Unwanted Ads (Continued)

**ken545** · 2013-11-06, 23:05

Go ahead and run this program, with the amount of garbage found so far there may be more to remove

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**ramping** · 2013-11-07, 15:54

Unfortunately, I was unable to run ComboFix, because the instructions for temporarily-disabling Spybot were apparently outdated.

I use:

Spybot

version: 2.2.21.0
Start Center: 2.2.21.129

As a result, I did not know how to temporarily disable my Spybot.

- r

**ken545** · 2013-11-07, 16:16

Have you tried it this way
http://www.safer-networking.org/faq/...d-temporarily/

**ramping** · 2013-11-07, 17:50

1. I appear to have been able to find the proper Spybot disable instructions, for v. 2.

2. I notice that, under: "Other Running Processes" (below), there is a reference to "c:\windows\SysWOW64\java.exe".

Yet, I thought "java.exe" was a bogus program, because after I tried installing it a few days ago, it took me to a page which said: "Oops. The program did not do what you were expecting." Or something like that. After which, 171 problem programs where found on my machine and it was incurring many difficulties.

I notice that "java.exe" is no longer in my "Downloads" directory.

3. Acting on advice, from Avast!, this morning, I updated "java", from v. 6 to v. 7. After which, I checked the version via my control panel and it said Oracle plus v. 7. So, I'm assuming that the process, this time, was legit.

