodeBlocks (HKU\S-1-5-21-918345630-1214332388-3706368486-1000\...\CodeBlocks) (Version: 17.12 - The Code::Blocks Team)
Emsisoft Anti-Malware (HKLM\...\{CA975286-D816-410C-B6C9-F7213CA84695}) (Version: 18.11.0.9073 - Emsisoft Ltd.)
fsAerodata version 1.2.09 (HKLM-x32\...\{5C04FC7E-EF3F-417E-90C5-89383B8A78EF}_is1) (Version: 1.2.09 - fsAerodata)
FSDreamTeam GSX version 2.5.0.11 (HKLM-x32\...\FSDreamTeam GSX_is1) (Version: 2.5.0.11 - VIRTUALI Sagl)
FSLabs A320-X Easyjet (new colors) livery v1.5 (HKLM-x32\...\FSLabs A320-X Easyjet (new colors) livery_is1) (Version: 0.1.5.0 - FlightSimLabs, Ltd.)
FSLabs A320X v2.0.1.266 for P3Dv4 (HKLM\...\A320X_P3Dv4_is1) (Version: 2.0.1.266 - FlightSimLabs, Ltd.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-918345630-1214332388-3706368486-1000\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 65.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 65.0.2 (x64 en-US)) (Version: 65.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Navigraph Charts Desktop 6.0.21.0928 (HKLM-x32\...\{A2CFEB97-9771-4B47-9BDF-EC91D5351652}}_is1) (Version: 6.0.21.0928 - Navigraph)
Navigraph FMS Data Manager 1.7.3.1201 (HKLM-x32\...\{7E4D5716-374A-4DB6-90CF-D2AEB67362CE}_is1) (Version: 1.7.3.1201 - Navigraph)
Navigraph Simlink 1.0.19.1219 (HKLM-x32\...\{E5431A0D-8735-4E89-9E41-D820334B2909}}_is1) (Version: 1.0.19.1219 - Navigraph)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Prepar3D v4 Academic (HKLM-x32\...\{46c16e6d-a04c-445d-a5e6-3386e2ec6671}) (Version: 4.4.16.27077 - Lockheed Martin)
Prepar3D v4 Academic Client (HKLM\...\{F4C0F17C-2CAD-4CC2-B8EA-63D59CF17070}) (Version: 4.4.16.27077 - Lockheed Martin)
Prepar3D v4 Content (HKLM\...\{87040041-993B-42AF-BEA0-6086FEB45184}) (Version: 4.4.16.27077 - Lockheed Martin)
Prepar3D v4 Scenery (HKLM\...\{C953A291-C0D5-414E-8211-778D5E53D73A}) (Version: 4.4.16.27077 - Lockheed Martin)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6853 - Realtek Semiconductor Corp.)
RogueKiller version 13.1.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.1.7.0 - Adlice Software)
SimObject Display Engine (HKLM-x32\...\{D8051A82-3D00-44E0-995D-C5E79837E26F}) (Version: 1.6.3 - 12bPilot)
smartCARS - vEZY (en-US) (HKLM\...\{EB83C451-72B1-FE5E-11DB-9B97DA52183F_en-US}) (Version: 2.1.31.0 - TFDi Design)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-918345630-1214332388-3706368486-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers2: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers3: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers6: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files\Emsisoft Anti-Malware\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd -> Emsisoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {073968A6-7ACF-402D-8356-2B4C1D0A2B35} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {14F798CC-0E12-43E7-BEBB-96BDC9042510} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {298AD739-EC4D-4BD6-94C0-DAE0E47365A7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {38BE1C4E-9457-4289-95EA-2B6931DBE0B0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {407C7F8D-271A-4942-9A9D-53F477CE48EB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {785B9627-7F7D-4170-9D4B-BD4E01E3EA70} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {98172476-D3D3-4341-A739-E0965DB03C42} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {A97D7282-583F-4BED-8EBA-7D9D1CAAAB20} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
Task: {B785E136-E782-496A-82B5-5A62EE3161BE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CE244185-E083-4035-9F8B-F5170C9F0F42} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D1CD05E7-5F42-4A7F-935A-89FACE011859} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-12-09 12:00 - 2019-03-09 13:02 - 000036136 _____ (ASUSTeK Computer Inc. -> ) [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2018-12-09 12:32 - 2019-02-01 09:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2018-12-09 12:32 - 2019-02-01 09:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2018-12-09 12:32 - 2019-02-01 09:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2018-12-09 12:32 - 2019-02-01 09:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2018-12-09 12:32 - 2019-02-01 09:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2018-12-09 12:32 - 2019-02-01 09:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2018-12-09 12:32 - 2019-02-01 09:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-02-09 12:53 - 2019-02-01 09:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-02-09 12:53 - 2019-02-01 09:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-02-09 12:53 - 2019-02-01 09:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-02-09 12:53 - 2019-02-01 09:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2018-12-09 12:32 - 2019-02-01 09:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-02-09 12:53 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-02-09 12:53 - 2019-02-01 09:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-02-09 12:53 - 2019-02-01 09:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-02-09 12:53 - 2019-02-01 09:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-02-09 12:53 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-02-09 12:53 - 2019-02-01 09:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-02-09 12:53 - 2019-02-01 09:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2018-12-09 17:22 - 2016-08-11 10:12 - 004626432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Navigraph\FMS Data Manager\Qt5Core.dll
2018-12-09 17:22 - 2016-06-10 08:20 - 004854784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Navigraph\FMS Data Manager\Qt5Gui.dll
2018-12-09 17:22 - 2016-06-10 08:17 - 000847872 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Navigraph\FMS Data Manager\Qt5Network.dll
2018-12-09 17:22 - 2016-06-10 08:26 - 004439552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Navigraph\FMS Data Manager\Qt5Widgets.dll
2018-12-09 17:22 - 2016-06-10 08:15 - 000151552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Navigraph\FMS Data Manager\Qt5Xml.dll
2018-12-09 17:22 - 2016-06-10 08:30 - 000990208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Navigraph\FMS Data Manager\platforms\qwindows.dll
2018-12-09 17:22 - 2016-06-10 08:29 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Navigraph\FMS Data Manager\imageformats\qgif.dll
2018-12-09 17:22 - 2016-06-10 08:29 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Navigraph\FMS Data Manager\imageformats\qico.dll
2018-12-09 17:22 - 2016-06-10 08:29 - 000245760 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Navigraph\FMS Data Manager\imageformats\qjpeg.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-12-09 20:54 - 2018-12-09 20:53 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-918345630-1214332388-3706368486-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D6E44E85-11CC-4735-8258-4AAFF8E96AC3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C4496D27-835B-4D81-B031-D2C58F4D980E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{972F91FA-5AA2-4037-A679-9247AE310449}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{72C22584-B441-4711-B370-0670B3F91968}F:\x plane 11\x-plane 11\x-plane.exe] => (Allow) F:\x plane 11\x-plane 11\x-plane.exe (Laminar Research) [File not signed]
FirewallRules: [UDP Query User{225646B1-DB46-4DDB-9852-4DEF5D2824F9}F:\x plane 11\x-plane 11\x-plane.exe] => (Allow) F:\x plane 11\x-plane 11\x-plane.exe (Laminar Research) [File not signed]
FirewallRules: [{9A549E13-3E8B-47F8-AD6E-14CD2AE19C5F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{9ACDD2DA-037E-4504-AF45-78965FEE4E7C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [TCP Query User{C763F42F-A955-42B6-BE2F-91046CA7E7F4}D:\prepar3d\prepar3d.exe] => (Allow) D:\prepar3d\prepar3d.exe (Lockheed Martin®) [File not signed]
FirewallRules: [UDP Query User{0B5B0100-8089-44A6-AA6C-507AFA9AD8A2}D:\prepar3d\prepar3d.exe] => (Allow) D:\prepar3d\prepar3d.exe (Lockheed Martin®) [File not signed]