4. ComboFix:

ComboFix 13-11-04.01 - Wheelsup Club 11/07/2013 10:58:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5872.2640 [GMT -5:00]
Running from: c:\users\Wheelsup Club\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\downloader.exe
c:\users\Wheelsup Club\Documents\QPW0001.TMP
c:\users\Wheelsup Club\Documents\QPW0002.TMP
c:\users\Wheelsup Club\Documents\QPW0003.TMP
c:\users\Wheelsup Club\Documents\QPW0004.TMP
c:\users\Wheelsup Club\Documents\QPW0005.TMP
c:\users\Wheelsup Club\Documents\QPW0006.TMP
c:\users\Wheelsup Club\Documents\QPW0007.TMP
c:\users\Wheelsup Club\Documents\QPW0008.TMP
c:\users\Wheelsup Club\Documents\QPW0009.TMP
c:\users\Wheelsup Club\Documents\QPW0010.TMP
c:\users\Wheelsup Club\Documents\QPW0011.TMP
c:\users\Wheelsup Club\Documents\QPW0012.TMP
c:\users\Wheelsup Club\Documents\QPW0013.TMP
c:\users\Wheelsup Club\Documents\QPW0014.TMP
c:\users\Wheelsup Club\Documents\QPW0015.TMP
c:\users\Wheelsup Club\Documents\QPW0016.TMP
c:\users\Wheelsup Club\Documents\QPW0017.TMP
c:\users\Wheelsup Club\Documents\QPW0018.TMP
c:\users\Wheelsup Club\Documents\QPW0019.TMP
c:\users\Wheelsup Club\Documents\QPW0020.TMP
c:\users\Wheelsup Club\Documents\QPW0021.TMP
c:\users\Wheelsup Club\Documents\QPW0022.TMP
c:\users\Wheelsup Club\Documents\QPW0023.TMP
c:\users\Wheelsup Club\Documents\QPW0024.TMP
c:\users\Wheelsup Club\Documents\QPW0025.TMP
c:\users\Wheelsup Club\Documents\QPW0026.TMP
c:\users\Wheelsup Club\Documents\QPW0027.TMP
c:\users\Wheelsup Club\Documents\QPW0028.TMP
c:\users\Wheelsup Club\Documents\QPW0029.TMP
c:\users\Wheelsup Club\Documents\QPW0030.TMP
c:\users\Wheelsup Club\Documents\QPW0031.TMP
c:\users\Wheelsup Club\Documents\QPW0032.TMP
c:\users\Wheelsup Club\Documents\QPW0033.TMP
c:\users\Wheelsup Club\Documents\QPW0034.TMP
c:\users\Wheelsup Club\Documents\QPW0035.TMP
c:\users\Wheelsup Club\Documents\QPW0036.TMP
c:\users\Wheelsup Club\Documents\QPW0037.TMP
c:\users\Wheelsup Club\Documents\QPW0038.TMP
c:\users\Wheelsup Club\Documents\QPW0039.TMP
c:\users\Wheelsup Club\Documents\QPW0040.TMP
c:\users\Wheelsup Club\Documents\QPW0041.TMP
c:\users\Wheelsup Club\Documents\QPW0042.TMP
c:\users\Wheelsup Club\Documents\QPW0043.TMP
c:\users\Wheelsup Club\Documents\QPW0044.TMP
c:\users\Wheelsup Club\Documents\QPW0045.TMP
c:\users\Wheelsup Club\Documents\QPW0046.TMP
c:\users\Wheelsup Club\Documents\QPW0047.TMP
c:\users\Wheelsup Club\Documents\QPW0048.TMP
c:\users\Wheelsup Club\Documents\QPW0049.TMP
c:\users\Wheelsup Club\Documents\QPW0050.TMP
c:\users\Wheelsup Club\Documents\QPW0051.TMP
c:\users\Wheelsup Club\Documents\QPW0052.TMP
c:\users\Wheelsup Club\Documents\QPW0053.TMP
c:\users\Wheelsup Club\Documents\QPW0054.TMP
c:\users\Wheelsup Club\Documents\QPW0055.TMP
c:\users\Wheelsup Club\Documents\QPW0056.TMP
c:\users\Wheelsup Club\Documents\QPW0057.TMP
c:\users\Wheelsup Club\Documents\QPW0058.TMP
c:\users\Wheelsup Club\Documents\QPW0059.TMP
c:\users\Wheelsup Club\Documents\QPW0060.TMP
c:\users\Wheelsup Club\Documents\QPW0061.TMP
c:\users\Wheelsup Club\Documents\QPW0062.TMP
c:\users\Wheelsup Club\Documents\QPW0063.TMP
c:\users\Wheelsup Club\Documents\QPW0064.TMP
c:\users\Wheelsup Club\Documents\QPW0065.TMP
c:\users\Wheelsup Club\Documents\QPW0066.TMP
c:\users\Wheelsup Club\Documents\QPW0067.TMP
c:\users\Wheelsup Club\Documents\QPW0068.TMP
c:\users\Wheelsup Club\Documents\QPW0069.TMP
c:\users\Wheelsup Club\Documents\QPW0070.TMP
c:\users\Wheelsup Club\Documents\QPW0071.TMP
c:\users\Wheelsup Club\Documents\QPW0072.TMP
c:\users\Wheelsup Club\Documents\QPW0073.TMP
c:\users\Wheelsup Club\Documents\QPW0074.TMP
c:\users\Wheelsup Club\Documents\QPW0075.TMP
c:\users\Wheelsup Club\Documents\QPW0076.TMP
c:\users\Wheelsup Club\Documents\QPW0077.TMP
c:\users\Wheelsup Club\Documents\QPW0078.TMP
c:\users\Wheelsup Club\Documents\QPW0079.TMP
c:\users\Wheelsup Club\Documents\QPW0080.TMP
c:\users\Wheelsup Club\Documents\QPW0081.TMP
c:\users\Wheelsup Club\Documents\QPW0082.TMP
c:\users\Wheelsup Club\Documents\QPW0083.TMP
c:\users\Wheelsup Club\Documents\QPW0084.TMP
c:\users\Wheelsup Club\Documents\QPW0085.TMP
c:\users\Wheelsup Club\Documents\QPW0086.TMP
c:\users\Wheelsup Club\Documents\QPW0087.TMP
c:\users\Wheelsup Club\Documents\QPW0088.TMP
c:\users\Wheelsup Club\Documents\QPW0089.TMP
c:\users\Wheelsup Club\Documents\QPW0090.TMP
c:\users\Wheelsup Club\Documents\QPW0091.TMP
c:\users\Wheelsup Club\Documents\QPW0092.TMP
c:\users\Wheelsup Club\Documents\QPW0093.TMP
c:\users\Wheelsup Club\Documents\QPW0094.TMP
c:\users\Wheelsup Club\Documents\QPW0095.TMP
c:\users\Wheelsup Club\Documents\QPW0096.TMP
c:\users\Wheelsup Club\Documents\QPW0097.TMP
c:\users\Wheelsup Club\Documents\QPW0098.TMP
c:\users\Wheelsup Club\Documents\QPW0099.TMP
c:\users\Wheelsup Club\Documents\QPW0100.TMP
c:\users\Wheelsup Club\Documents\QPW0101.TMP
c:\users\Wheelsup Club\Documents\QPW0102.TMP
c:\users\Wheelsup Club\Documents\QPW0103.TMP
c:\users\Wheelsup Club\Documents\QPW0104.TMP
c:\users\Wheelsup Club\Documents\QPW0105.TMP
c:\users\Wheelsup Club\Documents\QPW0106.TMP
c:\users\Wheelsup Club\Documents\QPW0107.TMP
c:\users\Wheelsup Club\Documents\QPW0108.TMP
c:\users\Wheelsup Club\Documents\QPW0109.TMP
c:\users\Wheelsup Club\Documents\QPW0110.TMP
c:\users\Wheelsup Club\Documents\QPW0111.TMP
c:\users\Wheelsup Club\Documents\QPW0112.TMP
c:\users\Wheelsup Club\Documents\QPW0113.TMP
c:\users\Wheelsup Club\Documents\QPW0114.TMP
c:\users\Wheelsup Club\Documents\QPW0115.TMP
c:\users\Wheelsup Club\Documents\QPW0116.TMP
c:\users\Wheelsup Club\Documents\QPW0117.TMP
c:\users\Wheelsup Club\Documents\QPW0118.TMP
c:\users\Wheelsup Club\Documents\QPW0119.TMP
c:\users\Wheelsup Club\Documents\QPW0120.TMP
c:\users\Wheelsup Club\Documents\QPW0121.TMP
c:\users\Wheelsup Club\Documents\QPW0122.TMP
c:\users\Wheelsup Club\Documents\QPW0123.TMP
c:\users\Wheelsup Club\Documents\QPW0124.TMP
c:\users\Wheelsup Club\Documents\QPW0125.TMP
c:\users\Wheelsup Club\Documents\QPW0126.TMP
c:\users\Wheelsup Club\Documents\QPW0127.TMP
c:\users\Wheelsup Club\Documents\QPW0128.TMP
c:\users\Wheelsup Club\Documents\QPW0129.TMP
c:\users\Wheelsup Club\Documents\QPW0130.TMP
c:\users\Wheelsup Club\Documents\QPW0131.TMP
c:\users\Wheelsup Club\Documents\QPW0132.TMP
c:\users\Wheelsup Club\Documents\QPW0133.TMP
c:\users\Wheelsup Club\Documents\QPW0134.TMP
c:\users\Wheelsup Club\Documents\QPW0135.TMP
c:\users\Wheelsup Club\Documents\QPW0136.TMP
c:\users\Wheelsup Club\Documents\QPW0137.TMP
c:\users\Wheelsup Club\Documents\QPW0138.TMP
c:\users\Wheelsup Club\Documents\QPW0139.TMP
c:\users\Wheelsup Club\Documents\QPW0140.TMP
c:\users\Wheelsup Club\Documents\QPW0141.TMP
c:\users\Wheelsup Club\Documents\QPW0142.TMP
c:\users\Wheelsup Club\Documents\QPW0143.TMP
c:\users\Wheelsup Club\Documents\QPW0144.TMP
c:\users\Wheelsup Club\Documents\QPW0145.TMP
c:\users\Wheelsup Club\Documents\QPW0146.TMP
c:\users\Wheelsup Club\Documents\QPW0147.TMP
c:\users\Wheelsup Club\Documents\QPW0148.TMP
c:\users\Wheelsup Club\Documents\QPW0149.TMP
c:\users\Wheelsup Club\Documents\QPW0150.TMP
c:\users\Wheelsup Club\Documents\QPW0151.TMP
c:\users\Wheelsup Club\Documents\QPW0152.TMP
c:\users\Wheelsup Club\Documents\QPW0153.TMP
c:\users\Wheelsup Club\Documents\QPW0154.TMP
c:\users\Wheelsup Club\Documents\QPW0155.TMP
c:\users\Wheelsup Club\Documents\QPW0156.TMP
c:\users\Wheelsup Club\Documents\QPW0157.TMP
c:\users\Wheelsup Club\Documents\QPW0158.TMP
c:\users\Wheelsup Club\Documents\QPW0159.TMP
c:\users\Wheelsup Club\Documents\QPW0160.TMP
c:\users\Wheelsup Club\Documents\QPW0161.TMP
c:\users\Wheelsup Club\Documents\QPW0162.TMP
c:\users\Wheelsup Club\Documents\QPW0163.TMP
c:\users\Wheelsup Club\Documents\QPW0164.TMP
c:\users\Wheelsup Club\Documents\QPW0165.TMP
c:\users\Wheelsup Club\Documents\QPW0166.TMP
c:\users\Wheelsup Club\Documents\QPW0167.TMP
c:\users\Wheelsup Club\Documents\QPW0168.TMP
c:\users\Wheelsup Club\Documents\QPW0169.TMP
c:\users\Wheelsup Club\Documents\QPW0170.TMP
c:\users\Wheelsup Club\Documents\QPW0171.TMP
c:\users\Wheelsup Club\Documents\QPW0172.TMP
c:\users\Wheelsup Club\Documents\QPW0173.TMP
c:\users\Wheelsup Club\Documents\QPW0174.TMP
c:\users\Wheelsup Club\Documents\QPW0175.TMP
c:\users\Wheelsup Club\Documents\QPW0176.TMP
c:\users\Wheelsup Club\Documents\QPW0177.TMP
c:\users\Wheelsup Club\Documents\QPW0178.TMP
c:\users\Wheelsup Club\Documents\QPW0179.TMP
c:\users\Wheelsup Club\Documents\QPW0180.TMP
c:\users\Wheelsup Club\Documents\QPW0181.TMP
c:\users\Wheelsup Club\Documents\QPW0182.TMP
c:\users\Wheelsup Club\Documents\QPW0183.TMP
c:\users\Wheelsup Club\Documents\QPW0184.TMP
c:\users\Wheelsup Club\Documents\QPW0185.TMP
c:\users\Wheelsup Club\Documents\QPW0186.TMP
c:\users\Wheelsup Club\Documents\QPW0187.TMP
c:\users\Wheelsup Club\Documents\QPW0188.TMP
c:\users\Wheelsup Club\Documents\QPW0189.TMP
c:\users\Wheelsup Club\Documents\QPW0190.TMP
c:\users\Wheelsup Club\Documents\QPW0191.TMP
c:\users\Wheelsup Club\Documents\QPW0192.TMP
c:\users\Wheelsup Club\Documents\QPW0193.TMP
c:\users\Wheelsup Club\Documents\QPW0194.TMP
c:\users\Wheelsup Club\Documents\QPW0195.TMP
c:\users\Wheelsup Club\Documents\QPW0196.TMP
c:\users\Wheelsup Club\Documents\QPW0197.TMP
c:\users\Wheelsup Club\Documents\QPW0198.TMP
c:\users\Wheelsup Club\Documents\QPW0199.TMP
c:\users\Wheelsup Club\Documents\QPW0200.TMP
c:\users\Wheelsup Club\Documents\QPW0201.TMP
c:\users\Wheelsup Club\Documents\QPW0202.TMP
c:\users\Wheelsup Club\Documents\QPW0203.TMP
c:\users\Wheelsup Club\Documents\QPW0204.TMP
c:\users\Wheelsup Club\Documents\QPW0205.TMP
c:\users\Wheelsup Club\Documents\QPW0206.TMP
c:\users\Wheelsup Club\Documents\QPW0207.TMP
c:\users\Wheelsup Club\Documents\QPW0208.TMP
c:\users\Wheelsup Club\Documents\QPW0209.TMP
c:\users\Wheelsup Club\Documents\QPW0210.TMP
c:\users\Wheelsup Club\Documents\QPW0211.TMP
c:\users\Wheelsup Club\Documents\QPW0212.TMP
c:\users\Wheelsup Club\Documents\QPW0213.TMP
c:\users\Wheelsup Club\Documents\QPW0214.TMP
c:\users\Wheelsup Club\Documents\QPW0215.TMP
c:\users\Wheelsup Club\Documents\QPW0216.TMP
c:\users\Wheelsup Club\Documents\QPW0217.TMP
c:\users\Wheelsup Club\Documents\QPW0218.TMP
c:\users\Wheelsup Club\Documents\QPW0219.TMP
c:\users\Wheelsup Club\Documents\QPW0220.TMP
c:\users\Wheelsup Club\Documents\QPW0221.TMP
c:\users\Wheelsup Club\Documents\QPW0222.TMP
c:\users\Wheelsup Club\Documents\QPW0223.TMP
c:\users\Wheelsup Club\Documents\QPW0224.TMP
c:\users\Wheelsup Club\Documents\QPW0225.TMP
c:\users\Wheelsup Club\Documents\QPW0226.TMP
c:\users\Wheelsup Club\Documents\QPW0227.TMP
c:\users\Wheelsup Club\Documents\QPW0228.TMP
c:\users\Wheelsup Club\Documents\QPW0229.TMP
c:\users\Wheelsup Club\Documents\QPW0230.TMP
c:\users\Wheelsup Club\Documents\QPW0231.TMP
c:\users\Wheelsup Club\Documents\QPW0232.TMP
c:\users\Wheelsup Club\Documents\QPW0233.TMP
c:\users\Wheelsup Club\Documents\QPW0234.TMP
c:\users\Wheelsup Club\Documents\QPW0235.TMP
c:\users\Wheelsup Club\Documents\QPW0236.TMP
c:\users\Wheelsup Club\Documents\QPW0237.TMP
c:\users\Wheelsup Club\Documents\QPW0238.TMP
c:\users\Wheelsup Club\Documents\QPW0239.TMP
c:\users\Wheelsup Club\Documents\QPW0240.TMP
c:\users\Wheelsup Club\Documents\QPW0241.TMP
c:\users\Wheelsup Club\Documents\QPW0242.TMP
c:\users\Wheelsup Club\Documents\QPW0243.TMP
c:\users\Wheelsup Club\Documents\QPW0244.TMP
c:\users\Wheelsup Club\Documents\QPW0245.TMP
c:\users\Wheelsup Club\Documents\QPW0246.TMP
c:\users\Wheelsup Club\Documents\QPW0247.TMP
c:\users\Wheelsup Club\Documents\QPW0248.TMP
c:\users\Wheelsup Club\Documents\QPW0249.TMP
c:\users\Wheelsup Club\Documents\QPW0250.TMP
c:\users\Wheelsup Club\Documents\QPW0251.TMP
c:\users\Wheelsup Club\Documents\QPW0252.TMP
c:\users\Wheelsup Club\Documents\QPW0253.TMP
c:\users\Wheelsup Club\Documents\QPW0254.TMP
c:\users\Wheelsup Club\Documents\QPW0255.TMP
c:\users\Wheelsup Club\Documents\QPW0256.TMP
c:\users\Wheelsup Club\Documents\QPW0257.TMP
c:\users\Wheelsup Club\Documents\QPW0258.TMP
c:\users\Wheelsup Club\Documents\QPW0259.TMP
c:\users\Wheelsup Club\Documents\QPW0260.TMP
c:\users\Wheelsup Club\Documents\QPW0261.TMP
c:\users\Wheelsup Club\Documents\QPW0262.TMP
c:\users\Wheelsup Club\Documents\QPW0263.TMP
c:\users\Wheelsup Club\Documents\QPW0264.TMP
c:\users\Wheelsup Club\Documents\QPW0265.TMP
c:\users\Wheelsup Club\Documents\QPW0266.TMP
c:\users\Wheelsup Club\Documents\QPW0267.TMP
c:\users\Wheelsup Club\Documents\QPW0268.TMP
c:\users\Wheelsup Club\Documents\QPW0269.TMP
c:\users\Wheelsup Club\Documents\QPW0270.TMP
c:\users\Wheelsup Club\Documents\QPW0271.TMP
c:\users\Wheelsup Club\Documents\QPW0272.TMP
c:\users\Wheelsup Club\Documents\QPW0273.TMP
c:\users\Wheelsup Club\Documents\QPW0274.TMP
c:\users\Wheelsup Club\Documents\QPW0275.TMP
c:\users\Wheelsup Club\Documents\QPW0276.TMP
c:\users\Wheelsup Club\Documents\QPW0277.TMP
c:\users\Wheelsup Club\Documents\QPW0278.TMP
c:\users\Wheelsup Club\Documents\QPW0279.TMP
c:\users\Wheelsup Club\Documents\QPW0280.TMP
c:\users\Wheelsup Club\Documents\QPW0281.TMP
c:\users\Wheelsup Club\Documents\QPW0282.TMP
c:\users\Wheelsup Club\Documents\QPW0283.TMP
c:\users\Wheelsup Club\Documents\QPW0284.TMP
c:\users\Wheelsup Club\Documents\QPW0285.TMP
c:\users\Wheelsup Club\Documents\QPW0286.TMP
c:\users\Wheelsup Club\Documents\QPW0287.TMP
c:\users\Wheelsup Club\Documents\QPW0288.TMP
c:\users\Wheelsup Club\Documents\QPW0289.TMP
c:\users\Wheelsup Club\Documents\QPW0290.TMP
c:\users\Wheelsup Club\Documents\QPW0291.TMP
c:\users\Wheelsup Club\Documents\QPW0292.TMP
c:\users\Wheelsup Club\Documents\QPW0293.TMP
c:\users\Wheelsup Club\Documents\QPW0294.TMP
c:\users\Wheelsup Club\Documents\QPW0295.TMP
c:\users\Wheelsup Club\Documents\QPW0296.TMP
c:\users\Wheelsup Club\Documents\QPW0297.TMP
c:\users\Wheelsup Club\Documents\QPW0298.TMP
c:\users\Wheelsup Club\Documents\QPW0299.TMP
c:\users\Wheelsup Club\Documents\QPW0300.TMP
c:\users\Wheelsup Club\Documents\QPW0301.TMP
c:\users\Wheelsup Club\Documents\QPW0302.TMP
c:\users\Wheelsup Club\Documents\QPW0303.TMP
c:\users\Wheelsup Club\Documents\QPW0304.TMP
c:\users\Wheelsup Club\Documents\QPW0305.TMP
c:\users\Wheelsup Club\Documents\QPW0306.TMP
c:\users\Wheelsup Club\Documents\QPW0307.TMP
c:\users\Wheelsup Club\Documents\QPW0308.TMP
c:\users\Wheelsup Club\Documents\QPW0309.TMP
c:\users\Wheelsup Club\Documents\QPW0310.TMP
c:\users\Wheelsup Club\Documents\QPW0311.TMP
c:\users\Wheelsup Club\Documents\QPW0312.TMP
c:\users\Wheelsup Club\Documents\QPW0313.TMP
c:\users\Wheelsup Club\Documents\QPW0314.TMP
c:\users\Wheelsup Club\Documents\QPW0315.TMP
c:\users\Wheelsup Club\Documents\QPW0316.TMP
c:\users\Wheelsup Club\Documents\QPW0317.TMP
c:\users\Wheelsup Club\Documents\QPW0318.TMP
c:\users\Wheelsup Club\Documents\QPW0319.TMP
c:\users\Wheelsup Club\Documents\QPW0320.TMP
c:\users\Wheelsup Club\Documents\QPW0321.TMP
c:\users\Wheelsup Club\Documents\QPW0322.TMP
c:\users\Wheelsup Club\Documents\QPW0323.TMP
c:\users\Wheelsup Club\Documents\QPW0324.TMP
c:\users\Wheelsup Club\Documents\QPW0325.TMP
c:\users\Wheelsup Club\Documents\QPW0326.TMP
c:\users\Wheelsup Club\Documents\QPW0327.TMP
c:\users\Wheelsup Club\Documents\QPW0328.TMP
c:\users\Wheelsup Club\Documents\QPW0329.TMP
c:\users\Wheelsup Club\Documents\QPW0330.TMP
c:\users\Wheelsup Club\Documents\QPW0331.TMP
c:\users\Wheelsup Club\Documents\QPW0332.TMP
c:\users\Wheelsup Club\Documents\QPW0333.TMP