==================== Restore Points =========================

28-02-2019 20:42:07 Installed Microsoft Visual C++ 2005 Redistributable

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/09/2019 12:18:57 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/08/2019 05:34:39 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/07/2019 11:27:15 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file D:\Prepar3D\Prepar3D.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program RogueKiller64.exe because of this error.

Program: RogueKiller64.exe
File: D:\Prepar3D\Prepar3D.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (03/07/2019 11:27:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RogueKiller64.exe, version: 13.1.7.0, time stamp: 0x5c7e45fa
Faulting module name: RogueKiller64.exe, version: 13.1.7.0, time stamp: 0x5c7e45fa
Exception code: 0xc0000006
Fault offset: 0x0000000001047791
Faulting process id: 0xb9c
Faulting application start time: 0x01d4d534bced49b3
Faulting application path: C:\Program Files\RogueKiller\RogueKiller64.exe
Faulting module path: C:\Program Files\RogueKiller\RogueKiller64.exe
Report Id: 545cb28e-942f-407d-b5e3-b48876d6c08c
Faulting package full name:
Faulting package-relative application ID:

Error: (03/07/2019 11:25:44 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file D:\Prepar3D\Prepar3D.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program RogueKiller64.exe because of this error.

Program: RogueKiller64.exe
File: D:\Prepar3D\Prepar3D.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (03/07/2019 11:25:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RogueKiller64.exe, version: 13.1.7.0, time stamp: 0x5c7e45fa
Faulting module name: RogueKiller64.exe, version: 13.1.7.0, time stamp: 0x5c7e45fa
Exception code: 0xc0000006
Fault offset: 0x0000000001047791
Faulting process id: 0x19a4
Faulting application start time: 0x01d4d53485f771b1
Faulting application path: C:\Program Files\RogueKiller\RogueKiller64.exe
Faulting module path: C:\Program Files\RogueKiller\RogueKiller64.exe
Report Id: 4e10a541-d0f6-473d-8f84-596713c94926
Faulting package full name:
Faulting package-relative application ID:

Error: (03/07/2019 06:26:58 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/06/2019 06:01:36 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (03/09/2019 01:03:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/09/2019 01:02:49 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0xffff9500bfff4010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80184078bc8). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: eeaa482f-d19f-47af-94da-3e301bc0b400.

Error: (03/09/2019 01:02:19 PM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.

Error: (03/09/2019 01:02:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:58:50 PM on ‎3/‎9/‎2019 was unexpected.

Error: (03/09/2019 12:59:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/09/2019 12:59:10 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0xffff8501e5745010, 0x00000000000000ff, 0x0000000000000000, 0xfffff80283888bc8). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 4663d24c-8958-417c-a57f-50c09da1acb7.

Error: (03/09/2019 12:58:46 PM) (Source: volmgr) (EventID: 161) (User: )
Description: Dump file creation failed due to error during dump creation.

Error: (03/09/2019 12:58:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:40:55 PM on ‎3/‎9/‎2019 was unexpected.


Windows Defender:
===================================
Date: 2018-12-27 23:25:00.792
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1883A939-7B32-4A61-8AB0-C80163BE7B07}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-27 23:07:10.640
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7498480C-3C97-41F5-96FB-B80B0919C89D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-12-27 22:20:20.188
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {33BF435B-2359-46BC-8B11-88FE5244D1A1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2019-03-09 12:58:52.852
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2019-03-08 17:31:40.566
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2019-03-07 23:27:56.751
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-07 22:35:46.150
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-03-07 18:24:08.164
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2019-03-07 18:23:56.487
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2019-03-06 17:55:39.129
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.

Date: 2019-03-05 19:42:05.841
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 41%
Total physical RAM: 8125.07 MB
Available physical RAM: 4732.99 MB
Total Virtual: 14525.07 MB
Available Virtual: 10582.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.58 GB) (Free:43.37 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:447 GB) (Free:415.14 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:175.78 GB) (Free:175.67 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:238.35 GB) (Free:218.49 GB) NTFS

\\?\Volume{26110487-6ded-4b13-b444-6663b5909f58}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{994d6c60-5330-4a71-8c8e-57eaa9798b6d}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
\\?\Volume{531cab2f-efbe-44c6-82d3-97c87fa36eba}\ () (Fixed) (Total:0.12 GB) (Free:0.12 GB) FAT32
\\?\Volume{af026bd2-7aef-474a-bc9b-c5199316c51f}\ () (Fixed) (Total:0.12 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 119.2 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 447.1 GB) (Disk ID: F03992C8)

Partition: GPT.

========================================================
Disk: 2 (Size: 238.5 GB) (Disk ID: F03992F8)

Partition: GPT.

========================================================
Disk: 3 (Size: 223.6 GB) (Disk ID: 104F104F)

Partition: GPT.

==================== End of Addition.txt ============================

 

Thank you in advance for taking the time to help me out.

 

Enrico

 


  • 0

Advertisements


#2
enrico68

enrico68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Just a quick heads up: after going through the first FRST log, I noticed that axryypog is still residing on my PC under the Temp file; I went in there but I can't see it, although according to the scan it is there, maybe concealed...I won't touch it, until you have  chance to look at my logs, and tell me how to proceed. That file, or whatever it is, is my main concern.

 

edit

 

After doing some research, I found out the file, which I eventually found under the temp folder, belongs to "GMEREK Systemy Komputerowe Przemyslaw Gmerek", as stated by FRST, but the certificate signed by Globalsign was valid from 1/2/2014 to 2/4/2015; that is likely why FRST flags it as a [file not signed]. So, RogueKiller flaged it as unsafe, but it is a false positive...Am I right?


Edited by enrico68, 09 March 2019 - 10:56 AM.

  • 0

#3
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 479 posts
Welcome to the Geeks To Go malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, uninstall it before proceeding.
  • If you don't respond to your topic in 4 days, it will be closed. You can have it reopened by contacting me or any staff member by pm with the address of the thread.
  • If you have questions about anything, please ask.
--------------------

That file is related to GMER:

U3 axryypog; C:\Users\erpino\AppData\Local\Temp\axryypog.sys [56584 2019-03-07] (GMEREK Systemy Komputerowe Przemyslaw Gmerek -> GMER) [File not signed]

Please run this FRST script to clean up some "orphaned" entries and scan a file at VirusTotal.