c:\users\Wheelsup Club\Documents\QPW0334.TMP
c:\users\Wheelsup Club\Documents\QPW0335.TMP
c:\users\Wheelsup Club\Documents\QPW0336.TMP
c:\users\Wheelsup Club\Documents\QPW0337.TMP
c:\users\Wheelsup Club\Documents\QPW0338.TMP
c:\users\Wheelsup Club\Documents\QPW0339.TMP
c:\users\Wheelsup Club\Documents\QPW0340.TMP
c:\users\Wheelsup Club\Documents\QPW0341.TMP
c:\users\Wheelsup Club\Documents\QPW0342.TMP
c:\users\Wheelsup Club\Documents\QPW0343.TMP
c:\users\Wheelsup Club\Documents\QPW0344.TMP
c:\users\Wheelsup Club\Documents\QPW0345.TMP
c:\users\Wheelsup Club\Documents\QPW0346.TMP
c:\users\Wheelsup Club\Documents\QPW0347.TMP
c:\users\Wheelsup Club\Documents\QPW0348.TMP
c:\users\Wheelsup Club\Documents\QPW0349.TMP
c:\users\Wheelsup Club\Documents\QPW0350.TMP
c:\users\Wheelsup Club\Documents\QPW0351.TMP
c:\users\Wheelsup Club\Documents\QPW0352.TMP
c:\users\Wheelsup Club\Documents\QPW0353.TMP
c:\users\Wheelsup Club\Documents\QPW0354.TMP
c:\users\Wheelsup Club\Documents\QPW0355.TMP
c:\users\Wheelsup Club\Documents\QPW0356.TMP
c:\users\Wheelsup Club\Documents\QPW0357.TMP
c:\users\Wheelsup Club\Documents\QPW0358.TMP
c:\users\Wheelsup Club\Documents\QPW0359.TMP
c:\users\Wheelsup Club\Documents\QPW0360.TMP
c:\users\Wheelsup Club\Documents\QPW0361.TMP
c:\users\Wheelsup Club\Documents\QPW0362.TMP
c:\users\Wheelsup Club\Documents\QPW0363.TMP
c:\users\Wheelsup Club\Documents\QPW0364.TMP
c:\users\Wheelsup Club\Documents\QPW0365.TMP
c:\users\Wheelsup Club\Documents\QPW0366.TMP
c:\users\Wheelsup Club\Documents\QPW0367.TMP
c:\users\Wheelsup Club\Documents\QPW0368.TMP
c:\users\Wheelsup Club\Documents\QPW0369.TMP
c:\users\Wheelsup Club\Documents\QPW0370.TMP
c:\users\Wheelsup Club\Documents\QPW0371.TMP
c:\users\Wheelsup Club\Documents\QPW0372.TMP
c:\users\Wheelsup Club\Documents\QPW0373.TMP
c:\users\Wheelsup Club\Documents\QPW0374.TMP
c:\users\Wheelsup Club\Documents\QPW0375.TMP
c:\users\Wheelsup Club\Documents\QPW0376.TMP
c:\users\Wheelsup Club\Documents\QPW0377.TMP
c:\users\Wheelsup Club\Documents\QPW0378.TMP
c:\users\Wheelsup Club\Documents\QPW0379.TMP
c:\users\Wheelsup Club\Documents\QPW0380.TMP
c:\users\Wheelsup Club\Documents\QPW0381.TMP
c:\users\Wheelsup Club\Documents\QPW0382.TMP
c:\users\Wheelsup Club\Documents\QPW0383.TMP
c:\users\Wheelsup Club\Documents\QPW0384.TMP
c:\users\Wheelsup Club\Documents\QPW0385.TMP
c:\users\Wheelsup Club\Documents\QPW0386.TMP
c:\users\Wheelsup Club\Documents\QPW0387.TMP
c:\users\Wheelsup Club\Documents\QPW0388.TMP
c:\users\Wheelsup Club\Documents\QPW0389.TMP
c:\users\Wheelsup Club\Documents\QPW0390.TMP
c:\users\Wheelsup Club\Documents\QPW0391.TMP
c:\users\Wheelsup Club\Documents\QPW0392.TMP
c:\users\Wheelsup Club\Documents\QPW0393.TMP
c:\users\Wheelsup Club\Documents\QPW0394.TMP
c:\users\Wheelsup Club\Documents\QPW0395.TMP
c:\users\Wheelsup Club\Documents\QPW0396.TMP
c:\users\Wheelsup Club\Documents\QPW0397.TMP
c:\users\Wheelsup Club\Documents\QPW0398.TMP
c:\users\Wheelsup Club\Documents\QPW0399.TMP
c:\users\Wheelsup Club\Documents\QPW0400.TMP
c:\users\Wheelsup Club\Documents\QPW0401.TMP
c:\users\Wheelsup Club\Documents\QPW0402.TMP
c:\users\Wheelsup Club\Documents\QPW0403.TMP
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_Uvnc_service
.
.
((((((((((((((((((((((((( Files Created from 2013-10-07 to 2013-11-07 )))))))))))))))))))))))))))))))
.
.
2013-11-07 16:11 . 2013-11-07 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-07 15:06 . 2013-11-07 15:06 -------- d-----w- c:\programdata\Oracle
2013-11-07 15:05 . 2013-11-07 15:04 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-05 19:11 . 2013-11-05 19:11 -------- d-----w- c:\users\Wheelsup Club\AppData\Roaming\Malwarebytes
2013-11-05 19:11 . 2013-11-05 19:11 -------- d-----w- c:\programdata\Malwarebytes
2013-11-05 19:11 . 2013-11-05 19:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-05 19:11 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-05 15:03 . 2013-11-06 13:43 -------- d-----w- c:\users\Wheelsup Club\AppData\Local\FileTypeAssistant
2013-11-05 14:17 . 2013-11-05 14:17 -------- d-----w- c:\windows\ERUNT
2013-11-05 02:54 . 2013-11-05 02:56 -------- d-----w- C:\AdwCleaner
2013-11-03 12:18 . 2013-11-03 12:18 -------- d-----w- c:\users\Wheelsup Club\AppData\Roaming\AVAST Software
2013-11-03 12:17 . 2013-11-06 16:14 409832 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-11-03 12:17 . 2013-11-03 12:16 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-03 12:17 . 2013-11-03 12:16 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-03 12:17 . 2013-11-03 12:16 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-03 12:17 . 2013-11-03 12:16 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-03 12:17 . 2013-11-03 12:16 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-03 12:17 . 2013-11-03 12:16 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-03 12:17 . 2013-11-03 12:16 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-03 12:17 . 2013-11-03 12:16 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-03 12:16 . 2013-11-03 12:16 43152 ----a-w- c:\windows\avastSS.scr
2013-11-03 12:15 . 2013-11-03 12:15 -------- d-----w- c:\program files\AVAST Software
2013-11-03 12:10 . 2013-11-03 12:10 -------- d-----w- c:\programdata\AVAST Software
2013-11-02 02:52 . 2013-11-02 02:53 -------- d-----w- c:\program files (x86)\ERUNT
2013-10-31 13:22 . 2013-11-01 13:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-31 13:22 . 2013-11-01 13:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-30 13:51 . 2013-09-20 14:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2013-10-30 13:50 . 2013-10-30 13:59 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-10-29 18:41 . 2013-10-29 18:41 -------- d-----w- c:\program files\Uninstaller
2013-10-27 12:54 . 2013-10-27 12:54 -------- d-----w- c:\program files\iPod
2013-10-27 12:54 . 2013-10-27 12:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-27 12:54 . 2013-10-27 12:55 -------- d-----w- c:\program files\iTunes
2013-10-27 12:54 . 2013-10-27 12:55 -------- d-----w- c:\program files (x86)\iTunes
2013-10-24 20:31 . 2013-10-24 20:31 -------- d-----w- c:\users\Wheelsup Club\AppData\Local\FreeFileViewer
2013-10-17 15:44 . 2013-10-17 15:44 -------- d-----w- c:\program files\McAfee Security Scan
2013-10-16 12:57 . 2013-10-16 12:57 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-15 20:28 . 2013-10-15 20:28 -------- d-----w- c:\program files (x86)\Flash Movie Player
2013-10-09 17:41 . 2013-10-09 17:41 -------- d-----w- c:\users\Wheelsup Club\AppData\Roaming\DonationCoder
2013-10-09 17:41 . 2013-10-09 17:41 -------- d-----w- c:\program files (x86)\ScreenshotCaptor
2013-10-09 17:41 . 2013-10-09 17:41 -------- d-----w- c:\programdata\DonationCoder
2013-10-09 15:34 . 2013-10-09 15:45 -------- d-----w- C:\FFOutput
2013-10-09 15:33 . 2013-10-09 15:33 -------- d-----w- c:\program files (x86)\FreeTime
2013-10-09 15:14 . 2013-10-09 15:20 -------- d-----w- c:\program files (x86)\Free All to Image Jpg-Jpeg Bmp Tiff Png Converter
2013-10-09 14:14 . 2013-10-09 14:14 -------- d-----w- c:\users\Wheelsup Club\AppData\Roaming\Free-backup.info
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-19 14:03 . 2013-11-06 13:43 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8B61F3F-E95A-49BE-A2D3-ACDCE989C5F5}\gapaengine.dll
2013-10-19 14:03 . 2012-02-10 14:10 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-15 14:26 . 2013-10-15 14:26 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-14 07:12 . 2013-11-07 14:57 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46A5C5A1-0162-42DA-BFD7-690EC05BB971}\mpengine.dll
2013-10-14 07:12 . 2013-11-06 13:43 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-09 20:38 . 2011-10-28 02:18 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-08-29 01:48 . 2013-10-09 12:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-21 01:12 . 2013-08-21 01:12 4812567 ----a-w- c:\users\Wheelsup Club\FileZilla_3.7.3_win32-setup.exe
2013-08-18 03:10 . 2013-08-18 03:10 61440 ----a-r- c:\users\Wheelsup Club\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe
2013-08-18 03:08 . 2003-03-19 00:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2013-08-14 20:19 . 2013-08-14 20:19 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-08-14 01:39 . 2013-08-14 01:40 1169609 ----a-w- c:\windows\unins001.exe
2013-08-13 17:51 . 2013-08-13 17:51 4817275 ----a-w- c:\users\Wheelsup Club\FileZilla_3.7.2_win32-setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 20:34 222832 ----a-w- c:\users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 20:34 222832 ----a-w- c:\users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 20:34 222832 ----a-w- c:\users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SymphonyPreLoad"="c:\program files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony -nogui -nosplash" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-01 39408]
"Update Service"="c:\program files (x86)\Common Files\Teknum Systems\update.exe" [2012-12-12 19456]
"BIBLauncher"="c:\program files (x86)\Business-in-a-Box\BIBLauncher.exe" [2012-05-16 915248]
"VerControl"="c:\users\WHEELS~1\AppData\Local\TempImg\VerControl.exe" [2010-10-04 339968]
"Desktop iCalendar Lite.exe"="c:\program files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe" [2013-07-06 1087232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2010-05-06 609312]
"OOTag"="c:\program files (x86)\Gateway\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2013-07-23 84576]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"NapsterShell"="c:\program files (x86)\Napster\napster.exe" [2007-01-13 323216]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-28 1667072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-03 3568312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CorelCENTRAL Alarms.LNK - c:\program files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe [2012-3-24 249856]
Desktop Application Director 9.LNK - c:\program files (x86)\Corel\WordPerfect Office 2000\programs\dad9.exe [2012-3-24 233472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Corel Registration.lnk - c:\program files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe [2012-3-24 67584]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
Service Manager.lnk - c:\program files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n [2002-12-17 74308]
VistaAccess.lnk - c:\vstascan\VsAccess.exe [2012-3-30 158208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Util SaltarSmart;Util SaltarSmart;c:\program files (x86)\SaltarSmart\bin\utilSaltarSmart.exe;c:\program files (x86)\SaltarSmart\bin\utilSaltarSmart.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 debutfilter;Debut Filter Driver v6.20.00;c:\windows\system32\DRIVERS\debutfilterx64.sys;c:\windows\SYSNATIVE\DRIVERS\debutfilterx64.sys [x]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe;c:\windows\SysWOW64\GSService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys;c:\windows\SYSNATIVE\drivers\SndTAudio.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/12/15 09:45];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl;c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
S2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x]
S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys;c:\windows\SYSNATIVE\DRIVERS\bbcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys;c:\windows\SYSNATIVE\DRIVERS\rtl819xp.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-31 13:42]
.
2013-11-07 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-08-06 22:24]
.
2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 00:54]
.
2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 00:54]
.
2013-11-07 c:\windows\Tasks\WpsUpdateTask_Wheelsup Club.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2013-08-11 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 20:34 261744 ----a-w- c:\users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 20:34 261744 ----a-w- c:\users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 20:34 261744 ----a-w- c:\users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-03 12:16 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OOTag"="c:\program files (x86)\Gateway\OOBEOffer\ootag.exe" [2010-02-23 13856]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-20 9955872]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
IE: Download current page with FreshWebSuction - file://c:\program files (x86)\FreshWebmaster\FreshWebSuction\obiectx_all.htm
IE: Download using FreshWebSuction - file://c:\program files (x86)\FreshWebmaster\FreshWebSuction\obiectx.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Search Using Copernic Agent - c:\program files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: dddpl.com\www
Trusted Zone: trca.on.ca\www
TCP: DhcpNameServer = 64.71.255.204 64.71.255.198
FF - ProfilePath - c:\users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\
FF - ExtSQL: 2013-09-27 09:16; fmconverter@gmail.com; c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF - ExtSQL: 2013-11-03 07:16; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-11-03 19:44; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-11-04 21:36; adblockpopups@jessehakanen.net; c:\users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-11-04 21:40; videoresumer@jetpack; c:\users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\videoresumer@jetpack.xpi
FF - ExtSQL: 2013-11-04 21:40; vdpure@link64; c:\users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\vdpure@link64.xpi
FF - ExtSQL: 2013-11-04 21:41; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - ExtSQL: 2013-11-04 21:41; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-11-04 21:41; netvideohunter@netvideohunter.com; c:\users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\netvideohunter@netvideohunter.com
FF - ExtSQL: 2013-11-04 21:41; extension@hidemyass.com; c:\users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\extension@hidemyass.com.xpi
FF - ExtSQL: 2013-11-04 21:41; artur.dubovoy@gmail.com; c:\users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2013-11-04 21:41; YoutubeDownloader@PeterOlayev.com; c:\users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\YoutubeDownloader@PeterOlayev.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Actual Drawing - c:\program files\Actual Drawing\PY_UNINSTAL.EXE SOFTWARE\PySoft\HTML_Edit
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
AddRemove-Freecorder extension for Firefox - c:\program files (x86)\Freecorder extension\UninstallFirefoxToolbar.exe
AddRemove-IECT3298580 - c:\programdata\Conduit\IE\CT3298580\UninstallerUI.exe
AddRemove-VDC_is1 - c:\program files (x86)\Video Download Converter\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2354175475-3584804694-207632515-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2354175475-3584804694-207632515-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\java.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2013-11-07 11:22:39 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-07 16:22
.
Pre-Run: 635,885,785,088 bytes free
Post-Run: 635,353,346,048 bytes free
.
- - End Of File - - B18D12DF0571603B1F73C06245F43D86

- r

**ken545** · 2013-11-07, 19:04

Hi,

More garbage removed. I am looking at a lot of free programs, some of them fall in the grey area, most free applications come bundled with other garbage as you now can see
DonationCoder
FreeFileViewer
Bearshare
Free-backup.info

Bearshare is a file sharing site, the program itself is ok but what you download and share most times are not. The bad guys use file sharing to infect computers. Its like playing Russian roulette malwarewise. I would never allow any programs like this on any of my systems.

You can go to your Control Panel and click on Java, then to Help>About and you should have Version 7 Update 45, if not let me know

Lets take another look

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**ramping** · 2013-11-07, 21:25

1. OTL.txt:

OTL logfile created on: 11/7/2013 2:27:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wheelsup Club\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.73 Gb Total Physical Memory | 3.26 Gb Available Physical Memory | 56.88% Memory free
11.47 Gb Paging File | 8.49 Gb Available in Paging File | 74.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.73 Gb Total Space | 591.84 Gb Free Space | 64.63% Space Free | Partition Type: NTFS

Computer Name: WHEELSUPCLUB-PC | User Name: Wheelsup Club | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Wheelsup Club\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\java.exe (Oracle Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.1.20120110-2000\program\soffice.bin (IBM)
PRC - C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe ()
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\symphony.exe (IBM)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Program Files (x86)\Napster\napster.exe (Napster)
PRC - C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe (Corel Corporation Limited)
PRC - C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\dad9.exe (Corel Corporation Limited)
PRC - C:\VstaScan\VsAccess.exe (UMAX)
PRC - C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe (IntelliQuest Communications, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Users\Wheelsup Club\IBM\Lotus\Symphony\.config\org.eclipse.osgi\bundles\397\1\.cp\officebean.dll ()
MOD - C:\Users\Wheelsup Club\IBM\Lotus\Symphony\.config\org.eclipse.osgi\bundles\263\1\.cp\swtIbmWrapper.dll ()
MOD - C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.1.20120110-2000\program\libxml2.dll ()
MOD - C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.basis.system.win32_3.0.1.20120110-2000\basis\program\libxslt.dll ()
MOD - C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.basis.base.win32_3.0.1.20120110-2000\basis\program\nsldap32v50.dll ()
MOD - C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.filetype.win32.x86_3.0.1.20120110-2000\seditorReg.dll ()
MOD - C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350\os\win32\x86\comex.dll ()
MOD - C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll ()
MOD - C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.os.win32_6.2.3.20110915-1350\os\win32\x86\os.dll ()
MOD - C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\eclipse_1118.dll ()
MOD - C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\pipeserver.dll ()
MOD - C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll ()
MOD - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
MOD - C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll ()
MOD - C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
MOD - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer Group)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (GSService) -- C:\Windows\SysWOW64\GSService.exe ()
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (LinksysUpdater) -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (debutfilter) -- C:\Windows\SysNative\drivers\debutfilterx64.sys ()
DRV:64bit: - (bbcap) -- C:\Windows\SysNative\drivers\bbcap.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (SndTAudio) -- C:\Windows\SysNative\drivers\SndTAudio.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WsAudio_Device(5) -- C:\Windows\SysNative\drivers\VirtualAudio5.sys (Wondershare)
DRV:64bit: - (WsAudio_Device(4) -- C:\Windows\SysNative\drivers\VirtualAudio4.sys (Wondershare)
DRV:64bit: - (WsAudio_Device(3) -- C:\Windows\SysNative\drivers\VirtualAudio3.sys (Wondershare)
DRV:64bit: - (WsAudio_Device(2) -- C:\Windows\SysNative\drivers\VirtualAudio2.sys (Wondershare)
DRV:64bit: - (WsAudio_Device(1) -- C:\Windows\SysNative\drivers\VirtualAudio1.sys (Wondershare)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (anvsnddrv) -- C:\Windows\SysNative\drivers\anvsnddrv.sys (AnvSoft Inc.)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (rtl819xpn64) -- C:\Windows\SysNative\drivers\rtl819xp.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\drivers\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
IE - HKCU\..\SearchScopes\{C723D6C5-9428-496C-A842-6999F6652CB2}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{FE83DAC5-EAC2-470D-9158-0B74E1B2D4BE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9SE&pc=BIE9&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2012/09/26 15:40:18 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2012/09/26 15:40:18 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/10/04 07:17:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/09/27 08:16:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/03 07:16:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/17 09:06:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/08 21:27:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files (x86)\Netscape\Navigator 9\components [2013/05/26 07:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files (x86)\Netscape\Navigator 9\plugins [2013/10/08 21:27:08 | 000,000,000 | ---D | M]

[2012/12/12 14:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Extensions
[2013/10/29 13:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions
[2013/05/11 14:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\{49c53dce-afa0-49a1-a08b-2eb8e8444128}
[2013/05/11 14:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\donottrackplus@abine.com
[2013/05/11 14:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\netvideohunter@netvideohunter.com
[2013/06/20 12:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\staged
[2013/11/04 21:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions
[2013/11/04 21:41:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/11/04 21:41:47 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013/11/04 21:41:48 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\netvideohunter@netvideohunter.com
[2013/10/29 13:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\slvcv7hg.default-1353510380055\extensions
[2013/06/20 12:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\slvcv7hg.default-1353510380055\extensions\staged
[2013/10/03 15:59:46 | 000,011,342 | ---- | M] () (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\firefox@saltarsmart.biz.xpi
[2013/11/04 21:36:26 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\adblockpopups@jessehakanen.net.xpi
[2013/11/04 21:41:48 | 000,342,563 | ---- | M] () (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\artur.dubovoy@gmail.com.xpi
[2013/11/04 21:41:48 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\extension@hidemyass.com.xpi
[2013/11/04 21:40:47 | 000,041,044 | ---- | M] () (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\vdpure@link64.xpi
[2013/11/04 21:40:30 | 000,187,236 | ---- | M] () (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\videoresumer@jetpack.xpi
[2013/11/04 21:41:48 | 000,072,246 | ---- | M] () (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\extensions\YoutubeDownloader@PeterOlayev.com.xpi
[2013/10/03 15:59:46 | 000,011,342 | ---- | M] () (No name found) -- C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\slvcv7hg.default-1353510380055\extensions\firefox@saltarsmart.biz.xpi
[2013/11/01 09:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/01 09:15:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/12/15 14:55:29 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2013/11/07 11:14:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (no name) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.28.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.28.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Gateway\OOBEOffer\OOTag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [AMD AVT] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [NapsterShell] C:\Program Files (x86)\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Gateway\OOBEOffer\OOTag.exe (Microsoft)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [BIBLauncher] C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe ()
O4 - HKCU..\Run: [Desktop iCalendar Lite.exe] C:\Program Files\desksware\Desktop iCalendar Lite\Desktop iCalendar Lite.exe (Desksware)
O4 - HKCU..\Run: [Speech Recognition] C:\windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SymphonyPreLoad] "C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash File not found
O4 - HKCU..\Run: [Update Service] C:\Program Files (x86)\Common Files\Teknum Systems\update.exe (Teknum Systems AS)
O4 - HKCU..\Run: [VerControl] C:\Users\Wheelsup Club\AppData\Local\TempImg\VerControl.exe ()
O4 - Startup: C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK = C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe (Corel Corporation Limited)
O4 - Startup: C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Application Director 9.LNK = C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\dad9.exe (Corel Corporation Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download current page with FreshWebSuction - C:\Program Files (x86)\FreshWebmaster\FreshWebSuction\obiectx_all.htm ()
O8:64bit: - Extra context menu item: Download using FreshWebSuction - C:\Program Files (x86)\FreshWebmaster\FreshWebSuction\obiectx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Search Using Copernic Agent - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O8 - Extra context menu item: Download current page with FreshWebSuction - C:\Program Files (x86)\FreshWebmaster\FreshWebSuction\obiectx_all.htm ()
O8 - Extra context menu item: Download using FreshWebSuction - C:\Program Files (x86)\FreshWebmaster\FreshWebSuction\obiectx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dddpl.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: trca.on.ca ([www] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16C6E4AB-95AE-44B4-B300-BF7F85B75A16}: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A83BCC7-06FE-4C29-BFF1-A71A0A9D6DB9}: DhcpNameServer = 64.71.255.204 64.71.255.198
O18:64bit: - Protocol\Handler\copernicagent - No CLSID value found
O18:64bit: - Protocol\Handler\copernicagentcache - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/14 21:18:11 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/07 14:24:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wheelsup Club\Desktop\OTL.exe
[2013/11/07 11:14:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/11/07 10:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/07 10:05:21 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/11/07 10:05:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/11/07 10:05:14 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/11/07 10:05:14 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/11/07 10:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/07 10:04:40 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/11/07 09:44:23 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\Documents\ProcAlyzer Dumps
[2013/11/07 09:38:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/11/07 09:38:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/11/07 09:38:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/11/07 09:35:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/07 09:27:05 | 005,144,303 | R--- | C] (Swearware) -- C:\Users\Wheelsup Club\Desktop\ComboFix.exe
[2013/11/05 14:11:35 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\AppData\Roaming\Malwarebytes
[2013/11/05 14:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/05 14:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/05 14:11:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/11/05 14:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/05 10:03:52 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\AppData\Local\FileTypeAssistant
[2013/11/05 09:17:46 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/11/04 21:54:36 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/04 21:51:12 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\Desktop\GooredFix Backups
[2013/11/03 20:45:34 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\Desktop\Old Firefox Data
[2013/11/03 07:18:12 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\AppData\Roaming\AVAST Software
[2013/11/03 07:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/03 07:17:07 | 001,032,416 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/11/03 07:17:07 | 000,409,832 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2013/11/03 07:17:07 | 000,092,544 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/11/03 07:17:07 | 000,084,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/11/03 07:17:07 | 000,065,264 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/11/03 07:17:07 | 000,038,984 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/11/03 07:17:02 | 000,334,648 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/11/03 07:16:45 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/11/03 07:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/11/03 07:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/11/01 21:58:26 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\Documents\Registry Backups
[2013/11/01 21:54:13 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/11/01 21:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/01 21:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/11/01 09:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/10/31 08:22:17 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

...(Continued)

**ramping** · 2013-11-07, 21:25

(Continued)

[2013/10/31 08:22:17 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/30 08:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/10/30 08:51:03 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2013/10/30 08:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/10/29 13:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/10/27 07:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/27 07:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/27 07:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/27 07:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/10/27 07:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/24 15:31:13 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\AppData\Local\FreeFileViewer
[2013/10/19 09:33:54 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2013/10/17 10:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/10/17 10:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/10/16 07:57:03 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/10/16 06:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/10/15 15:28:55 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flash Movie Player
[2013/10/15 15:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Movie Player
[2013/10/09 15:48:56 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/10/09 15:48:55 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/10/09 15:48:54 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/10/09 15:48:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/10/09 15:48:54 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/10/09 15:48:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/09 15:48:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/10/09 15:48:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/10/09 15:48:54 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/10/09 15:48:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/10/09 15:48:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/10/09 15:48:52 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/10/09 15:48:51 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/10/09 15:48:51 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/10/09 15:48:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/10/09 12:41:57 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\AppData\Roaming\DonationCoder
[2013/10/09 12:41:55 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\Documents\DonationCoder
[2013/10/09 12:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenshotCaptor
[2013/10/09 12:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenshotCaptor
[2013/10/09 12:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DonationCoder
[2013/10/09 10:34:28 | 000,000,000 | ---D | C] -- C:\FFOutput
[2013/10/09 10:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime
[2013/10/09 10:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free All to Image Jpg-Jpeg Bmp Tiff Png Converter
[2013/10/09 09:14:33 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JustZIPit
[2013/10/09 09:14:32 | 000,000,000 | ---D | C] -- C:\Users\Wheelsup Club\AppData\Roaming\Free-backup.info
[2013/10/09 07:31:56 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
[2013/10/09 07:31:53 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2013/10/09 07:31:53 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2013/10/09 07:31:53 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll
[2013/10/09 07:31:53 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll
[2013/10/09 07:31:53 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2013/10/09 07:31:53 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll
[2013/10/09 07:31:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2013/10/09 07:31:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll
[2013/10/09 07:31:52 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013/10/09 07:31:52 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys
[2013/10/09 07:31:51 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll
[2013/10/09 07:31:49 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/10/09 07:31:48 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/10/09 07:31:48 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/10/09 07:31:48 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2013/10/09 07:31:48 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdh.dll
[2013/10/09 07:31:47 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/10/09 07:31:47 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdh.dll
[2013/10/09 07:31:46 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/10/09 07:31:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/10/09 07:31:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/10/09 07:31:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/10/09 07:31:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/10/09 07:31:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/10/09 07:31:42 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 07:31:42 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 07:31:41 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scavengeui.dll
[2013/10/09 07:31:40 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2013/10/09 07:31:40 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2013/08/20 20:12:29 | 004,812,567 | ---- | C] (Tim Kosse) -- C:\Users\Wheelsup Club\FileZilla_3.7.3_win32-setup.exe
[2013/08/13 12:51:37 | 004,817,275 | ---- | C] (Tim Kosse) -- C:\Users\Wheelsup Club\FileZilla_3.7.2_win32-setup.exe
[2013/07/15 13:44:22 | 004,815,135 | ---- | C] (FileZilla Project) -- C:\Users\Wheelsup Club\FileZilla_3.7.1_win32-setup.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Wheelsup Club\Documents\*.tmp files -> C:\Users\Wheelsup Club\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/07 14:20:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wheelsup Club\Desktop\OTL.exe
[2013/11/07 14:12:01 | 000,000,390 | ---- | M] () -- C:\windows\tasks\WpsUpdateTask_Wheelsup Club.job
[2013/11/07 14:11:29 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 14:11:29 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/07 14:02:51 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/07 13:59:16 | 000,000,674 | ---- | M] () -- C:\windows\vista32.ini
[2013/11/07 13:57:24 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/07 13:57:24 | 000,000,418 | ---- | M] () -- C:\windows\tasks\FreeFileViewerUpdateChecker.job
[2013/11/07 13:57:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/11/07 13:57:05 | 322,772,991 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/07 11:48:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/11/07 11:14:39 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/11/07 10:04:54 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/11/07 10:04:50 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/11/07 10:04:50 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/11/07 10:04:48 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/11/07 09:23:25 | 005,144,303 | R--- | M] (Swearware) -- C:\Users\Wheelsup Club\Desktop\ComboFix.exe
[2013/11/06 11:14:12 | 000,409,832 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2013/11/06 10:16:33 | 000,000,797 | ---- | M] () -- C:\windows\qpw.INI
[2013/11/06 10:16:23 | 000,201,728 | ---- | M] () -- C:\Users\Wheelsup Club\Documents\Visitors to DDDPL Website (January 23, 2009)1.qpw
[2013/11/06 10:16:12 | 000,201,728 | ---- | M] () -- C:\Users\Wheelsup Club\Documents\Visitors to DDDPL Website (January 23, 2009)2.qpw
[2013/11/05 14:11:17 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/04 21:19:53 | 000,810,974 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/04 21:19:53 | 000,681,578 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/04 21:19:53 | 000,130,288 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/03 07:17:53 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/03 07:16:47 | 001,032,416 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/11/03 07:16:47 | 000,334,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/11/03 07:16:47 | 000,205,320 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/11/03 07:16:47 | 000,084,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/11/03 07:16:47 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/11/03 07:16:47 | 000,065,264 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/11/03 07:16:47 | 000,038,984 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/11/03 07:16:46 | 000,092,544 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/11/03 07:16:45 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/11/02 10:43:22 | 000,005,057 | ---- | M] () -- C:\Users\Wheelsup Club\Documents\Attach.zip
[2013/11/01 14:28:13 | 000,003,279 | ---- | M] () -- C:\Users\Wheelsup Club\AppData\Local\recently-used.xbel
[2013/11/01 08:42:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/11/01 08:42:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/31 14:30:57 | 000,000,058 | ---- | M] () -- C:\Users\Wheelsup Club\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2013/10/31 08:18:19 | 000,001,174 | ---- | M] () -- C:\Users\Wheelsup Club\Desktop\Continue Firefox Free Download Installation.lnk
[2013/10/30 08:51:10 | 000,001,386 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/10/27 13:13:18 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/27 07:55:40 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/25 08:50:20 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2013/10/23 07:20:47 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013/10/21 15:43:32 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013/10/19 09:33:54 | 000,001,205 | ---- | M] () -- C:\Users\Wheelsup Club\Desktop\Format Factory.lnk
[2013/10/17 10:44:05 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/10/17 10:44:05 | 000,001,938 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/10/16 16:01:55 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/10/16 07:57:05 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/10/15 15:28:55 | 000,001,053 | ---- | M] () -- C:\Users\Wheelsup Club\Desktop\Flash Movie Player.lnk
[2013/10/15 15:27:26 | 000,001,149 | ---- | M] () -- C:\Users\Wheelsup Club\Desktop\Continue FLV Player Installation.lnk
[2013/10/11 09:16:03 | 000,450,642 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131027-085644.backup
[2013/10/10 06:53:40 | 001,143,400 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/10/09 15:46:02 | 000,804,698 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/10/09 15:29:08 | 000,001,058 | ---- | M] () -- C:\Users\Wheelsup Club\Desktop\Inkscape.lnk
[2013/10/09 12:41:48 | 000,001,110 | ---- | M] () -- C:\Users\Wheelsup Club\Desktop\Screenshot Captor.lnk
[2013/10/09 09:14:33 | 000,001,203 | ---- | M] () -- C:\Users\Wheelsup Club\Application Data\Microsoft\Internet Explorer\Quick Launch\JustZIPit.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Wheelsup Club\Documents\*.tmp files -> C:\Users\Wheelsup Club\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/07 09:38:58 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/11/07 09:38:58 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/11/07 09:38:58 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/11/07 09:38:58 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/11/07 09:38:58 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/11/05 14:11:17 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/03 07:17:53 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/03 07:17:07 | 000,205,320 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/11/03 07:17:07 | 000,065,776 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/11/02 10:43:22 | 000,005,057 | ---- | C] () -- C:\Users\Wheelsup Club\Documents\Attach.zip
[2013/11/01 14:28:13 | 000,003,279 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\recently-used.xbel
[2013/11/01 09:15:13 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/10/31 08:22:18 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/10/31 08:18:19 | 000,001,174 | ---- | C] () -- C:\Users\Wheelsup Club\Desktop\Continue Firefox Free Download Installation.lnk
[2013/10/30 08:51:10 | 000,001,398 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/10/30 08:51:10 | 000,001,386 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/10/27 07:55:40 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/19 09:33:54 | 000,001,205 | ---- | C] () -- C:\Users\Wheelsup Club\Desktop\Format Factory.lnk
[2013/10/15 15:28:55 | 000,001,053 | ---- | C] () -- C:\Users\Wheelsup Club\Desktop\Flash Movie Player.lnk
[2013/10/15 15:27:26 | 000,001,149 | ---- | C] () -- C:\Users\Wheelsup Club\Desktop\Continue FLV Player Installation.lnk
[2013/10/09 15:29:08 | 000,001,058 | ---- | C] () -- C:\Users\Wheelsup Club\Desktop\Inkscape.lnk
[2013/10/09 12:41:57 | 000,000,058 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2013/10/09 12:41:48 | 000,001,110 | ---- | C] () -- C:\Users\Wheelsup Club\Desktop\Screenshot Captor.lnk
[2013/10/09 09:14:33 | 000,001,203 | ---- | C] () -- C:\Users\Wheelsup Club\Application Data\Microsoft\Internet Explorer\Quick Launch\JustZIPit.lnk
[2013/08/17 22:15:59 | 000,000,000 | ---- | C] () -- C:\windows\ViewNX2.INI
[2013/08/17 22:09:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Devices
[2013/08/17 22:09:40 | 000,000,268 | RH-- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\Database
[2013/08/17 22:09:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013/08/17 22:09:40 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Echo
[2013/08/17 22:09:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dialogs
[2013/08/17 22:09:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Developer Tools
[2013/08/17 22:09:00 | 000,000,268 | RH-- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\Definition Bundle
[2013/08/17 22:09:00 | 000,000,268 | RH-- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\Dance Kit
[2013/08/17 22:09:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013/08/17 22:09:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013/08/17 22:09:00 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Electric Clav
[2013/08/17 22:08:31 | 000,000,268 | RH-- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\Distortion
[2013/08/17 22:08:31 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2013/08/17 22:08:31 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Frameworks
[2013/08/17 22:08:31 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Drums
[2013/08/13 20:40:51 | 001,169,609 | ---- | C] () -- C:\windows\unins001.exe
[2013/08/13 20:40:51 | 000,098,005 | ---- | C] () -- C:\windows\unins001.dat
[2013/05/03 12:06:07 | 000,000,050 | ---- | C] () -- C:\Users\Wheelsup Club\dlmgr_.pro
[2013/04/12 15:55:19 | 000,000,067 | ---- | C] () -- C:\windows\swf2avi.INI
[2013/04/10 13:34:56 | 000,753,873 | ---- | C] () -- C:\windows\unins000.exe
[2013/03/23 18:46:30 | 000,057,866 | ---- | C] () -- C:\windows\unins000.dat
[2013/03/22 19:36:06 | 000,001,206 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\CamStudio.Producer.ini
[2013/03/22 19:36:06 | 000,000,000 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\CamStudio.Producer.Data.ini
[2013/03/22 19:30:49 | 000,000,098 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\CamStudio.Producer.command
[2013/03/22 14:29:16 | 000,000,258 | RHS- | C] () -- C:\Users\Wheelsup Club\ntuser.pol
[2013/03/21 13:24:12 | 000,004,521 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\CamStudio.cfg
[2013/03/21 13:24:12 | 000,000,408 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\CamShapes.ini
[2013/03/21 13:24:12 | 000,000,408 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\CamLayout.ini
[2013/03/21 13:24:12 | 000,000,114 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\Camdata.ini
[2013/03/18 20:32:09 | 000,109,782 | ---- | C] () -- C:\windows\CopernicAgentUninstall.exe
[2013/03/17 20:21:24 | 000,448,736 | ---- | C] () -- C:\windows\SysWow64\GSService.exe
[2013/03/11 19:46:33 | 000,023,040 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/11 19:40:33 | 000,033,019 | ---- | C] () -- C:\windows\SysWow64\CoreAAC-uninstall.exe
[2013/03/11 18:56:51 | 000,000,008 | -H-- | C] () -- C:\windows\SysWow64\adb.dat
[2013/03/11 15:08:37 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2013/02/24 20:08:18 | 000,000,216 | ---- | C] () -- C:\Users\Wheelsup Club\.swfinfo
[2012/12/22 09:58:09 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2012/12/12 13:08:51 | 000,001,724 | ---- | C] () -- C:\windows\SysWow64\tsdigsgn.dat
[2012/12/11 14:32:31 | 000,380,928 | ---- | C] () -- C:\windows\ccremove.exe
[2012/11/21 16:00:28 | 000,000,036 | ---- | C] () -- C:\windows\TSNPL.dat
[2012/09/24 20:52:26 | 000,000,000 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\bibstats
[2012/09/24 18:50:08 | 000,000,000 | ---- | C] () -- C:\Users\Wheelsup Club\mm_backup.cfg
[2012/08/08 18:23:57 | 000,000,727 | ---- | C] () -- C:\Users\Wheelsup Club\petitionscript.php
[2012/07/24 09:12:11 | 000,077,765 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\DDDPL Accounts.gnucash
[2012/07/04 00:34:16 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/07/04 00:34:16 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/04/18 18:39:10 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2012/03/30 14:33:10 | 000,393,216 | ---- | C] () -- C:\windows\RTS8891U.dll
[2012/03/30 14:33:10 | 000,131,072 | ---- | C] () -- C:\windows\u2x00_32.dll
[2012/03/30 14:33:10 | 000,106,528 | ---- | C] () -- C:\windows\u1230_32.dll
[2012/03/30 14:33:10 | 000,068,608 | ---- | C] () -- C:\windows\vufile32.dll
[2012/03/30 14:33:10 | 000,047,616 | ---- | C] () -- C:\windows\ucmsp_32.dll
[2012/03/30 14:33:10 | 000,030,208 | ---- | C] () -- C:\windows\uxmail32.dll
[2012/03/30 14:33:10 | 000,027,648 | ---- | C] () -- C:\windows\vudcli32.dll
[2012/03/30 14:33:10 | 000,000,674 | ---- | C] () -- C:\windows\vista32.ini
[2012/03/30 14:33:10 | 000,000,195 | ---- | C] () -- C:\windows\KPCMS.INI
[2012/03/30 14:33:10 | 000,000,065 | ---- | C] () -- C:\windows\umaxdrv.ini
[2012/03/30 14:33:10 | 000,000,026 | ---- | C] () -- C:\windows\ucmsp_32.ini
[2012/03/24 12:27:54 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\iduninst.dll
[2012/03/16 15:29:42 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2012/03/16 15:10:29 | 000,000,000 | ---- | C] () -- C:\Users\Wheelsup Club\downloader.exe
[2012/02/28 11:18:35 | 000,000,341 | ---- | C] () -- C:\windows\pagebreeze.ini
[2012/02/28 11:18:35 | 000,000,044 | ---- | C] () -- C:\windows\formbreeze.ini
[2012/01/14 19:30:00 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2012/01/14 16:37:45 | 000,012,293 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114163745.gnucash
[2012/01/14 16:26:50 | 000,012,216 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114162650.gnucash
[2012/01/14 16:26:08 | 000,011,581 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114162608.gnucash
[2012/01/14 16:21:00 | 000,010,992 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114162100.gnucash
[2012/01/14 16:14:16 | 000,010,914 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114161416.gnucash
[2012/01/14 16:12:42 | 000,011,028 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114161242.gnucash
[2012/01/14 16:07:41 | 000,010,651 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114160741.gnucash
[2012/01/14 16:02:37 | 000,010,140 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114160237.gnucash
[2012/01/14 15:57:18 | 000,009,526 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114155718.gnucash
[2012/01/14 15:50:30 | 000,009,409 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114155030.gnucash
[2012/01/14 15:45:12 | 000,009,166 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114154512.gnucash
[2012/01/14 15:43:14 | 000,008,560 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114154314.gnucash
[2012/01/14 15:38:10 | 000,008,136 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114153810.gnucash
[2012/01/14 15:32:57 | 000,007,795 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114153257.gnucash
[2012/01/14 15:27:11 | 000,007,635 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114152711.gnucash
[2012/01/14 15:22:07 | 000,007,213 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114152207.gnucash
[2012/01/14 15:16:30 | 000,006,857 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114151630.gnucash
[2012/01/14 14:56:35 | 000,006,754 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114145635.gnucash
[2012/01/14 14:50:45 | 000,006,483 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114145045.gnucash
[2012/01/14 14:45:41 | 000,006,045 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114144541.gnucash
[2012/01/14 14:34:32 | 000,006,045 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114143432.gnucash
[2012/01/14 14:27:30 | 000,005,902 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114142730.gnucash
[2012/01/14 14:24:08 | 000,005,487 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114142408.gnucash
[2012/01/14 14:18:56 | 000,004,984 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114141856.gnucash
[2012/01/14 14:13:54 | 000,004,547 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120114141354.gnucash
[2012/01/13 23:16:00 | 000,004,285 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120113231600.gnucash
[2012/01/13 23:09:20 | 000,004,200 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120113230920.gnucash
[2012/01/13 23:03:19 | 000,004,289 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120113230319.gnucash
[2012/01/13 22:57:37 | 000,004,488 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120113225737.gnucash
[2012/01/13 22:51:06 | 000,004,430 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120113225106.gnucash
[2012/01/13 22:45:35 | 000,004,396 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120113224535.gnucash
[2012/01/13 22:40:03 | 000,004,304 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120113224003.gnucash
[2012/01/13 22:34:59 | 000,004,349 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120113223459.gnucash
[2012/01/13 22:28:30 | 000,004,160 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120113222830.gnucash
[2012/01/13 22:22:10 | 000,003,994 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash.20120113222210.gnucash
[2012/01/13 22:04:05 | 000,012,293 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Local\Chart Of Accounts (January 13, 2012).gnucash
[2011/12/20 16:48:58 | 000,017,920 | ---- | C] () -- C:\windows\WebFerretUninstall.exe
[2011/12/20 16:48:57 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\NetFerret.dll
[2011/12/13 10:28:49 | 000,061,678 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\PFP90JPR.{PB
[2011/12/13 10:28:49 | 000,012,358 | ---- | C] () -- C:\Users\Wheelsup Club\AppData\Roaming\PFP90JCM.{PB

========== ZeroAccess Check ==========

[2013/10/29 13:46:59 | 000,000,000 | -HSD | M] -- C:\Users\Wheelsup Club\AppData\Local\Google\Desktop\Install\{8d8b353f-1586-90d2-b96a-5971d851d5e3}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{8d8b353f-1586-90d2-b96a-5971d851d5e3}\L
[2013/10/29 13:46:59 | 000,000,000 | -HSD | M] -- C:\Users\Wheelsup Club\AppData\Local\Google\Desktop\Install\{8d8b353f-1586-90d2-b96a-5971d851d5e3}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{8d8b353f-1586-90d2-b96a-5971d851d5e3}\U
[2012/11/09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\Wheelsup Club\Desktop\Rarely-used Icons\Old Firefox Data\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/17 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\4Free
[2013/09/16 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\5b9fa4523c026efaa14deb116069b2e3
[2012/03/15 15:40:16 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\andre-simon.de
[2013/03/19 21:44:59 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\AnvSoft
[2013/02/24 19:57:42 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Apowersoft
[2013/04/05 13:04:06 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Applian FLV and Media Player
[2013/09/24 14:55:37 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Audacity
[2013/03/17 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Aura4You
[2013/11/03 07:18:12 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\AVAST Software
[2013/03/11 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\AviDvdBurner
[2013/03/11 19:26:07 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\AvitoDvd
[2013/04/22 09:37:53 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\BHOK IT Consulting
[2013/03/23 12:05:10 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Blueberry
[2013/03/18 20:32:13 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Copernic
[2012/09/26 15:43:49 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\DassaultSystemes
[2013/09/04 10:39:35 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\desksware
[2013/10/09 12:41:57 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\DonationCoder
[2013/04/09 14:23:03 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Downloaded Installations
[2013/09/29 12:47:44 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\DVDVideoSoft
[2012/12/11 14:13:01 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\FFSJ
[2013/02/13 15:36:57 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\FileOpen
[2013/10/31 20:43:50 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\FileZilla
[2013/02/13 16:11:23 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\FireShot
[2013/04/09 15:08:24 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\FM Software Studio
[2013/09/24 13:04:26 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Free Audio Editor
[2013/03/17 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Free AVI Video Converter
[2013/10/09 09:14:32 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Free-backup.info
[2013/09/20 13:11:14 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\FreeFileViewer
[2011/12/24 16:04:29 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\FreeImageConverter
[2012/11/06 11:13:28 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\FVD Suite
[2013/03/17 20:20:42 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\GetRightToGo
[2012/11/21 16:08:19 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\GSplit
[2011/10/28 21:21:34 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\HeidiSQL
[2013/08/25 13:11:55 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\inkscape
[2013/03/22 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\iSpy
[2013/03/22 14:28:41 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Kingsoft
[2013/03/22 21:26:14 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\LogSys
[2012/12/22 09:58:08 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Netscape
[2013/08/17 22:12:04 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Nikon
[2013/02/13 15:36:57 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Nitro
[2011/10/27 22:33:24 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\OEM
[2013/07/18 14:25:07 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Olsoft
[2013/08/24 12:10:46 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\OpenOffice
[2011/10/28 10:02:01 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\OpenOffice.org
[2013/03/17 19:05:06 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\OxelonMC
[2011/12/14 16:31:23 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Packard Bell
[2013/04/02 08:03:27 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\PrimoPDF
[2013/04/12 15:48:18 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\RecoolTec
[2013/08/25 10:45:21 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\SoftGrid Client
[2012/11/08 16:49:25 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\TP
[2011/12/27 16:29:06 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Trellian
[2012/12/11 15:50:41 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\TrueCrypt
[2012/03/04 09:18:49 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\TweakNow PowerPack 2012
[2012/02/28 11:11:41 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Virtual Mechanics
[2011/10/28 13:57:54 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\WildTangent
[2011/11/03 13:25:39 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Windows Live Writer
[2013/03/23 12:45:30 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\WinFF
[2013/03/11 19:32:21 | 000,000,000 | ---D | M] -- C:\Users\Wheelsup Club\AppData\Roaming\Xilisoft

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A5514ABC

< End of report >

...(continued)

**ramping** · 2013-11-07, 21:26

2. OTL Extras.txt:

OTL Extras logfile created on: 11/7/2013 2:27:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wheelsup Club\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.73 Gb Total Physical Memory | 3.26 Gb Available Physical Memory | 56.88% Memory free
11.47 Gb Paging File | 8.49 Gb Available in Paging File | 74.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.73 Gb Total Space | 591.84 Gb Free Space | 64.63% Space Free | Partition Type: NTFS

Computer Name: WHEELSUPCLUB-PC | User Name: Wheelsup Club | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Backup using FileFort Backup] -- "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -addjobfor "%1" -list "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Create slideshow with PhotoStage Slideshow Producer] -- "C:\Program Files (x86)\NCH Software\PhotoStage\photostage.exe" "%L"
Directory [File Finder...] -- C:\Program Files (x86)\Ontrack\PowerDesk\pdfind.exe /PATH:%1 (Ontrack Data International)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Backup using FileFort Backup] -- "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -addjobfor "%1" -list "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Create slideshow with PhotoStage Slideshow Producer] -- "C:\Program Files (x86)\NCH Software\PhotoStage\photostage.exe" "%L"
Directory [File Finder...] -- C:\Program Files (x86)\Ontrack\PowerDesk\pdfind.exe /PATH:%1 (Ontrack Data International)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F1DA359-64CA-478D-BF35-B140AC54D5F0}" = lport=94 | protocol=6 | dir=in | app=c:\program files (x86)\nch software\vrs\vrs.exe |
"{1F830682-0423-44AB-8878-62FB64A43BBC}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E4E39FC-B4F9-471F-9F12-891B760E8048}" = lport=94 | protocol=6 | dir=out | app=c:\program files (x86)\nch software\vrs\vrs.exe |
"{43A93B43-AF9C-4BD1-AFD3-836CAB03B63E}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{4482C0F7-4DCF-4A09-BF6B-60AEE099489B}" = lport=138 | protocol=17 | dir=in | app=system |
"{45D6F676-FEC8-4DED-B92E-069CCAE34A3C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A80AC2F-D991-4222-BEEF-10D732D92541}" = rport=139 | protocol=6 | dir=out | app=system |
"{4A972923-DC3F-4789-A694-26559FC68413}" = lport=4100 | protocol=17 | dir=in | app=c:\program files (x86)\nch software\vrs\vrs.exe |
"{5A375D52-2D42-4DB7-805D-EC0121A3A9D1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6143B31C-8A65-402E-B3C1-472E9B1AF432}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{69E3CB8B-765A-417C-A427-B81232B5AD56}" = rport=137 | protocol=17 | dir=out | app=system |
"{79A8BE13-2BCD-46F5-B964-9C0723F3E093}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F74A5F0-6D11-46D4-86A9-248BEBBCB354}" = rport=10243 | protocol=6 | dir=out | app=system |
"{84C7E73E-4449-44EC-9133-3A1B6483B27C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{86C0186C-DE6E-4CC5-BFCB-40A06117D5B4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{86D07EEC-592B-42FB-AB79-AD7ED2612A41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89193AB5-EA13-4DFD-B6F5-CE3A4081B606}" = lport=94 | protocol=6 | dir=in | app=c:\program files (x86)\nch software\vrs\vrs.exe |
"{8AC491CA-40BD-470A-9FD6-45F0200EB850}" = rport=138 | protocol=17 | dir=out | app=system |
"{8F1EA68C-FB4C-46E1-8AA4-9650609EDF8C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{915C5472-629F-4A12-BACE-6924FB2E9D82}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A87DC465-D640-42CE-8C76-2CCBCC7CDB06}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AC0DAD3C-9086-433D-BF86-C278006D95A7}" = rport=445 | protocol=6 | dir=out | app=system |
"{B26D9466-E287-4457-B19E-5D6C558F73D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B88C6C2D-F54E-40C4-BEC3-A5F7A1BC3FC6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BC225EAA-657C-44C5-B3E6-BA800CBAF765}" = lport=4100 | protocol=17 | dir=out | app=c:\program files (x86)\nch software\vrs\vrs.exe |
"{C3B14BF4-5EA5-4A2B-B20F-57CE1EFF2572}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA5472D0-DEE4-4988-B1E9-95BF3E05E9BE}" = lport=139 | protocol=6 | dir=in | app=system |
"{D186B523-DEE2-4AC1-9F60-43FE4771A66E}" = lport=94 | protocol=6 | dir=out | app=c:\program files (x86)\nch software\vrs\vrs.exe |
"{DB083080-1464-4FF9-8F4C-EDD4A0C490BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC16C320-952B-43F6-B6A0-75351D1CAFD5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EEB266AA-3AB4-45CB-87BE-6DD178B4AFCF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA44A05C-28AC-47AA-9E34-BAF3CD10F638}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E37E92-8A4A-48F4-950D-361E21F3617A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{03310AA0-DF5E-48D2-A23C-EF0D5DBB8B33}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\apowersoftdump.dll |
"{0EA6D42E-68FB-4FF1-ABF5-BEF32D22C255}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15E91B87-DB61-4E7B-9490-7EE51CE95E90}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{22BFBEDA-392E-4076-9795-CE4270F10CB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2846477C-25D1-436A-81B3-83CC481A1A41}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2A73BCEE-79EA-46AC-BA15-A62775200CA6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2EB972CA-2F7D-4F80-98E3-BA63A44FE666}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{301776EF-100D-411E-AEDF-2EEF700FDB1A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3650CE17-0F67-4E14-90B3-26202A67BD40}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4E46FE66-2F63-40FE-90DE-51616B40CA91}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\video-download-capture.exe |
"{50441266-DA08-47AC-8823-88778D7D25FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{511ACEB1-9C0A-4BF3-802A-92D7F3D0C37E}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{590BFC7F-BDC0-4DD2-9D94-A8D34226822A}" = dir=in | app=c:\users\wheelsup club\appdata\local\microsoft\skydrive\skydrive.exe |
"{5A45AC9F-C737-4AD3-8874-F2F34FD0FF04}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe |
"{60B22B50-08DA-469E-ABBE-6296C4B51C8F}" = protocol=6 | dir=in | app=c:\program files (x86)\deep log analyzer\dla.exe |
"{6B01FEB4-A328-44F9-9116-04ADB55397DB}" = protocol=17 | dir=in | app=c:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe |
"{6BAFA53D-CD7F-4508-A12B-764DFD44257C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F91DEB8-9A91-4491-8095-077DAEE30757}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{72FF27FC-0626-496A-BCB9-7768C15BC4B5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7A342823-30A0-4E3B-97CD-9241A6488E73}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9C0F6390-5BC6-49A8-B76E-859E967B4F42}" = protocol=17 | dir=in | app=c:\program files (x86)\deep log analyzer\dla.exe |
"{9F8F27B0-1A5E-4FB4-97DA-C0CC09C17C13}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A143A69F-9AA9-41BA-B5B7-4C8E56782A9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3E802B9-FC45-4061-AA23-50666ED2598B}" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\symphony.exe |
"{A4F6A869-9845-4560-B944-66A6088A1A19}" = protocol=6 | dir=in | app=c:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe |
"{A5A6D46A-F083-45AC-8B41-8378E02446DD}" = protocol=6 | dir=out | app=system |
"{A5A88F58-D7FE-4D04-90CD-078B764FD3E8}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\videodownloadcapture.exe |
"{AA9E29DE-3138-467D-A62B-5DA5DA998BE0}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{B352E4DB-DF86-46E4-91E5-F84AE3BAC641}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{B8B1BE0A-6597-47ED-9C97-6E48DF36164D}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{BA67F8E9-083E-43CD-8295-C56A7D1B75E6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BE864846-CEE7-41CF-A9C7-3916797DE610}" = protocol=6 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe |
"{C3A7EF3C-F2AE-4E6B-9BD0-5DE0F9BB09C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C59ABA3F-591B-46E4-8487-B5F978BB2CC6}" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\lotus\symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\symphony.exe |
"{CC700E74-30A0-42C9-B527-F73DE1374D35}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CED8E119-8880-448C-975B-75B706A43420}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEB817A7-1E90-4714-8359-210201092550}" = dir=in | app=c:\program files (x86)\apowersoft\video download capture\apowersoftsrv.dll |
"{E5F7F306-BD93-40E6-8FA5-AEEE58B30BFB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E9C4D6C4-A23F-4AE2-A3F2-3D44FDB639D4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EB5E43DC-E4EF-49E2-907B-DA417EF83484}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8C284E0-B2FE-4306-8774-9A21AEBB22B7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F954BAA2-1E4C-45FE-9A25-CE020565B747}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"{FC308072-B5A5-44BB-A1BB-0C77C692C2BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE911BE9-AD01-4D3F-A5B2-31A999FAEBEA}" = protocol=17 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe |
"TCP Query User{29D99F1E-6A47-4155-9575-832633175D77}C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe |
"TCP Query User{324D21EC-DDF2-4AF0-B658-0DE1D5C3CCDB}C:\program files (x86)\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe |
"TCP Query User{642DC97E-3768-4B01-A84A-3693DCCE357A}C:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe |
"TCP Query User{983ADCB3-3960-4D79-BF3D-E03C11DA5FDD}C:\program files (x86)\deep log analyzer\dla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\deep log analyzer\dla.exe |
"TCP Query User{D19C1643-3A5F-48D8-8A53-FE47D5B6C32F}C:\users\wheelsup club\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\wheelsup club\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{D9152336-542F-4956-815D-37C19C44A740}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{3C5AA8E4-1B9A-4FFC-B19A-68474DCEB340}C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe |
"UDP Query User{3DD95C1F-053A-4F91-B4AC-7D1D1ED17955}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{56865B3D-7DA2-4419-90B2-C61F19EA81D2}C:\users\wheelsup club\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\wheelsup club\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{8B0C83D1-A608-43E9-B06E-45F0130993F4}C:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firebird\firebird_2_1\bin\fbserver.exe |
"UDP Query User{B3D83ABB-B587-459E-AA67-E53037CC87BF}C:\program files (x86)\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe |
"UDP Query User{DD9FCD2B-F15F-4AA8-A6F3-3CB35772EFEB}C:\program files (x86)\deep log analyzer\dla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\deep log analyzer\dla.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018F3B17-AF23-809D-3807-25A16563416C}" = AMD Media Foundation Decoders
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{170EF2EC-C6AC-9418-933B-E2215E5ACE62}" = AMD Accelerated Video Transcoding
"{1A2B11DC-654B-0C80-14AA-B980D07257A7}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2231CA42-C1E1-13C2-FAA5-4A832ABE3AAB}" = ATI AVIVO64 Codecs
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{2F195958-3530-E1DD-FAAD-28A81421525C}" = AMD Fuel
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A04DCB25-7040-4935-A30D-8E0A893ABF2D}" = iTunes
"{A2A448FD-B078-DBF9-0F3F-AC8A8A4ADDB9}" = AMD Drag and Drop Transcoding
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{E391E2FF-927F-46A6-8466-C688A2FAF1FB}" = AMD Catalyst Install Manager
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Desktop iCalendar Lite_is1" = Desktop iCalendar Lite
"ffdshow64_is1" = ffdshow x64 v1.3.4500 [2013-01-06]
"File Shredder_is1" = File Shredder 2.5
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.8.0 (64-bit)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.46-1 (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{03E1711E-2A57-D826-142F-4D1C8CBB9CE3}" = CCC Help Korean
"{04B83666-3A62-452B-85D3-70F8117F2329}_is1" = CamStudio version 2.7
"{05499036-169E-2DB2-CA6A-921826EDB571}" = CCC Help Hungarian
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner
"{16FD907B-FA72-4F3C-B959-E076C8238F80}" = Napster Label Creator
"{1737B9BC-D3B4-D62A-C79F-049D1C14BAC5}" = CCC Help Finnish
"{17D86E62-4849-49BC-83D2-FA369CEEA9D9}_is1" = Any Video Recorder version 1.0.2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1959CCD2-1227-4de4-97E7-04F29D526762}_is1" = AnyMedia Player 3.4.2
"{1C179D24-8307-A87E-5BF2-7F847B5489FB}" = CCC Help Dutch
"{1C961E37-1448-39D0-7A46-BB6BEA266C18}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{24E95349-8629-47A0-EB12-9B081EFE4122}" = Catalyst Control Center Localization All
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.0
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3315B802-84C6-47BC-907A-9B77A4646197}_is1" = SWF to AVI
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{38B50CEC-C683-404D-BAD7-48CBCBFF981B}_is1" = Free WebM to AVI Converter 1.0
"{3C74D5C3-EBB9-408E-972F-B9802F13D5E4}" = 3DVIA Shape for Maps
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V4.3.2
"{3E2D9049-CB69-11D2-94EC-00A0C90683DA}" = VBA (2720)
"{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}" = GimpShop 2.8
"{4048B649-4AD0-1C0F-3C0F-09478FE3E4E8}" = CCC Help Chinese Traditional
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{44327031-4B00-4D21-8D25-620B6B476005}_is1" = Free SWF to AVI Converter
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{51E47ACA-6672-7A6B-FE18-20E1EA4802E3}" = CCC Help Greek
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{533D415A-4151-4AC5-858E-4068524C8051}_is1" = Pdf2Jpg version 1.2
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59C7AFEC-E6E0-C99E-31FD-1FCBBFF70393}" = AMD VISION Engine Control Center
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5CA66729-D7A8-428B-21AC-CE78AB6BC83D}" = CCC Help Portuguese
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{604B7475-6B17-D7DF-636D-E1E147349316}" = CCC Help Japanese
"{62460273-C5CA-BEAB-5AEA-360698FCB506}" = CCC Help Czech
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{638b91e2-b5ee-49f3-8348-be72f2d65d13}" = IBM Lotus Symphony
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6D5B770B-9F4B-5D56-C270-196E91C9F0FF}" = CCC Help Danish
"{6E25AE88-7018-022F-508B-80656F538535}" = CCC Help Polish
"{7061301A-0D44-432F-859D-AF705DA2C81F}_is1" = 4Free Video Converter 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729E16B3-1B80-4F3F-8D19-342A89631E0A}_is1" = Media converter
"{74ECAA44-3ED0-4F2D-BFD8-4EB04B69FAD5}}_is1" = Aneesoft Free AVI Video Converter 3.6.0.0
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{778AA318-7343-B50A-09FE-96BD3FF18501}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7992DE31-541F-5873-89C7-25F8E0F33683}" = Catalyst Control Center InstallProxy
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1" = FVD Suite 3.0.2
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{865D54A9-0240-4952-9F4D-30A59F6F2C2D}}_is1" = Split Files version 1.72
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8A5E6B59-2804-4677-8A5F-DEBC218CE4E0}_is1" = PWGen 2.2.1
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{925B2376-5813-40B2-BE52-F088A515B9B9}" = Option Strategy Builder 1.0.4
"{941BF29A-8738-34FB-58AF-116758FA60AB}" = CCC Help Thai
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99FCB145-B8BA-11D5-A6B4-0050BA724CB6}" = Astra 4000U
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{9D4D322B-0BE2-F994-701F-8E464029B11A}" = CCC Help Swedish
"{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}" = Google Earth
"{A539EC7C-3635-468F-8CBA-42364F1150B5}_is1" = Deep Log Analyzer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FDFB03-82ED-0DCC-6351-A562F184E9ED}" = CCC Help Italian
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B62BA521-B0BB-7215-6467-9EC0A1E61D85}" = Catalyst Control Center Graphics Previews Common
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D49D90-3D8B-F6D4-2009-11AE0E11EBC3}" = CCC Help English
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE0BEC1F-C9D6-17D5-075A-53DF0A23C282}" = CCC Help Norwegian
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{BFD7E2D6-B4E1-D425-166E-CF27BBD79C10}" = CCC Help Spanish
"{C04ACDD0-62A7-091E-0B83-4383E7073469}" = CCC Help Turkish
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C7232E58-FD2F-5EC0-B4FD-2C5FA2DB6BB8}" = CCC Help French
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2340C67-0F20-4B9C-A3A8-CD8821582E5D}" = WebDwarf V2
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}" = ArcSoft Panorama Maker 6
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2240
"{E2EA5233-8AC4-4A59-A521-FBD1A0778A06}" = XMLFox
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E661CA41-4846-13AB-5137-25F13F1C5D6B}" = CCC Help Chinese Standard
"{e6817f01-cedf-45af-8195-bd1691311e1c}" = Nero 9 Essentials
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1" = Ezvid
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FCB53C89-7998-6782-DA2B-99B49BE8AD96}" = CCC Help German
"{FD31CD68-1D2F-4F9C-8ACB-9A7806D53D3B}" = StudioTax 2012
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Actual Drawing" = Actual Drawing
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnswerWorks" = AnswerWorks Runtime
"Any Video Converter_is1" = Any Video Converter 5.0.7
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Audacity_is1" = Audacity 2.0.5
"Avast" = avast! Free Antivirus
"Avi to Dvd Free Converter_is1" = Avi to Dvd Free Converter v6.4.0.48
"Avi2Dvd" = Avi2Dvd 0.6.4
"AviSynth" = AviSynth 2.5
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"BB FlashBack Express" = BB FlashBack Express
"BS1 Accounting 2012.0_is1" = BS1 Accounting 2012.0
"Business-in-a-Box" = Business-in-a-Box
"CinePaint" = CinePaint
"Cookie Editor_is1" = Cookie Editor 1.9.1.469
"Copernic Agent Basic" = Copernic Agent Basic
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Corel Applications" = Corel Applications
"DMUninstaller" = DMUninstaller
"EditiX-Free-XML Editor2010 Free-2010" = EditiX-Free-XML Editor2010 Free-2010
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.7.3
"FlameRobin_is1" = FlameRobin 0.9.3
"Flash Movie Player" = Flash Movie Player 1.5
"FormatFactory" = FormatFactory 3.2.0.1
"Free Audio Editor" = Free Audio Editor
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.22.128
"Free File Splitter_is1" = Free File Splitter 1.0
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.29.320
"Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png~F15BC2F8_is1" = Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.8
"Free YouTube Download_is1" = Free YouTube Download version 3.2.11.812
"Freecorder 7 Applications" = Freecorder 7 Applications (7.0.0.48)
"Freecorder extension for Firefox" = Freecorder extension for Firefox
"Freecorder extension x64" = Freecorder extension x64
"FreeFileViewer_is1" = Free File Viewer 2012
"Freemake Video Converter_is1" = Freemake Video Converter version 4.0.4
"FreshWebmaster FreshWebSuction_is1" = FreshWebSuction
"FTP Commander" = FTP Commander
"FTP Navigator_is1" = FTP Navigator 8.03
"FVD Player_is1" = FVD Player 1.0.9
"Gateway Game Console" = Gateway Game Console
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"GnuCash_is1" = GnuCash 2.4.11
"GPL Ghostscript 8.71 Lite_is1" = GPL Ghostscript 8.71 Lite
"GSplit3Set" = GSplit 3
"HandyBits EasyCrypto Deluxe" = HandyBits EasyCrypto Deluxe
"HandyBits File Shredder" = HandyBits File Shredder
"HandyBits Voice Mail" = HandyBits Voice Mail
"HandyBits ZipNGo" = HandyBits ZipNGo
"HeidiSQL_is1" = HeidiSQL 8.1.0.4545
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"IECT3298580" = MixiDJ V44 Toolbar for IE
"Inkscape" = Inkscape 0.48.4
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Internet Cleanup" = Internet Cleanup
"iWisoft Flash SWF to Video Converter_is1" = iWisoft Flash SWF to Video Converter 3.5
"JStock" = JStock (remove only)
"Kigo M4V Converter_is1" = Kigo M4V Converter 4.0.1
"Kingsoft Office" = Kingsoft Office 2013 (9.1.0.4246)
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.5 (Full)
"Kobeman_is1" = Alleycode HTML Editor 2.2.1
"LAGARITH" = Lagarith lossless video codec (Remove Only)
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OptionMatrix-1.4.1" = OptionMatrix
"Oxelon Media Converter_is1" = Oxelon Media Converter 1.1
"PageBreeze Free HTML Editor" = PageBreeze Free HTML Editor
"PowerDesk4.0" = My PowerDesk
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ScreenshotCaptor_is1" = Screenshot Captor 4.7.2
"SEOToolkit30_is1" = Trellian SEO Toolkit v3.0
"Slicer" = The Slicer Uninstall
"ST5UNST #1" = project dogwaffle
"ST5UNST #2" = project dogwaffle (C:\Program Files (x86)\project dogwaffle\)
"Trellian WebPage_is1" = Trellian WebPage
"TrueCrypt" = TrueCrypt
"Trusted Software Assistant_is1" = File Type Assistant
"TweakNow PowerPack 2012_is1" = TweakNow PowerPack 2012
"VDC_is1" = Video Download Converter version 1.0.0.0
"Video Downloader_is1" = Video Downloader version 2.0
"Videovac_is1" = Videovac 1.6
"Visual Options Analyzer_is1" = VOptions v.4.5.1
"VLC media player" = VLC media player 2.1.0
"VMware_Player" = VMware Player
"WebFerret" = WebFerret
"WildTangent gateway Master Uninstall" = Gateway Games
"Winamp" = Winamp
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Word to Jpeg Converter 3000_is1" = Word to Jpeg Converter 3000 7.3
"WT078871" = Bejeweled 2 Deluxe
"WT078903" = Zuma Deluxe
"WT078955" = Blackhawk Striker 2
"WT078963" = Bob the Builder Can-Do-Zoo
"WT079019" = Faerie Solitaire
"WT079023" = FATE - The Traitor Soul
"WT079067" = Jewel Quest Solitaire 3
"WT079099" = Monopoly
"WT079103" = Mystery P.I. - Lost in Los Angeles
"WT079107" = Penguins!
"WT079111" = Plants vs. Zombies
"WT079115" = Polar Bowler
"WT079119" = Polar Golfer
"WT079151" = Scrabble Plus
"WT079155" = The Price is Right
"WT079176" = Virtual Villagers - A New Home
"WT079182" = Yahtzee
"WT079239" = Build-a-lot 2
"WT079258" = Escape Rosecliff Island
"WT079419" = Virtual Families
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter
"Xvid_is1" = Xvid 1.2.2 final uninstall
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Converter" = FoxTab PDF Converter
"MyPaint" = MyPaint 1.0.0
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2013 8:29:48 PM | Computer Name = WheelsupClub-PC | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 11/6/2013 9:32:20 AM | Computer Name = WheelsupClub-PC | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 11/6/2013 12:11:51 PM | Computer Name = WheelsupClub-PC | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 11/6/2013 1:57:39 PM | Computer Name = WheelsupClub-PC | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 11/6/2013 2:23:10 PM | Computer Name = WheelsupClub-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 11/7/2013 9:56:45 AM | Computer Name = WheelsupClub-PC | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 11/7/2013 11:11:27 AM | Computer Name = WheelsupClub-PC | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 11/7/2013 12:13:40 PM | Computer Name = WheelsupClub-PC | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 11/7/2013 12:33:52 PM | Computer Name = WheelsupClub-PC | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

Error - 11/7/2013 2:57:45 PM | Computer Name = WheelsupClub-PC | Source = MSSQLServer | ID = 19011
Description = SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.

[ System Events ]
Error - 11/7/2013 12:11:44 PM | Computer Name = WheelsupClub-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/7/2013 12:14:02 PM | Computer Name = WheelsupClub-PC | Source = Service Control Manager | ID = 7000
Description = The Util SaltarSmart service failed to start due to the following
error: %%2

Error - 11/7/2013 12:34:18 PM | Computer Name = WheelsupClub-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 11/7/2013 12:34:18 PM | Computer Name = WheelsupClub-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 11/7/2013 12:34:31 PM | Computer Name = WheelsupClub-PC | Source = Service Control Manager | ID = 7000
Description = The Util SaltarSmart service failed to start due to the following
error: %%2

Error - 11/7/2013 2:58:08 PM | Computer Name = WheelsupClub-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 11/7/2013 2:58:08 PM | Computer Name = WheelsupClub-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 11/7/2013 2:58:10 PM | Computer Name = WheelsupClub-PC | Source = Service Control Manager | ID = 7000
Description = The Util SaltarSmart service failed to start due to the following
error: %%2

Error - 11/7/2013 3:03:50 PM | Computer Name = WheelsupClub-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 11/7/2013 3:05:31 PM | Computer Name = WheelsupClub-PC | Source = DCOM | ID = 10010
Description =

< End of report >

- r

**ken545** · 2013-11-07, 22:29

The only thing I see bad is an infected backup copy of your hosts file, lets run this quick fix, post the log it produces please and also let me know how you feel things are running now

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
[2013/10/11 09:16:03 | 000,450,642 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20131027-085644.backup

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

**ramping** · 2013-11-07, 22:59

1. Off-hand, things seem to be running a lot better than they did, a few days ago. Thanks!

I'm really amazed at all the malware that got onto my machine, though!

2. OTL log:

All processes killed
========== OTL ==========
C:\Windows\SysNative\drivers\etc\hosts.20131027-085644.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Wheelsup Club\Desktop\cmd.bat deleted successfully.
C:\Users\Wheelsup Club\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Public

User: Wheelsup Club
->Java cache emptied: 257985 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Wheelsup Club
->Temp folder emptied: 2959708 bytes
->Temporary Internet Files folder emptied: 684409668 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53822035 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1392876 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23930 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 708.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11072013_163522

Files\Folders moved on Reboot...
C:\Users\Wheelsup Club\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Wheelsup Club\AppData\Local\Temp\~DF0B8057EE8D16A1B6.TMP not found!
File\Folder C:\Users\Wheelsup Club\AppData\Local\Temp\~DF0EB767C557EE1431.TMP not found!
File\Folder C:\Users\Wheelsup Club\AppData\Local\Temp\~DF11A88329441796CB.TMP not found!
File\Folder C:\Users\Wheelsup Club\AppData\Local\Temp\~DF2C84758273A2E841.TMP not found!
File\Folder C:\Users\Wheelsup Club\AppData\Local\Temp\~DF630DE21DFC43EE86.TMP not found!
File\Folder C:\Users\Wheelsup Club\AppData\Local\Temp\~DF64728CB9339F3208.TMP not found!
File\Folder C:\Users\Wheelsup Club\AppData\Local\Temp\~DF8985A56AD501E82D.TMP not found!
File\Folder C:\Users\Wheelsup Club\AppData\Local\Temp\~DFA011DCA331C762B4.TMP not found!
File\Folder C:\Users\Wheelsup Club\AppData\Local\Temp\~DFAE12EBCDFEC38812.TMP not found!
File\Folder C:\Users\Wheelsup Club\AppData\Local\Temp\~DFE66A7E2982E2EBF0.TMP not found!
File\Folder C:\Users\Wheelsup Club\AppData\Local\Temp\~DFF2C994A344CC4D9D.TMP not found!
File\Folder C:\Users\Wheelsup Club\AppData\Local\Temp\~DFF84065629DFC1A21.TMP not found!
C:\Users\Wheelsup Club\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3296.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

- r

Thread: Unwanted Ads (Continued)

Thread Tools

Display

Posting Permissions