Highlight the contents of the below code box and press Ctrl + C:
Start::

EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
VirusTotal: C:\65cf4439-6c3c-425b-8640-4d77bc17d7aa.index

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
When the fix is complete the tool will create a log (Fixlog.txt) in the same directory it was run from.
Copy and paste the contents of Fixlog.txt into your next reply.
  • 0

#4
enrico68

enrico68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 09.03.2019 01
Ran by erpino (10-03-2019 11:31:55) Run:1
Running from C:\Users\erpino\Desktop
Loaded Profiles: erpino (Available Profiles: erpino)
Boot Mode: Normal
==============================================

fixlist content:
*****************
EmptyTemp:
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
VirusTotal: C:\65cf4439-6c3c-425b-8640-4d77bc17d7aa.index

*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
VirusTotal: C:\65cf4439-6c3c-425b-8640-4d77bc17d7aa.index => https://www.virustot...sis/1552213890/

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 65987773 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 892118 B
Edge => 17501 B
Chrome => 0 B
Firefox => 102123189 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1784 B
LocalService => 0 B
NetworkService => 3068 B
NetworkService => 0 B
erpino => 24832132 B

RecycleBin => 66336192 B
EmptyTemp: => 258.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:32:09 ====


  • 0

#5
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 479 posts
Hi,

Just to err on the side of caution, please run this ESET Online Scan.

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.

  • 0

#6
enrico68

enrico68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

3/10/2019 18:40:45 PM
Files scanned: 293327
Infected files: 0
Cleaned threats: 0
Total scan time: 00:21:32
Scan status: Finished
 


  • 0

#7
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 479 posts

Hi,

If all is well:

Uninstall FRST

  • Right-click on FRST/FRST64, and select Rename.
  • Rename it to Uninstall.exe and press Enter on your keyboard.
  • Double-click on Uninstall.exe. Your computer will restart, and allow it to do so. FRST will now uninstall.

---------------------

Here are some tips to keep your computer safe on the Internet:

Keep your antivirus up to date and enabled. If you use Windows 8.1 or 10, using Windows Defender is sufficient protection. However, if you use Windows 7, running an antivirus is recommended. Some good AVs are Microsoft Security Essentials, BitDefender, or Kaspersky.

Keep your Windows operating system up to date. Make sure the Automatic Updates feature on your computer is enabled, so Windows can install updates automatically and keep your system up to date. Additionally, make sure to keep your third party software (such as Java, Adobe Flash, and Web browsers) up to date as well.

Use secure passwords. Make sure your passwords are complex and difficult to guess. There are password managers (for example, Bitwarden) that can help you keep track of your passwords and use secure passwords. Make sure to use a different password at every website that requires a login.

Don't download attachments without knowing what they are. Do not download any email attachments that end with an extension of .exe, .pif, .com, or .bat. When downloading third party software, make sure to download it from the developer. Also, un-check offers of additional software when installing some software you want.

I do not recommend you use "Peer-to-Peer" file sharing (P2P) programs. This is an easy way to get your computer infected, almost as easy as intentionally infecting your computer.
Avoid pirated/"cracked" software. Like using P2P applications, there is a high risk of infecting your computer.

Here are some guides for you to read about keeping your computer safe -

Keep your computer safe on the Internet

Answers to common security questions

If you ever have any malware infections on your computer (hopefully not) you can always come back here for help.

Safe surfing! :wave:


  • 0

#8
enrico68

enrico68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hello iMacg3,

 

first off, many thanks for your support, much appreciated, particularly considering that you do this as a volunteer. As a matter of fact, I have got one more question for you: how hard is it to become a malware helper? It is something that I find interesting, and I would like to learn, but what is stopping me is the fact that maybe I do not have the right set of mind, and I would only waste people's time and eventually piss everybody off. One more thing that is making me wait is the fact the material to study is quite large, but mostrly the fact that it is maybe scattered all over the place, as I am sure there is no manual per se, but it is up to the student to wade through a lot of information, and try to make sense of it all. What is the average time it takes to finally become a helper, and how many hours did you invest daily when you were a trainee? You are more than welcome to  pm me if you would like, and, again, a big thank you! 

 

Enrico  :spoton:


Edited by enrico68, 11 March 2019 - 06:00 AM.

  • 0

#9
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 479 posts
Hi,

Glad we could help. :thumbsup:

If you are interested in becoming a helper, here is the list of training programs:

GeekU at Geeks to Go
Study Hall at Bleeping Computer
MRU at Malware Removal
The Boot Camp at SpywareInfo

Generally, the training takes a year or more. It depends on your skill level, the amount of time you have to spend on the program, etc.
  • 0

#10
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 479 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP