Freecorder Trojan In Firefox
Sorry, if I posted this in the wrong place.
According to Firefox support, however, my computer has a trojan, called "Freecorder", which inserts annoying ads on my screen.
Firefox support wanted to have access to my computer, but I don't feel comfortable with that; I had an awkward experience letting a Microsoft tech take control of my machine, once; it was clear that he was looking for porno, instead of doing his job.
Any thoughts on what I can do to resolve this issue?
- r
Hi and welcome
Scan with FRST in normal mode
Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit
(If not sure which version: Start --> Computer (right click) --> properties)
(To use correct version for your system.....Which system am I using?)
- Run FRST.
- Donīt change one of the checkboxes and hit Scan.
- Logfiles are created on your desktop.
- Post the FRST.txt
- The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Sorry for the delay. I thought I had already posted this days ago.
I think I found the problem; when I tried to post both outputs in the same post, an error message said the post was "too long". So, now, I'm posting them in individual posts.
Since that, too, did not work, I'm posting the FRST.txt in 2 separate posts. The Additional will be located in a third post.
- r
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Wheelsup Club (administrator) on WHEELSUPCLUB-PC on 12-07-2014 10:19:38
Running from C:\Users\Wheelsup Club\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(IntelliQuest Communications, Inc.) C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(UMAX) C:\VstaScan\VsAccess.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Corel Corporation Limited) C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe
(IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Corel Corporation Limited) C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\dad9.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Napster) C:\Program Files (x86)\Napster\napster.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
() C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TorchMedia Inc.) C:\Users\Wheelsup Club\AppData\Local\Torch\Update\TorchCrashHandler.exe
(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Corel Corporation Limited) C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\wpwin9.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Gateway\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2013-03-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [609312 2010-05-05] ()
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Gateway\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [Gateway Photo Frame] => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [84576 2013-07-23] (Nullsoft, Inc.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [NapsterShell] => C:\Program Files (x86)\Napster\napster.exe [323216 2007-01-12] (Napster)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-09] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2354175475-3584804694-207632515-1000\...\Run: [Update Service] => C:\Program Files (x86)\Common Files\Teknum Systems\update.exe [19456 2012-12-12] (Teknum Systems AS)
HKU\S-1-5-21-2354175475-3584804694-207632515-1000\...\RunOnce: [Uninstall C:\Users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-2354175475-3584804694-207632515-1000\...\RunOnce: [Uninstall C:\Users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"
HKU\S-1-5-21-2354175475-3584804694-207632515-1000\...\RunOnce: [Uninstall C:\Users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
HKU\S-1-5-21-2354175475-3584804694-207632515-1000\...\RunOnce: [Uninstall C:\Users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wheelsup Club\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Corel Registration.lnk
ShortcutTarget: Corel Registration.lnk -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe (IntelliQuest Communications, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
ShortcutTarget: Service Manager.lnk -> C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VistaAccess.lnk
ShortcutTarget: VistaAccess.lnk -> C:\VstaScan\VsAccess.exe (UMAX)
Startup: C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CorelCENTRAL Alarms.LNK
ShortcutTarget: CorelCENTRAL Alarms.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\alarm.exe (Corel Corporation Limited)
Startup: C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Application Director 9.LNK
ShortcutTarget: Desktop Application Director 9.LNK -> C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\dad9.exe (Corel Corporation Limited)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKCU - (No Name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - DefaultScope {A37D5975-EF6F-4E7C-B890-85D1469D832F} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US739&p={SearchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {A37D5975-EF6F-4E7C-B890-85D1469D832F} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US739&p={SearchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: No Name - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: No Name - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.28.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.28.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - No File
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - No File
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
Handler-x32: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
FireFox:
========
FF ProfilePath: C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463
FF NewTab: about:blank
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: TorchVLC - C:\Users\Wheelsup Club\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\searchplugins\best-buy-canada.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Ant Video Downloader - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\anttoolbar@ant.com [2014-05-13]
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\artur.dubovoy@gmail.com [2014-05-10]
FF Extension: GoogleSharing - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\googlesharing@extension.thoughtcrime.org [2014-01-18]
FF Extension: NetVideoHunter - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\netvideohunter@netvideohunter.com [2014-02-17]
FF Extension: Print pages to PDF - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\printPages2Pdf@reinhold.ripper [2013-11-23]
FF Extension: DownloadHelper - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Flash and Video Download - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-06-26]
FF Extension: Anonymouse.org - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\arpit3@techraga.in.xpi [2014-06-21]
FF Extension: InvisibleHand - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013-11-25]
FF Extension: Hover Hand - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\chikit@gmail.com.xpi [2013-12-09]
FF Extension: anonymoX - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\client@anonymox.net.xpi [2013-11-09]
FF Extension: 1-Click Dailymotion Video Downloader - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2013-11-18]
FF Extension: Download Panel Tweaker - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\downloadPanelTweaker@infocatcher.xpi [2014-01-12]
FF Extension: Elite Proxy Switcher - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\eliteproxyswitcher@my-proxy.com.xpi [2013-11-08]
FF Extension: Hide My Ass Proxy Extension - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\extension@hidemyass.com.xpi [2013-11-04]
FF Extension: Video Downloader professional - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\ffext_basicvideoext@startpage24.xpi [2013-11-18]
FF Extension: HMA! IP Checker - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\ipinfo@hidemyass.com.xpi [2013-11-08]
FF Extension: Self-Destructing Cookies - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2014-01-02]
FF Extension: Hover Hound - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\jid0-PEBvWWKP6g5gzvk2gsdrh097hv0@jetpack.xpi [2013-11-25]
FF Extension: Google/Yandex search link fix - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2014-01-02]
FF Extension: Simple Highlighter - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\jid0-zHLx0tke81ABqPwp3FhItvPegMs@jetpack.xpi [2013-12-16]
FF Extension: One Click Proxy - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2014-06-21]
FF Extension: Pin/Unpin Tab - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\jid1-j1RdUbjJ4pH8Yw@jetpack.xpi [2014-02-20]
FF Extension: NO Google Analytics - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2014-01-18]
FF Extension: Strict Pop-up Blocker - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2014-07-08]
FF Extension: Youtube Downloader - Media Downloader - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\paulsaintuzb@gmail.com.xpi [2014-02-17]
FF Extension: Reload Plus - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\reloadplus@blackwind.xpi [2014-01-02]
FF Extension: S3.Download Statusbar - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\s3download@statusbar.xpi [2014-02-17]
FF Extension: Save as PDF - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\save-as-pdf-ff@pdfcrowd.com.xpi [2013-11-08]
FF Extension: Savedeo video downloader - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\savedeo-video-downloader@fczbkk.com.xpi [2014-02-17]
FF Extension: SkipScreen - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\SkipScreen@SkipScreen.xpi [2014-02-17]
FF Extension: Google Translator for Firefox - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\translator@zoli.bod.xpi [2014-06-21]
FF Extension: Top Video Downloader - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\tvd@link64.xpi [2014-02-17]
FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\vdpure@link64.xpi [2013-11-04]
FF Extension: Video DL - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\video-dl-firefox@jetpack.xpi [2014-02-17]
FF Extension: Video Resumer - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\videoresumer@jetpack.xpi [2013-11-04]
FF Extension: Video WithOut Flash - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\vwof@drev.com.xpi [2013-11-18]
FF Extension: Keep Tube Downloader - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\webmaster@keep-tube.com.xpi [2014-01-12]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2013-11-04]
FF Extension: Video Myxa - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{0C07EECD-53B6-4748-BB2B-4395BF51DD8B}.xpi [2014-02-17]
FF Extension: URL Link - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi [2014-01-02]
FF Extension: TweakTube - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}.xpi [2013-11-18]
FF Extension: FlashGot - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-01-20]
FF Extension: PDF Download - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013-11-23]
FF Extension: Stylish - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-01-02]
FF Extension: Image Search Options - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{4a313247-8330-4a81-948e-b79936516f78}.xpi [2014-01-13]
FF Extension: Download Status Bar - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-23]
FF Extension: Context Highlight - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{8051A235-3BDB-4450-9C02-8CD8C6F9E2CB}.xpi [2013-11-19]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2013-11-18]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-02-17]
FF Extension: Fast Video Download - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2014-01-12]
FF Extension: Download Statusbar - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-11-08]
FF Extension: Web2PDF converter - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi [2013-12-05]
FF Extension: Sothink Web Video Downloader for Firefox - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi [2014-02-17]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-05-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-03]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Google Drive) - C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
CHR Extension: (YouTube) - C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]
CHR Extension: (McAfee Security Scan+) - C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-04-01]
CHR Extension: (Google Search) - C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]
CHR Extension: (SiteAdvisor) - C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-11-24]
CHR Extension: (avast! Online Security) - C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-01]
CHR Extension: (Freemake Video Converter) - C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-11-24]
CHR Extension: (Video Player) - C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhielbkepifcmmmfopeicnjfpbeodbmk [2014-04-01]
CHR Extension: (Google Wallet) - C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (Gmail) - C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" [2013-11-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-09]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-03-11]
CHR HKLM-x32\...\Chrome\Extension: [lhielbkepifcmmmfopeicnjfpbeodbmk] - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta752\ch\VideoPlayerV3beta752.crx [2013-03-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-09] (AVAST Software)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2011-02-11] (CyberLink)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2139328 2014-05-27] (Comodo Security Solutions, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-27] (Freemake) [File not signed]
S3 GSService; C:\windows\SysWOW64\GSService.exe [448736 2013-03-13] ()
R2 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
R2 TorchCrashHandler; C:\Users\Wheelsup Club\AppData\Local\Torch\Update\TorchCrashHandler.exe [1216520 2014-06-30] (TorchMedia Inc.)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-01-18] (VMware, Inc.) [File not signed]
S2 Util SaltarSmart; "C:\Program Files (x86)\SaltarSmart\bin\utilSaltarSmart.exe" [X]
==================== Drivers (Whitelisted) ====================
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-09] ()
R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1799808 2010-06-10] (AVerMedia TECHNOLOGIES, Inc.)
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2013-03-22] (Windows (R) Codename Longhorn DDK provider)
S3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [33488 2013-03-23] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-15] (CACE Technologies, Inc.)
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [622624 2010-02-01] (Realtek Semiconductor Corporation )
S3 SndTAudio; C:\Windows\System32\drivers\SndTAudio.sys [34528 2013-03-13] (Windows (R) Win 7 DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-12] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-02-08] (CyberLink Corp.)
S1 azvohwlg; \??\C:\windows\system32\drivers\azvohwlg.sys [X]
S1 caglpito; \??\C:\windows\system32\drivers\caglpito.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 cglcnxna; \??\C:\windows\system32\drivers\cglcnxna.sys [X]
S1 cgxzeais; \??\C:\windows\system32\drivers\cgxzeais.sys [X]
S1 dkxomdff; \??\C:\windows\system32\drivers\dkxomdff.sys [X]
S1 dlrcmacc; \??\C:\windows\system32\drivers\dlrcmacc.sys [X]
S1 dnonjzhp; \??\C:\windows\system32\drivers\dnonjzhp.sys [X]
S1 docrwtro; \??\C:\windows\system32\drivers\docrwtro.sys [X]
S1 ekrvryyb; \??\C:\windows\system32\drivers\ekrvryyb.sys [X]
S1 eolbguvz; \??\C:\windows\system32\drivers\eolbguvz.sys [X]
S1 fwtxrcwi; \??\C:\windows\system32\drivers\fwtxrcwi.sys [X]
S1 iaqybpyk; \??\C:\windows\system32\drivers\iaqybpyk.sys [X]
S1 ivnnnudl; \??\C:\windows\system32\drivers\ivnnnudl.sys [X]
S1 jiwrmxaw; \??\C:\windows\system32\drivers\jiwrmxaw.sys [X]
S1 lasmepzv; \??\C:\windows\system32\drivers\lasmepzv.sys [X]
S1 meusbmhl; \??\C:\windows\system32\drivers\meusbmhl.sys [X]
S1 nffxbovz; \??\C:\windows\system32\drivers\nffxbovz.sys [X]
S1 nnptydlz; \??\C:\windows\system32\drivers\nnptydlz.sys [X]
S1 oladlbpd; \??\C:\windows\system32\drivers\oladlbpd.sys [X]
S1 oquqdghi; \??\C:\windows\system32\drivers\oquqdghi.sys [X]
S1 oyixxbuu; \??\C:\windows\system32\drivers\oyixxbuu.sys [X]
S1 pfvkeyok; \??\C:\windows\system32\drivers\pfvkeyok.sys [X]
S1 qocjlccd; \??\C:\windows\system32\drivers\qocjlccd.sys [X]
S1 quuthscw; \??\C:\windows\system32\drivers\quuthscw.sys [X]
S1 sefciruf; \??\C:\windows\system32\drivers\sefciruf.sys [X]
S1 sosmzeaj; \??\C:\windows\system32\drivers\sosmzeaj.sys [X]
S1 sxxihgwu; \??\C:\windows\system32\drivers\sxxihgwu.sys [X]
S1 tdilglsd; \??\C:\windows\system32\drivers\tdilglsd.sys [X]
S1 tyzqtmjl; \??\C:\windows\system32\drivers\tyzqtmjl.sys [X]
S1 uoizcgqf; \??\C:\windows\system32\drivers\uoizcgqf.sys [X]
S1 xuhsefvm; \??\C:\windows\system32\drivers\xuhsefvm.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-12 10:19 - 2014-07-12 10:19 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\FRST-OlderVersion
2014-07-12 10:16 - 2014-07-12 10:16 - 00207893 _____ () C:\Users\Wheelsup Club\Documents\QPW0234.TMP
2014-07-11 14:58 - 2014-07-11 14:58 - 00854390 _____ () C:\Users\Wheelsup Club\Downloads\SecurityCheck.exe
2014-07-11 10:41 - 2014-07-11 10:41 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0233.TMP
2014-07-10 17:08 - 2014-07-10 17:08 - 01228453 _____ () C:\Users\Wheelsup Club\Downloads\Online on Rogers Anyplace TV The Night Shift Online on Rogers Anyplace TV[via torchbrowser.com].mp4
2014-07-10 17:08 - 2014-07-10 17:08 - 00084170 _____ () C:\Users\Wheelsup Club\Downloads\Online on Rogers Anyplace TV The Night Shift Online on Rogers Anyplace TV[via torchbrowser.aac
2014-07-10 16:49 - 2014-07-10 16:49 - 03188194 _____ () C:\Users\Wheelsup Club\Downloads\▶ The Night Shift Video - Blood Brothers - Episode 7 - GlobalTV.com[via torchbrowser.com] (1).mp4
2014-07-10 16:49 - 2014-07-10 16:49 - 00361237 _____ () C:\Users\Wheelsup Club\Downloads\▶ The Night Shift Video - Blood Brothers - Episode 7 - GlobalTV.com[via torchbrowser (1).aac
2014-07-10 16:41 - 2014-07-10 16:41 - 03188194 _____ () C:\Users\Wheelsup Club\Downloads\▶ The Night Shift Video - Blood Brothers - Episode 7 - GlobalTV.com[via torchbrowser.com].mp4
2014-07-10 16:41 - 2014-07-10 16:41 - 00361237 _____ () C:\Users\Wheelsup Club\Downloads\▶ The Night Shift Video - Blood Brothers - Episode 7 - GlobalTV.com[via torchbrowser.aac
2014-07-10 16:02 - 2014-07-10 17:12 - 00004608 _____ () C:\Users\Wheelsup Club\Documents\Lawfirm Rejections.qpw
2014-07-10 09:37 - 2014-07-10 09:38 - 00054163 _____ () C:\Users\Wheelsup Club\Downloads\Addition.txt
2014-07-10 09:35 - 2014-07-12 10:19 - 00042965 _____ () C:\Users\Wheelsup Club\Downloads\FRST.txt
2014-07-10 09:35 - 2014-07-12 10:19 - 00000000 ____D () C:\FRST
2014-07-10 09:34 - 2014-07-12 10:19 - 02084864 _____ (Farbar) C:\Users\Wheelsup Club\Downloads\FRST64.exe
2014-07-10 09:05 - 2014-07-10 09:05 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0232.TMP
2014-07-09 22:25 - 2014-07-09 22:25 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-09 16:59 - 2014-07-09 16:59 - 00000000 _____ () C:\windows\SysWOW64\sho3A62.tmp
2014-07-09 16:53 - 2014-07-09 16:53 - 08780754 _____ () C:\Users\Wheelsup Club\Downloads\-Oh Babe What Would You Say- by Hurricane Smith {lyrics} - YouTube[via torchbrowser.com].mp4
2014-07-09 16:53 - 2014-07-09 16:53 - 02479064 _____ () C:\Users\Wheelsup Club\Downloads\-Oh Babe What Would You Say- by Hurricane Smith {lyrics} - YouTube[via torchbrowser.aac
2014-07-09 16:51 - 2014-07-09 16:51 - 01792216 _____ () C:\Users\Wheelsup Club\Downloads\Leaked Star Wars Episode VII Filmset Footage! - YouTube[via torchbrowser.aac
2014-07-09 16:50 - 2014-07-09 16:51 - 16246050 _____ () C:\Users\Wheelsup Club\Downloads\Leaked Star Wars Episode VII Filmset Footage! - YouTube[via torchbrowser.com].mp4
2014-07-09 16:47 - 2014-07-12 09:08 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-07-09 16:46 - 2014-07-09 16:47 - 00001426 _____ () C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2014-07-09 16:46 - 2014-07-09 16:47 - 00001401 _____ () C:\Users\Wheelsup Club\Desktop\Torch.lnk
2014-07-09 16:46 - 2014-07-09 16:46 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
2014-07-09 16:44 - 2014-07-09 16:47 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Local\Torch
2014-07-09 16:43 - 2014-07-09 16:44 - 01661136 _____ (Torch Media, Inc) C:\Users\Wheelsup Club\Downloads\TorchSetupk-r410-n-bc.exe
2014-07-09 16:40 - 2014-07-09 16:40 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Local\FVD High-Speed Downloader
2014-07-09 16:40 - 2014-07-09 16:40 - 00000000 _____ () C:\Users\Wheelsup Club\Desktop\360p - Oh Babe What Would You Say by Hurricane Smith lyrics.webm
2014-07-09 08:55 - 2014-07-09 08:56 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0231.TMP
2014-07-09 08:55 - 2014-07-09 08:55 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0230.TMP
2014-07-09 08:06 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 08:06 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 08:06 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 08:06 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 08:06 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 08:06 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 08:06 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 08:06 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-09 08:06 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-09 08:06 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-09 08:06 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-09 08:06 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-09 08:06 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-09 08:06 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-09 08:06 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-09 08:06 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-09 08:06 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-09 08:06 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-09 08:06 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-09 08:06 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-09 08:06 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-09 08:06 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-09 08:05 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 08:05 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 08:05 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 08:05 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 08:05 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-09 08:05 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 08:05 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-09 08:05 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 08:05 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-09 08:05 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-09 08:05 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 08:05 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 08:05 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-09 08:05 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-09 08:05 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-09 08:05 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-09 08:05 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 08:05 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:05 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 08:05 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:05 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 08:05 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 08:05 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 08:05 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 08:05 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 08:05 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 08:05 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-09 08:05 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 08:05 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-09 08:05 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-09 08:05 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 08:05 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 08:05 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 08:05 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 08:05 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 08:05 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-09 08:05 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-09 08:05 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-09 08:05 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-09 08:05 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 08:05 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 08:05 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 08:05 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 08:05 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 08:05 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 08:05 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 08:05 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 08:05 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 08:05 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-09 08:05 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 08:05 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 08:05 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 08:05 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-09 08:05 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 08:05 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 08:05 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-09 08:04 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 08:04 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-09 08:04 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-08 11:57 - 2014-07-08 11:57 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0229.TMP
2014-07-06 14:13 - 2014-07-07 22:59 - 00000000 ____D () C:\Users\Wheelsup Club\.texlive2014
2014-07-06 14:04 - 2014-07-07 22:54 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeX Live 2014
2014-07-06 11:03 - 2014-07-06 11:03 - 00000000 ____D () C:\texlive
2014-07-06 11:00 - 2014-07-06 11:00 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\TeX Live
2014-07-06 11:00 - 2014-07-06 11:00 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\install-tl
2014-07-06 10:59 - 2014-07-06 03:24 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\install-tl-20140706
2014-07-06 10:58 - 2014-07-06 10:58 - 16770908 _____ () C:\Users\Wheelsup Club\Downloads\install-tl.zip
2014-07-06 10:57 - 2014-07-06 10:57 - 00011378 _____ () C:\Users\Wheelsup Club\Downloads\install-tl-windows.exe
2014-07-05 09:29 - 2014-07-05 09:29 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0228.TMP
2014-07-04 09:00 - 2014-07-04 09:00 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0227.TMP
2014-07-03 09:39 - 2014-07-03 09:39 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0226.TMP
2014-07-02 12:57 - 2014-07-02 12:57 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0225.TMP
2014-07-01 08:55 - 2014-07-01 08:55 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0224.TMP
2014-06-30 08:51 - 2014-06-30 08:51 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0223.TMP
2014-06-29 11:56 - 2014-06-29 11:56 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0222.TMP
2014-06-28 14:14 - 2014-06-28 14:15 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Local\FreeFileViewer
2014-06-28 14:13 - 2014-04-26 01:21 - 00000806 _____ () C:\Users\Wheelsup Club\Documents\INSTALL
2014-06-28 14:09 - 2014-06-28 14:11 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\mailman-2.1.18rc3
2014-06-28 14:08 - 2014-06-28 14:09 - 09043438 _____ () C:\Users\Wheelsup Club\Downloads\mailman-2.1.18rc3(1).tgz
2014-06-28 14:08 - 2014-04-25 05:21 - 29204480 _____ () C:\Users\Wheelsup Club\Downloads\mailman-2.1.18rc3.tgz
2014-06-28 10:34 - 2014-06-28 10:34 - 00207563 _____ () C:\Users\Wheelsup Club\Documents\QPW0221.TMP
2014-06-27 09:28 - 2014-06-27 09:28 - 00207557 _____ () C:\Users\Wheelsup Club\Documents\QPW0220.TMP
2014-06-26 09:01 - 2014-06-26 09:01 - 00207534 _____ () C:\Users\Wheelsup Club\Documents\QPW0219.TMP
2014-06-25 08:29 - 2014-06-25 08:29 - 00207513 _____ () C:\Users\Wheelsup Club\Documents\QPW0218.TMP
2014-06-24 09:31 - 2014-06-24 09:31 - 00207488 _____ () C:\Users\Wheelsup Club\Documents\QPW0217.TMP
2014-06-23 11:36 - 2014-06-23 11:36 - 00207444 _____ () C:\Users\Wheelsup Club\Documents\QPW0216.TMP
2014-06-22 09:02 - 2014-06-22 09:02 - 00207425 _____ () C:\Users\Wheelsup Club\Documents\QPW0215.TMP
2014-06-21 22:12 - 2014-06-21 22:14 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\3.8a-2-terms_of_reference_summary_form-en.pdf_
2014-06-21 21:30 - 2014-06-21 21:30 - 00097457 _____ () C:\Users\Wheelsup Club\Downloads\3.8a-2-terms_of_reference_summary_form-en.pdf_.zip
2014-06-21 21:19 - 2014-06-21 21:19 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\3.8a-3-ea_summary_form-en.pdf_
2014-06-21 21:18 - 2014-06-21 21:18 - 00097587 _____ () C:\Users\Wheelsup Club\Downloads\3.8a-3-ea_summary_form-en.pdf_.zip
2014-06-21 10:27 - 2014-06-21 10:27 - 00001205 _____ () C:\Users\Wheelsup Club\Desktop\Format Factory.lnk
2014-06-21 10:27 - 2014-06-21 10:27 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-06-21 08:27 - 2014-06-21 08:27 - 00207400 _____ () C:\Users\Wheelsup Club\Documents\QPW0214.TMP
2014-06-20 08:20 - 2014-06-20 08:20 - 00207375 _____ () C:\Users\Wheelsup Club\Documents\QPW0213.TMP
2014-06-19 09:56 - 2014-06-19 09:57 - 08496376 _____ (DonationCoder.com ) C:\Users\Wheelsup Club\Downloads\ScreenshotCaptorSetup(3).exe
2014-06-19 09:04 - 2014-06-19 09:04 - 00207375 _____ () C:\Users\Wheelsup Club\Documents\QPW0212.TMP
2014-06-18 13:57 - 2014-06-18 13:58 - 00000000 ____D () C:\Users\Wheelsup Club\Documents\Police
2014-06-18 10:14 - 2014-06-18 10:14 - 00207360 _____ () C:\Users\Wheelsup Club\Documents\QPW0211.TMP
2014-06-17 15:41 - 2014-06-17 15:41 - 00002147 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-06-17 15:41 - 2014-06-17 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-06-17 15:39 - 2014-06-17 15:39 - 00000000 ____D () C:\Brother
2014-06-17 15:38 - 2014-06-17 15:39 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-06-17 15:38 - 2010-08-02 20:57 - 00217088 ____N (brother) C:\windows\SysWOW64\NSSearch.dll
2014-06-17 15:38 - 2010-03-15 19:56 - 00002560 ____N (Brother Industries Ltd.) C:\windows\SysWOW64\BrDctF2S.dll
2014-06-17 15:38 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\windows\SysWOW64\BrDctF2.dll
2014-06-17 15:38 - 2007-12-13 22:16 - 00005120 ____N (Brother Industries Ltd.) C:\windows\SysWOW64\BrDctF2L.dll
2014-06-17 15:35 - 2014-06-17 15:35 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Roaming\InstallShield
2014-06-17 15:15 - 2014-06-17 15:15 - 00924173 _____ () C:\Users\Wheelsup Club\Downloads\BrMain480.exe
2014-06-17 13:44 - 2014-06-17 13:44 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\install
2014-06-17 13:43 - 2014-06-17 13:44 - 37455595 _____ (A.I.SOFT,INC.) C:\Users\Wheelsup Club\Downloads\HL-2240-inst-C1-useu(2).EXE
2014-06-17 09:56 - 2014-06-17 09:56 - 00207360 _____ () C:\Users\Wheelsup Club\Documents\QPW0210.TMP
2014-06-15 15:45 - 2014-06-16 08:14 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Local\Adobe
2014-06-15 09:59 - 2014-06-15 09:59 - 00207360 _____ () C:\Users\Wheelsup Club\Documents\QPW0209.TMP
2014-06-14 09:22 - 2014-06-14 09:22 - 00207360 _____ () C:\Users\Wheelsup Club\Documents\QPW0208.TMP
2014-06-13 16:24 - 2014-06-13 16:24 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Local\FreemakeVideoConverter
2014-06-13 09:33 - 2014-06-13 09:33 - 00207360 _____ () C:\Users\Wheelsup Club\Documents\QPW0207.TMP
...cont.
Continued...
==================== One Month Modified Files and Folders =======
2014-07-12 10:20 - 2014-07-10 09:35 - 00042965 _____ () C:\Users\Wheelsup Club\Downloads\FRST.txt
2014-07-12 10:19 - 2014-07-12 10:19 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\FRST-OlderVersion
2014-07-12 10:19 - 2014-07-10 09:35 - 00000000 ____D () C:\FRST
2014-07-12 10:19 - 2014-07-10 09:34 - 02084864 _____ (Farbar) C:\Users\Wheelsup Club\Downloads\FRST64.exe
2014-07-12 10:17 - 2011-10-29 10:02 - 00207895 _____ () C:\Users\Wheelsup Club\Documents\Visitors to DDDPL Website (January 23, 2009)2.qpw
2014-07-12 10:17 - 2011-10-28 22:56 - 00207895 _____ () C:\Users\Wheelsup Club\Documents\Visitors to DDDPL Website (January 23, 2009)1.qpw
2014-07-12 10:17 - 2011-10-28 22:56 - 00000772 _____ () C:\windows\qpw.INI
2014-07-12 10:17 - 2011-10-28 19:38 - 00000000 ____D () C:\ProgramData\DLA
2014-07-12 10:16 - 2014-07-12 10:16 - 00207893 _____ () C:\Users\Wheelsup Club\Documents\QPW0234.TMP
2014-07-12 10:16 - 2011-10-28 19:54 - 00000000 ____D () C:\Program Files (x86)\Deep Log Analyzer
2014-07-12 10:12 - 2013-09-21 08:39 - 00000390 _____ () C:\windows\Tasks\WpsUpdateTask_Wheelsup Club.job
2014-07-12 10:01 - 2014-04-01 09:39 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-12 09:48 - 2013-10-31 09:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-12 09:20 - 2009-07-14 00:45 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-12 09:20 - 2009-07-14 00:45 - 00009920 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 09:19 - 2010-12-15 13:20 - 01320292 _____ () C:\windows\WindowsUpdate.log
2014-07-12 09:11 - 2014-05-27 14:53 - 00002876 _____ () C:\windows\System32\Tasks\DriverUpdate Startup
2014-07-12 09:11 - 2014-05-27 14:53 - 00000434 _____ () C:\windows\Tasks\DriverUpdate Startup.job
2014-07-12 09:09 - 2014-02-17 16:23 - 00000418 _____ () C:\windows\Tasks\FreeFileViewerUpdateChecker.job
2014-07-12 09:09 - 2012-03-30 17:45 - 00000000 ____D () C:\ProgramData\VMware
2014-07-12 09:09 - 2012-03-30 16:14 - 00016152 _____ () C:\windows\system32\Drivers\SWDUMon.sys
2014-07-12 09:08 - 2014-07-09 16:47 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-07-12 09:06 - 2014-04-01 09:39 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-12 09:06 - 2013-12-13 16:55 - 00000104 _____ () C:\windows\system32\wphfmon.log
2014-07-12 09:06 - 2012-03-30 15:33 - 00000674 _____ () C:\windows\vista32.ini
2014-07-12 09:05 - 2013-04-25 20:43 - 00058936 _____ () C:\windows\setupact.log
2014-07-12 09:05 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-11 15:01 - 2011-10-28 09:54 - 00000000 ____D () C:\Users\Wheelsup Club\Documents\CCWin9
2014-07-11 14:58 - 2014-07-11 14:58 - 00854390 _____ () C:\Users\Wheelsup Club\Downloads\SecurityCheck.exe
2014-07-11 11:31 - 2012-08-05 20:39 - 00000000 ____D () C:\Program Files (x86)\File Type Assistant
2014-07-11 10:41 - 2014-07-11 10:41 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0233.TMP
2014-07-11 08:26 - 2013-11-03 08:17 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-07-10 17:12 - 2014-07-10 16:02 - 00004608 _____ () C:\Users\Wheelsup Club\Documents\Lawfirm Rejections.qpw
2014-07-10 17:08 - 2014-07-10 17:08 - 01228453 _____ () C:\Users\Wheelsup Club\Downloads\Online on Rogers Anyplace TV The Night Shift Online on Rogers Anyplace TV[via torchbrowser.com].mp4
2014-07-10 17:08 - 2014-07-10 17:08 - 00084170 _____ () C:\Users\Wheelsup Club\Downloads\Online on Rogers Anyplace TV The Night Shift Online on Rogers Anyplace TV[via torchbrowser.aac
2014-07-10 16:49 - 2014-07-10 16:49 - 03188194 _____ () C:\Users\Wheelsup Club\Downloads\▶ The Night Shift Video - Blood Brothers - Episode 7 - GlobalTV.com[via torchbrowser.com] (1).mp4
2014-07-10 16:49 - 2014-07-10 16:49 - 00361237 _____ () C:\Users\Wheelsup Club\Downloads\▶ The Night Shift Video - Blood Brothers - Episode 7 - GlobalTV.com[via torchbrowser (1).aac
2014-07-10 16:41 - 2014-07-10 16:41 - 03188194 _____ () C:\Users\Wheelsup Club\Downloads\▶ The Night Shift Video - Blood Brothers - Episode 7 - GlobalTV.com[via torchbrowser.com].mp4
2014-07-10 16:41 - 2014-07-10 16:41 - 00361237 _____ () C:\Users\Wheelsup Club\Downloads\▶ The Night Shift Video - Blood Brothers - Episode 7 - GlobalTV.com[via torchbrowser.aac
2014-07-10 14:57 - 2009-07-14 01:08 - 00032558 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-07-10 09:38 - 2014-07-10 09:37 - 00054163 _____ () C:\Users\Wheelsup Club\Downloads\Addition.txt
2014-07-10 09:05 - 2014-07-10 09:05 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0232.TMP
2014-07-10 08:40 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache
2014-07-09 22:32 - 2013-05-03 11:33 - 00337790 _____ () C:\windows\PFRO.log
2014-07-09 22:26 - 2013-12-28 17:11 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-09 22:26 - 2013-11-03 08:17 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-09 22:25 - 2014-07-09 22:25 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-09 22:25 - 2014-05-02 23:14 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-09 22:25 - 2013-12-28 17:11 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-07-09 22:25 - 2013-11-03 08:17 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-07-09 22:25 - 2013-11-03 08:17 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-09 22:25 - 2013-11-03 08:17 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-09 22:25 - 2013-11-03 08:17 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-09 22:25 - 2013-11-03 08:17 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-09 22:25 - 2013-11-03 08:17 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-09 16:59 - 2014-07-09 16:59 - 00000000 _____ () C:\windows\SysWOW64\sho3A62.tmp
2014-07-09 16:53 - 2014-07-09 16:53 - 08780754 _____ () C:\Users\Wheelsup Club\Downloads\-Oh Babe What Would You Say- by Hurricane Smith {lyrics} - YouTube[via torchbrowser.com].mp4
2014-07-09 16:53 - 2014-07-09 16:53 - 02479064 _____ () C:\Users\Wheelsup Club\Downloads\-Oh Babe What Would You Say- by Hurricane Smith {lyrics} - YouTube[via torchbrowser.aac
2014-07-09 16:51 - 2014-07-09 16:51 - 01792216 _____ () C:\Users\Wheelsup Club\Downloads\Leaked Star Wars Episode VII Filmset Footage! - YouTube[via torchbrowser.aac
2014-07-09 16:51 - 2014-07-09 16:50 - 16246050 _____ () C:\Users\Wheelsup Club\Downloads\Leaked Star Wars Episode VII Filmset Footage! - YouTube[via torchbrowser.com].mp4
2014-07-09 16:47 - 2014-07-09 16:46 - 00001426 _____ () C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2014-07-09 16:47 - 2014-07-09 16:46 - 00001401 _____ () C:\Users\Wheelsup Club\Desktop\Torch.lnk
2014-07-09 16:47 - 2014-07-09 16:44 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Local\Torch
2014-07-09 16:47 - 2014-06-08 09:47 - 00000532 _____ () C:\windows\wininit.ini
2014-07-09 16:46 - 2014-07-09 16:46 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
2014-07-09 16:44 - 2014-07-09 16:43 - 01661136 _____ (Torch Media, Inc) C:\Users\Wheelsup Club\Downloads\TorchSetupk-r410-n-bc.exe
2014-07-09 16:40 - 2014-07-09 16:40 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Local\FVD High-Speed Downloader
2014-07-09 16:40 - 2014-07-09 16:40 - 00000000 _____ () C:\Users\Wheelsup Club\Desktop\360p - Oh Babe What Would You Say by Hurricane Smith lyrics.webm
2014-07-09 15:46 - 2009-07-14 00:45 - 01143400 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-09 15:44 - 2014-05-02 14:36 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-09 15:44 - 2009-07-14 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 15:44 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-09 15:44 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-09 12:05 - 2013-08-13 23:09 - 00000000 ____D () C:\windows\system32\MRT
2014-07-09 12:02 - 2011-10-27 22:18 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 08:56 - 2014-07-09 08:55 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0231.TMP
2014-07-09 08:55 - 2014-07-09 08:55 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0230.TMP
2014-07-09 08:48 - 2013-10-31 09:22 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 08:48 - 2013-10-31 09:22 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 08:48 - 2013-10-31 09:22 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 14:07 - 2012-12-12 14:55 - 00000000 ____D () C:\Program Files (x86)\Applian Technologies
2014-07-08 11:57 - 2014-07-08 11:57 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0229.TMP
2014-07-08 11:32 - 2011-11-09 10:19 - 00000000 ____D () C:\Users\Wheelsup Club\Documents\Biosolids
2014-07-07 22:59 - 2014-07-06 14:13 - 00000000 ____D () C:\Users\Wheelsup Club\.texlive2014
2014-07-07 22:54 - 2014-07-06 14:04 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeX Live 2014
2014-07-06 14:13 - 2011-10-27 23:33 - 00000000 ____D () C:\Users\Wheelsup Club
2014-07-06 11:03 - 2014-07-06 11:03 - 00000000 ____D () C:\texlive
2014-07-06 11:00 - 2014-07-06 11:00 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\TeX Live
2014-07-06 11:00 - 2014-07-06 11:00 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\install-tl
2014-07-06 10:58 - 2014-07-06 10:58 - 16770908 _____ () C:\Users\Wheelsup Club\Downloads\install-tl.zip
2014-07-06 10:57 - 2014-07-06 10:57 - 00011378 _____ () C:\Users\Wheelsup Club\Downloads\install-tl-windows.exe
2014-07-06 10:54 - 2011-10-28 10:04 - 00000000 ____D () C:\TEMP
2014-07-06 03:24 - 2014-07-06 10:59 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\install-tl-20140706
2014-07-05 19:50 - 2009-07-14 01:13 - 00814178 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-05 17:25 - 2012-03-30 17:53 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Local\VMware
2014-07-05 16:43 - 2012-03-30 17:50 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Roaming\VMware
2014-07-05 09:29 - 2014-07-05 09:29 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0228.TMP
2014-07-04 09:00 - 2014-07-04 09:00 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0227.TMP
2014-07-03 09:39 - 2014-07-03 09:39 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0226.TMP
2014-07-02 12:57 - 2014-07-02 12:57 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0225.TMP
2014-07-01 08:55 - 2014-07-01 08:55 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0224.TMP
2014-06-30 08:51 - 2014-06-30 08:51 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0223.TMP
2014-06-29 22:09 - 2014-07-09 08:06 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-09 08:06 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-29 11:56 - 2014-06-29 11:56 - 00207872 _____ () C:\Users\Wheelsup Club\Documents\QPW0222.TMP
2014-06-28 14:15 - 2014-06-28 14:14 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Local\FreeFileViewer
2014-06-28 14:11 - 2014-06-28 14:09 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\mailman-2.1.18rc3
2014-06-28 14:09 - 2014-06-28 14:08 - 09043438 _____ () C:\Users\Wheelsup Club\Downloads\mailman-2.1.18rc3(1).tgz
2014-06-28 10:34 - 2014-06-28 10:34 - 00207563 _____ () C:\Users\Wheelsup Club\Documents\QPW0221.TMP
2014-06-27 09:28 - 2014-06-27 09:28 - 00207557 _____ () C:\Users\Wheelsup Club\Documents\QPW0220.TMP
2014-06-26 09:01 - 2014-06-26 09:01 - 00207534 _____ () C:\Users\Wheelsup Club\Documents\QPW0219.TMP
2014-06-25 08:30 - 2012-02-14 15:21 - 00000972 _____ () C:\Users\Wheelsup Club\Desktop\HeidiSQL.lnk
2014-06-25 08:29 - 2014-06-25 08:29 - 00207513 _____ () C:\Users\Wheelsup Club\Documents\QPW0218.TMP
2014-06-24 09:31 - 2014-06-24 09:31 - 00207488 _____ () C:\Users\Wheelsup Club\Documents\QPW0217.TMP
2014-06-23 11:48 - 2013-02-28 17:40 - 00000000 ____D () C:\Users\Wheelsup Club\Documents\Real Estate
2014-06-23 11:36 - 2014-06-23 11:36 - 00207444 _____ () C:\Users\Wheelsup Club\Documents\QPW0216.TMP
2014-06-22 14:49 - 2013-02-09 15:20 - 00000000 ____D () C:\Users\Wheelsup Club\Documents\Social Issues
2014-06-22 09:02 - 2014-06-22 09:02 - 00207425 _____ () C:\Users\Wheelsup Club\Documents\QPW0215.TMP
2014-06-21 22:14 - 2014-06-21 22:12 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\3.8a-2-terms_of_reference_summary_form-en.pdf_
2014-06-21 21:30 - 2014-06-21 21:30 - 00097457 _____ () C:\Users\Wheelsup Club\Downloads\3.8a-2-terms_of_reference_summary_form-en.pdf_.zip
2014-06-21 21:19 - 2014-06-21 21:19 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\3.8a-3-ea_summary_form-en.pdf_
2014-06-21 21:18 - 2014-06-21 21:18 - 00097587 _____ () C:\Users\Wheelsup Club\Downloads\3.8a-3-ea_summary_form-en.pdf_.zip
2014-06-21 11:24 - 2012-11-06 12:13 - 00000000 ____D () C:\Program Files (x86)\FVD Suite
2014-06-21 11:23 - 2012-03-21 13:22 - 00000000 ___RD () C:\Users\Wheelsup Club\Desktop\Rarely-used Icons
2014-06-21 10:27 - 2014-06-21 10:27 - 00001205 _____ () C:\Users\Wheelsup Club\Desktop\Format Factory.lnk
2014-06-21 10:27 - 2014-06-21 10:27 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-06-21 10:20 - 2013-10-13 11:52 - 53647808 _____ (Free Time) C:\Users\Wheelsup Club\Downloads\FormatFactorySetup.exe
2014-06-21 08:27 - 2014-06-21 08:27 - 00207400 _____ () C:\Users\Wheelsup Club\Documents\QPW0214.TMP
2014-06-20 16:14 - 2014-07-09 08:05 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-09 08:05 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-20 08:20 - 2014-06-20 08:20 - 00207375 _____ () C:\Users\Wheelsup Club\Documents\QPW0213.TMP
2014-06-20 07:56 - 2014-04-01 09:39 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 07:56 - 2014-04-01 09:39 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 14:55 - 2013-12-18 16:20 - 00000000 ____D () C:\Program Files\HeidiSQL
2014-06-19 09:58 - 2013-10-09 13:41 - 00001110 _____ () C:\Users\Wheelsup Club\Desktop\Screenshot Captor.lnk
2014-06-19 09:58 - 2013-10-09 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenshotCaptor
2014-06-19 09:58 - 2013-10-09 13:41 - 00000000 ____D () C:\Program Files (x86)\ScreenshotCaptor
2014-06-19 09:57 - 2014-06-19 09:56 - 08496376 _____ (DonationCoder.com ) C:\Users\Wheelsup Club\Downloads\ScreenshotCaptorSetup(3).exe
2014-06-19 09:04 - 2014-06-19 09:04 - 00207375 _____ () C:\Users\Wheelsup Club\Documents\QPW0212.TMP
2014-06-18 21:39 - 2014-07-09 08:05 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-09 08:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-09 08:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-09 08:05 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-09 08:05 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-09 08:05 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-09 08:05 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-09 08:05 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-09 08:05 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-09 08:05 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-09 08:05 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-09 08:05 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-09 08:05 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-09 08:05 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-09 08:05 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-09 08:05 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-09 08:05 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-09 08:05 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-09 08:05 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-09 08:05 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-09 08:05 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 08:05 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 08:05 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-09 08:05 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-09 08:05 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-09 08:05 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-09 08:05 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 08:05 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-09 08:05 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 08:05 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-09 08:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-09 08:05 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-09 08:05 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-09 08:05 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-09 08:05 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-09 08:05 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-09 08:05 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-09 08:05 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 08:05 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 08:05 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-09 08:05 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 08:05 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-09 08:05 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-09 08:05 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 08:05 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 08:05 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 08:05 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 08:05 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 08:05 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 08:05 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 08:05 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 08:05 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 08:05 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 08:05 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-18 13:58 - 2014-06-18 13:57 - 00000000 ____D () C:\Users\Wheelsup Club\Documents\Police
2014-06-18 10:14 - 2014-06-18 10:14 - 00207360 _____ () C:\Users\Wheelsup Club\Documents\QPW0211.TMP
2014-06-17 22:18 - 2014-07-09 08:06 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-09 08:06 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-09 08:06 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-17 15:41 - 2014-06-17 15:41 - 00002147 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-06-17 15:41 - 2014-06-17 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-06-17 15:39 - 2014-06-17 15:39 - 00000000 ____D () C:\Brother
2014-06-17 15:39 - 2014-06-17 15:38 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-06-17 15:38 - 2012-03-14 13:47 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-06-17 15:37 - 2010-05-31 23:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-17 15:35 - 2014-06-17 15:35 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Roaming\InstallShield
2014-06-17 15:15 - 2014-06-17 15:15 - 00924173 _____ () C:\Users\Wheelsup Club\Downloads\BrMain480.exe
2014-06-17 13:44 - 2014-06-17 13:44 - 00000000 ____D () C:\Users\Wheelsup Club\Downloads\install
2014-06-17 13:44 - 2014-06-17 13:43 - 37455595 _____ (A.I.SOFT,INC.) C:\Users\Wheelsup Club\Downloads\HL-2240-inst-C1-useu(2).EXE
2014-06-17 09:56 - 2014-06-17 09:56 - 00207360 _____ () C:\Users\Wheelsup Club\Documents\QPW0210.TMP
2014-06-16 08:14 - 2014-06-15 15:45 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Local\Adobe
2014-06-15 09:59 - 2014-06-15 09:59 - 00207360 _____ () C:\Users\Wheelsup Club\Documents\QPW0209.TMP
2014-06-14 09:22 - 2014-06-14 09:22 - 00207360 _____ () C:\Users\Wheelsup Club\Documents\QPW0208.TMP
2014-06-13 16:24 - 2014-06-13 16:24 - 00000000 ____D () C:\Users\Wheelsup Club\AppData\Local\FreemakeVideoConverter
2014-06-13 09:33 - 2014-06-13 09:33 - 00207360 _____ () C:\Users\Wheelsup Club\Documents\QPW0207.TMP
ZeroAccess:
C:\Users\Wheelsup Club\AppData\Local\Google\Desktop\Install
Files to move or delete:
====================
C:\Users\Wheelsup Club\downloader.exe
C:\Users\Wheelsup Club\FileZilla_3.7.1_win32-setup.exe
C:\Users\Wheelsup Club\FileZilla_3.7.2_win32-setup.exe
C:\Users\Wheelsup Club\FileZilla_3.7.3_win32-setup.exe
C:\Users\Wheelsup Club\FileZilla_3.8.0_win32-setup.exe
Some content of TEMP:
====================
C:\Users\Wheelsup Club\AppData\Local\Temp\_is4ECB.exe
C:\Users\Wheelsup Club\AppData\Local\Temp\_isE60A.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 08:37
==================== End Of Log ============================
...cont.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by Wheelsup Club at 2014-07-10 09:37:01
Running from C:\Users\Wheelsup Club\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
3DVIA Shape for Maps (HKLM-x32\...\{3C74D5C3-EBB9-408E-972F-B9802F13D5E4}) (Version: 6.207.09182 - Dassault Systemes)
4Free Video Converter 2 (HKLM-x32\...\{7061301A-0D44-432F-859D-AF705DA2C81F}_is1) (Version: - 4Free Studio)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Actual Drawing (HKLM-x32\...\Actual Drawing) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
AI File Splitter And Joiner 1.1 (HKLM-x32\...\AI File Splitter And Joiner) (Version: 1.1 - BYAI company, Inc.)
Alleycode HTML Editor 2.2.1 (HKLM-x32\...\Kobeman_is1) (Version: - Konae Technologies, Inc.)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{E391E2FF-927F-46A6-8466-C688A2FAF1FB}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70704.0230 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Aneesoft Free AVI Video Converter 3.6.0.0 (HKLM-x32\...\{74ECAA44-3ED0-4F2D-BFD8-4EB04B69FAD5}}_is1) (Version: - Aneesoft Co., Ltd.)
AnswerWorks Runtime (HKLM-x32\...\AnswerWorks) (Version: - )
Any Video Converter 5.6.2 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Any Video Recorder version 1.0.2 (HKLM-x32\...\{17D86E62-4849-49BC-83D2-FA369CEEA9D9}_is1) (Version: 1.0.2 - anvsoft, Inc.)
AnyMedia Player 3.4.2 (HKLM-x32\...\{1959CCD2-1227-4de4-97E7-04F29D526762}_is1) (Version: 3.4.2 - cyan soft ltd)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applian FLV and Media Player 3.1.1.12 (HKLM-x32\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Ashampoo Burning Studio 6 FREE v.6.82 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.2 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Astra 4000U (HKLM-x32\...\{99FCB145-B8BA-11D5-A6B4-0050BA724CB6}) (Version: - )
ATI AVIVO64 Codecs (Version: 10.12.0.00210 - ATI Technologies Inc.) Hidden
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avi to Dvd Free Converter v6.4.0.48 (HKLM-x32\...\Avi to Dvd Free Converter_is1) (Version: - AviToDvdFree.com Inc.)
Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
AVS Video Recorder 2.5 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.5.3.83 - Online Media Technologies Ltd.)
BankBazaar.com Compound Interest Calculator version 1.1 (HKLM-x32\...\{5BC08265-E3EE-491D-A60A-60C14D7BEAF1}_is1) (Version: 1.1 - BankBazaar.com)
BB FlashBack Express (HKLM-x32\...\BB FlashBack Express) (Version: 4.1.8.2960 - Blueberry)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS1 Accounting 2012.0 (HKLM-x32\...\BS1 Accounting 2012.0_is1) (Version: - Davis Software)
Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
BurnAware Free 7.1 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware)
Business-in-a-Box (HKLM-x32\...\Business-in-a-Box) (Version: 5.0.4 - Biztree Inc.)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0210.2206.39615 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0704.0121.388 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0704.122.388 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CinePaint (HKLM-x32\...\CinePaint) (Version: - )
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.1 - Comodo)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Compound Interest Calculator (HKLM-x32\...\{3222744F-7413-4E46-85B4-574B0885BDA7}) (Version: 1.0.0 - TraderKnowledge.com)
Cookie Editor 1.9.1.469 (HKLM-x32\...\Cookie Editor_is1) (Version: - ProXoft, L.L.C.)
Copernic Agent Basic (HKLM-x32\...\Copernic Agent Basic) (Version: - Copernic)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version: - )
Corel Applications (HKLM-x32\...\Corel Applications) (Version: - )
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3817.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3817.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes)
Deep Log Analyzer (HKLM-x32\...\{A539EC7C-3635-468F-8CBA-42364F1150B5}_is1) (Version: 1 - Deep Software Inc.)
Desktop iCalendar Lite (HKLM\...\Desktop iCalendar Lite_is1) (Version: - Desksware, Inc.)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
DriverUpdate (HKLM-x32\...\{C85A8187-7E95-429D-9C9C-57C10268B3CF}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
EditiX-Free-XML Editor2010 Free-2010 (HKLM-x32\...\EditiX-Free-XML Editor2010 Free-2010) (Version: - JAPISoft)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 0.9.5.1 - Ezvid, inc.)
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
ffdshow x64 v1.3.4500 [2013-01-06] (HKLM\...\ffdshow64_is1) (Version: 1.3.4500.0 - )
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - WipeSoft)
File Splitter and Joiner (FFSJ v3.3) (HKLM-x32\...\File Splitter and Joiner_is1) (Version: - Le Minh Hoang)
File Splitter and Joiner version 1.0.1.0 (HKLM-x32\...\{F571CFA1-1B85-4416-8FE1-318E04C7718D}_is1) (Version: 1.0.1.0 - 3nity Softwares)
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
FlameRobin 0.9.3 (HKLM-x32\...\FlameRobin_is1) (Version: - The FlameRobin Project)
Flash Movie Player 1.5 (HKLM-x32\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
FoxTab PDF Converter (HKCU\...\FoxTab PDF Converter) (Version: - ) <==== ATTENTION
Free Audio Editor (HKLM-x32\...\Free Audio Editor) (Version: - FAE Inc.)
Free AVI Video Converter version 5.0.22.128 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.22.128 - DVDVideoSoft Ltd.)
Free File Splitter 1.0 (HKLM-x32\...\Free File Splitter_is1) (Version: - Deepcom.com)
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Free Screen Video Recorder version 2.5.29.320 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.29.320 - DVDVideoSoft Ltd.)
Free SWF to AVI Converter (HKLM-x32\...\{44327031-4B00-4D21-8D25-620B6B476005}_is1) (Version: - Recool Software Co., LTD)
Free Video Joiner (HKLM-x32\...\{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1) (Version: - FreeVideoJoiner.com)
Free WebM to AVI Converter 1.0 (HKLM-x32\...\{38B50CEC-C683-404D-BAD7-48CBCBFF981B}_is1) (Version: - PolySoft Solutions)
Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png Converter 5.8 (HKLM-x32\...\Free Word/Doc Txt to Image Jpg/Jpeg Bmp Tiff Png~F15BC2F8_is1) (Version: - Word-Pdf-Convert Software, Inc.)
Free YouTube Download version 3.2.11.812 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.11.812 - DVDVideoSoft Ltd.)
Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version: - )
FreshWebSuction (HKLM-x32\...\FreshWebmaster FreshWebSuction_is1) (Version: - )
FTP Commander (HKLM-x32\...\FTP Commander) (Version: - )
FTP Navigator 8.03 (HKLM-x32\...\FTP Navigator_is1) (Version: - )
FVD High-Speed Downloader (5.0.1.39) (HKLM-x32\...\FVD High-Speed Downloader) (Version: 5.0.1.39 - Applian Technologies)
FVD Player 1.0.9 (HKLM-x32\...\FVD Player_is1) (Version: - flashvideodownloader.org)
FVD Suite 3.0.2 (HKLM-x32\...\{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1) (Version: - flashvideodownloader.org)
FWSplitter 1.3 (HKLM-x32\...\{9F9697D3-DCB6-4716-A643-DFEE792F8E10}_is1) (Version: 1.2 - FNOWare)
Gateway Game Console (x32 Version: - WildTangent) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.80 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway Photo Frame 4.2.3.10 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0812 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Gateway Incorporated)
GimpShop 2.8 (HKLM-x32\...\{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}) (Version: 2.8 - GimpShop)
GnuCash 2.4.11 (HKLM-x32\...\GnuCash_is1) (Version: - GnuCash Development Team)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript 8.71 Lite (HKLM-x32\...\GPL Ghostscript 8.71 Lite_is1) (Version: 8.71 - )
Graboid Video (HKCU\...\Graboid Video 5.0.2.0) (Version: 5.0.2.0 - Graboid Inc.)
Graboid Video (x32 Version: 5.0.2.0 - Graboid Inc.) Hidden
GSplit 3 (HKLM-x32\...\GSplit3Set) (Version: 3.0.1.0 - G.D.G. Software)
HandyBits EasyCrypto Deluxe (HKLM-x32\...\HandyBits EasyCrypto Deluxe) (Version: - )
HandyBits File Shredder (HKLM-x32\...\HandyBits File Shredder) (Version: - )
HandyBits Voice Mail (HKLM-x32\...\HandyBits Voice Mail) (Version: - )
HandyBits ZipNGo (HKLM-x32\...\HandyBits ZipNGo) (Version: - )
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version: - Ansgar Becker)
HeidiSQL 8.1.0.4545 (HKLM-x32\...\HeidiSQL_is1) (Version: 8.1 - Ansgar Becker)
HL-2240 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3005 - Gateway Incorporated)
IBM Lotus Symphony (HKLM-x32\...\{638b91e2-b5ee-49f3-8348-be72f2d65d13}) (Version: 3.01.12011 - IBM)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Gateway Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Internet Cleanup (HKLM-x32\...\Internet Cleanup) (Version: - )
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
iWisoft Flash SWF to Video Converter 3.5 (HKLM-x32\...\iWisoft Flash SWF to Video Converter_is1) (Version: 3.5.0 - www.flash-swf-converter.com)
Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 3 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Jordy Video Downloader (x32 Version: 1.1.2.0 - Jordysoft) Hidden
JStock (remove only) (HKLM-x32\...\JStock) (Version: - )
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kigo M4V Converter 4.0.1 (HKLM-x32\...\Kigo M4V Converter_is1) (Version: - Kigosoft Inc.)
Kingsoft Office 2013 (9.1.0.4246) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4246 - Kingsoft Corp.)
K-Lite Codec Pack 9.8.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.8.0 - )
K-Lite Codec Pack 9.9.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Lagarith lossless video codec (Remove Only) (HKLM-x32\...\LAGARITH) (Version: - )
Linksys EasyLink Advisor (HKLM-x32\...\Linksys EasyLink Advisor) (Version: - Linksys By Cisco Systems)
Linksys EasyLink Advisor (x32 Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media converter (HKLM-x32\...\{729E16B3-1B80-4F3F-8D19-342A89631E0A}_is1) (Version: - )
Metric Converter (HKLM-x32\...\Metric Converter) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (HKLM-x32\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MixiDJ V44 Toolbar for IE (HKLM-x32\...\IECT3298580) (Version: 6.16.2.2 - MixiDJ V44) <==== ATTENTION
Monopoly (x32 Version: 2.2.0.82 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My PowerDesk (HKLM-x32\...\PowerDesk4.0) (Version: - )
MyPaint 1.0.0 (HKCU\...\MyPaint) (Version: 1.0.0 - Martin Renold & MyPaint Development Team)
Mystery P.I. - Lost in Los Angeles (x32 Version: 2.2.0.82 - WildTangent) Hidden
Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.8.1.4 - Napster)
Napster Burn Engine (x32 Version: 3.5.0000 - Roxio) Hidden
Napster Label Creator (HKLM-x32\...\{16FD907B-FA72-4F3C-B959-E076C8238F80}) (Version: 1.00.0000 - Roxio Inc.,)
Nero 9 Essentials (HKLM-x32\...\{e6817f01-cedf-45af-8195-bd1691311e1c}) (Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.33.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Netscape Navigator (9.0.0.6) (HKLM-x32\...\Netscape Navigator (9.0.0.6)) (Version: 9.0.0.6 (en-US) - Netscape)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Option Strategy Builder 1.0.4 (HKLM-x32\...\{925B2376-5813-40B2-BE52-F088A515B9B9}) (Version: 1.0.4 - SamoaSky)
OptionMatrix (HKLM-x32\...\OptionMatrix-1.4.1) (Version: - )
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version: - Oxelon)
PageBreeze Free HTML Editor (HKLM-x32\...\PageBreeze Free HTML Editor) (Version: - )
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)
Pdf2Jpg version 1.2 (HKLM-x32\...\{533D415A-4151-4AC5-858E-4068524C8051}_is1) (Version: 1.2 - Office Necessities inc.)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.12 - Nikon)
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
project dogwaffle (C:\Program Files (x86)\project dogwaffle\) (HKLM-x32\...\ST5UNST #2) (Version: - )
project dogwaffle (HKLM-x32\...\ST5UNST #1) (Version: - )
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
PWGen 2.2.1 (HKLM-x32\...\{8A5E6B59-2804-4677-8A5F-DEBC218CE4E0}_is1) (Version: - Christian Thoeing)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6024 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scrabble Plus (x32 Version: 2.2.0.82 - WildTangent) Hidden
Screenshot Captor 4.8.5 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Split Files version 1.72 (HKLM-x32\...\{865D54A9-0240-4952-9F4D-30A59F6F2C2D}}_is1) (Version: 1.72 - Aleksey Taranov)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
StudioTax 2012 (HKLM-x32\...\{FD31CD68-1D2F-4F9C-8ACB-9A7806D53D3B}) (Version: 8.0.5.3 - BHOK IT Consulting)
StudioTax 2013 (HKLM-x32\...\{A02B37F4-26DA-454A-9997-B006D3587102}) (Version: 9.1.9.0 - BHOK IT Consulting)
SWF to AVI (HKLM-x32\...\{3315B802-84C6-47BC-907A-9B77A4646197}_is1) (Version: - www.swftoavi.com)
TaxTron T2 2013.2 Netfile (HKLM-x32\...\TaxTron T2 2013.2 Netfile) (Version: 1.2013.2.1 - TaxTron)
TaxTron T2 2013.2 Netfile (x32 Version: 1.2013.2.1 - TaxTron) Hidden
TeX Live 2014 (HKCU\...\TeXLive2014) (Version: 2014 - )
The Price is Right (x32 Version: 2.2.0.82 - WildTangent) Hidden
The Slicer Uninstall (HKLM-x32\...\Slicer) (Version: - )
Torch (HKCU\...\Torch) (Version: 33.0.0.7209 - Torch Media, Inc) <==== ATTENTION
Trellian SEO Toolkit v3.0 (HKLM-x32\...\SEOToolkit30_is1) (Version: 3.0 - Trellian Limited)
Trellian WebPage (HKLM-x32\...\Trellian WebPage_is1) (Version: 4.0 - Trellian Limited)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TweakNow PowerPack 2012 (HKLM-x32\...\TweakNow PowerPack 2012_is1) (Version: 4.0.0 - TweakNow.com)
VBA (2720) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden
Video Download Capture V4.3.2 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.3.2 - Apowersoft)
Video Download Converter version 1.0.0.0 (HKLM-x32\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION
Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )
Video Performer (HKLM-x32\...\Video Performer) (Version: - PerformerSoft LLC) <==== ATTENTION
Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
Videovac 1.6 (HKLM-x32\...\Videovac_is1) (Version: - )
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.6 - Nikon)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - A New Home (x32 Version: 2.2.0.82 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 4.0.2.28060 - VMware, Inc)
VMware Player (x32 Version: 4.0.2.28060 - VMware, Inc.) Hidden
VOptions v.4.5.1 (HKLM-x32\...\Visual Options Analyzer_is1) (Version: 4.5.1 - OLSOFT)
VSDC Free Video Editor version 1.3.3.22 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 1.3.3.22 - Flash-Integro LLC)
WebDwarf V2 (HKLM-x32\...\{D2340C67-0F20-4B9C-A3A8-CD8821582E5D}) (Version: 2.91.12 - Virtual Mechanics)
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
WebFerret (HKLM-x32\...\WebFerret) (Version: - CNET Networks)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3013 - Gateway Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinHTTrack Website Copier 3.44-1 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.44.1 - HTTrack)
WinHTTrack Website Copier 3.46-1 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Winprint HylaFAX (HKLM-x32\...\{769252B2-FF9A-4006-A986-F1DB0E29A638}) (Version: 1.2 - Michael Stowe)
WinPrint Hylafax for Windows 7 version 1.4.0.0 (HKLM\...\WinPrint Hylafax for Windows 7_is1) (Version: 1.4.0.0 - Michal Havranek)
Winprint HylaFAX Reloaded 0.4.7 (HKLM\...\{F64330DD-1138-4CB4-BF45-87F9168933F6}_is1) (Version: 0.4.7 - Monti Lorenzo)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinSplit 1.6 (HKLM-x32\...\WinSplit_is1) (Version: - Everlong Software)
Word to Jpeg Converter 3000 7.3 (HKLM-x32\...\Word to Jpeg Converter 3000_is1) (Version: - Head Document Tool Software, Inc.)
Xilisoft AVI to DVD Converter (HKLM-x32\...\Xilisoft AVI to DVD Converter) (Version: 7.1.3.20130116 - Xilisoft)
XMLFox (HKLM-x32\...\{E2EA5233-8AC4-4A59-A521-FBD1A0778A06}) (Version: - RustemSoft)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
Yahtzee (x32 Version: 2.2.0.82 - WildTangent) Hidden
Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
==================== Restore Points =========================
04-07-2014 17:41:42 Windows Update
08-07-2014 02:43:56 Windows Update
09-07-2014 15:59:53 Windows Update
10-07-2014 02:23:02 avast! antivirus system restore point
==================== Hosts content: ==========================
2009-07-13 22:34 - 2014-06-01 23:16 - 00899844 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {03019CA2-4E1D-4A96-B3E0-D1D112F765B0} - System32\Tasks\{231AD5FD-744C-4055-B3B8-009C757E5872} => J:\WINSIM\WINSIM.EXE
Task: {04581BAA-6B30-46BB-A2A0-ADE1CE4649F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {0B4512E1-421C-4288-B119-8ADD3F0A1F71} - \SuperLyrics-16-firefoxinstaller No Task File <==== ATTENTION
Task: {1C0693E6-D854-4120-9758-500AEE2B37D8} - System32\Tasks\{9654D2B3-A887-4798-BF3B-418C4763176F} => J:\WINSIM\WINSIM.EXE
Task: {1C9F2A21-C7D6-4E28-8BB2-44CDE5D784FA} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\tsasetup.exe [2014-05-07] ( ) <==== ATTENTION
Task: {1EBBC5B5-CDAE-4F26-A39D-9E38B0D65AA6} - \SuperLyrics-16-codedownloader No Task File <==== ATTENTION
Task: {24D530E6-F24C-4249-B582-5F7C21E07CCB} - \SuperLyrics-16-chromeinstaller No Task File <==== ATTENTION
Task: {369CEFC5-6C54-4108-9069-8315865CD022} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3A5831E4-4225-40DE-A6A6-59D93CEF714E} - System32\Tasks\Registration Trigger IBM Lotus Symphony Task => C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\rcplauncher.exe [2011-09-15] (IBM Corp)
Task: {44D74C0B-F541-49B4-9C71-64F15AD1AA84} - \DealPly No Task File <==== ATTENTION
Task: {4A3CACA1-83D3-4B79-87BA-E661EF92A43A} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: {5739A42D-4797-4AB1-BB9F-BB62B3F1C0BE} - System32\Tasks\VisualBeeRecovery => C:\Users\Wheelsup
Task: {64A5AA3A-7CC8-4ADF-A6CE-946870EF0256} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {6803C378-7C19-46FE-B443-547F353C558A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {78AC4E71-B5CF-43BC-9BB6-6F83F144E79B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {81343FC8-BF8D-4269-B8EA-005881209F53} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-09] (AVAST Software)
Task: {835D2487-E1A0-40F2-B841-6D6948B2599B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {91D22AA9-1BAF-4589-8769-D6239423EC51} - System32\Tasks\{453B8206-B75E-4DE3-91FB-BE73F0F95797} => J:\WINSIM\WINSIM.EXE
Task: {9B344739-9B7E-4AEB-94A6-CE23F99CECE3} - \SuperLyrics-16-enabler No Task File <==== ATTENTION
Task: {A4781A6D-1AB7-40C7-A094-B8F13618A503} - System32\Tasks\{1D95997F-E751-4E61-947A-53FF7568B0BC} => Iexplore.exe http://ui.skype.com/ui/0/4.1.0.179.3...ed;notincluded
Task: {A4BAB077-905B-48B6-B76C-596D1992C6C9} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {AAAE2AC0-6262-4804-867B-73E23CF70F71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {AD450CDC-A8AE-4C72-8D5D-02EB1A85D8F2} - \SuperLyrics-16-updater No Task File <==== ATTENTION
Task: {B3EF8737-E3D5-4DE5-8492-16B411D9A261} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {DFB3D4B5-ED3F-4607-86C3-22A24FD80FC4} - System32\Tasks\{72D90ECD-616E-4C72-B35A-B7F920D49D06} => J:\WINSIM\WINSIM.EXE
Task: {E20EAB47-68E4-4D03-B825-F7536819511C} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-05-14] (SlimWare Utilities, Inc.)
Task: {FCB78260-78DB-4E30-A585-7416B3BEDBE5} - System32\Tasks\WpsUpdateTask_Wheelsup Club => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2013-08-11] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\WpsUpdateTask_Wheelsup Club.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-26 16:52 - 2009-10-05 13:42 - 00043008 _____ () C:\windows\System32\sfppm.dll
2012-07-04 01:36 - 2012-07-04 01:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-05-05 22:24 - 2010-05-05 22:24 - 00609312 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
2012-07-04 01:36 - 2012-07-04 01:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-07-04 01:16 - 2012-07-04 01:16 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2008-11-13 15:43 - 2008-11-13 15:43 - 00204800 _____ () C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
2014-07-09 22:25 - 2014-07-09 22:25 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-09 22:20 - 2014-07-09 22:20 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070901\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-05 22:24 - 2010-05-05 22:24 - 00151584 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
2009-06-12 19:37 - 2009-06-12 19:37 - 00032768 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
2009-06-12 19:37 - 2009-06-12 19:37 - 00025088 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00148480 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00097280 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2014-07-09 22:25 - 2014-07-09 22:25 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-08 09:59 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-08 09:59 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-08 09:59 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-17 15:38 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2008-11-13 15:43 - 2008-11-13 15:43 - 00081920 _____ () C:\Program Files (x86)\Linksys\Linksys Updater\lib\wrapper.dll
2012-01-18 17:11 - 2012-01-18 17:11 - 01229424 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-06-08 09:59 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-08 09:59 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2014-05-09 15:38 - 2014-06-11 08:41 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:A5514ABC
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupfolder: C:^Users^Wheelsup Club^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: BIBLauncher => C:\Program Files (x86)\Business-in-a-Box\BIBLauncher.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/10/2014 07:53:38 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
Error: (07/09/2014 10:35:46 PM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
Error: (07/09/2014 10:18:24 PM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
Error: (07/09/2014 07:59:57 PM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
Error: (07/09/2014 04:38:59 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2104. Message ID: [0x2509].
Error: (07/09/2014 03:49:04 PM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
Error: (07/09/2014 07:48:59 AM) (Source: SDFSSvc.exe) (EventID: 0) (User: )
Description: The service process could not connect to the service controller
Error: (07/09/2014 07:45:52 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
Error: (07/08/2014 07:58:51 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
Error: (07/07/2014 10:30:17 PM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: SuperSocket info: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0.
System errors:
=============
Error: (07/10/2014 07:58:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (07/10/2014 07:54:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util SaltarSmart service failed to start due to the following error:
%%2
Error: (07/10/2014 07:53:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053
Error: (07/10/2014 07:53:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (07/10/2014 07:52:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Freemake Improver service failed to start due to the following error:
%%1053
Error: (07/10/2014 07:52:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.
Error: (07/09/2014 10:42:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (07/09/2014 10:41:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
Error: (07/09/2014 10:38:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053
Error: (07/09/2014 10:38:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Microsoft Office Sessions:
=========================
Error: (07/10/2014 07:53:38 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
Error: (07/09/2014 10:35:46 PM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
Error: (07/09/2014 10:18:24 PM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
Error: (07/09/2014 07:59:57 PM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
Error: (07/09/2014 04:38:59 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2104. Message ID: [0x2509].
Error: (07/09/2014 03:49:04 PM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
Error: (07/09/2014 07:48:59 AM) (Source: SDFSSvc.exe) (EventID: 0) (User: )
Description: The service process could not connect to the service controller
Error: (07/09/2014 07:45:52 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
Error: (07/08/2014 07:58:51 AM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
Error: (07/07/2014 10:30:17 PM) (Source: MSSQLServer) (EventID: 19011) (User: )
Description: FillAddress(MSAFD Tcpip [TCP/IPv6]) : Error 0
CodeIntegrity Errors:
===================================
Date: 2014-06-26 15:57:30.935
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-26 15:53:49.141
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-26 15:49:15.695
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-26 15:46:10.936
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-26 15:45:45.101
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-26 15:45:23.597
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-26 15:30:05.887
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-26 15:25:25.765
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-26 15:20:25.571
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-26 15:17:00.216
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 5871.76 MB
Available physical RAM: 2814.86 MB
Total Pagefile: 11741.7 MB
Available Pagefile: 8047.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:915.73 GB) (Free:248.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931 GB) (Disk ID: 30268F36)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916 GB) - (Type=07 NTFS)
==================== End Of Log ============================
- r
I think you downloaded something that came with a ton of bundled adware-malware. This machine is very messy.
Plus, your using 2 antivirus on the computer
Microsoft Security Essentials and avast! Antivirus. That's not a good idea!
anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall 1.
MalwareBytes is out of date <== we'll take care of this later.
Java is out of date <== we'll take care of this later.
**************************
**WARNING**
Unfortunately one or more of the infections I have identified are Backdoor Trojans,
You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection.
If you would like to format and reinstall your Operating System please let me know.
If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.
**************************
The below script I have created will reboot your computer, please don't be alarmed.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
Run FRST/FRST64 and press the Fix button just once and wait.start
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No File
BHO-x32: No Name - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.28.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.28.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - No File
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - No File
FF Extension: Google/Yandex search link fix - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2014-01-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 azvohwlg; \??\C:\windows\system32\drivers\azvohwlg.sys [X]
S1 caglpito; \??\C:\windows\system32\drivers\caglpito.sys [X]
S1 cglcnxna; \??\C:\windows\system32\drivers\cglcnxna.sys [X]
S1 cgxzeais; \??\C:\windows\system32\drivers\cgxzeais.sys [X]
S1 dkxomdff; \??\C:\windows\system32\drivers\dkxomdff.sys [X]
S1 dlrcmacc; \??\C:\windows\system32\drivers\dlrcmacc.sys [X]
S1 dnonjzhp; \??\C:\windows\system32\drivers\dnonjzhp.sys [X]
S1 docrwtro; \??\C:\windows\system32\drivers\docrwtro.sys [X]
S1 ekrvryyb; \??\C:\windows\system32\drivers\ekrvryyb.sys [X]
S1 eolbguvz; \??\C:\windows\system32\drivers\eolbguvz.sys [X]
S1 fwtxrcwi; \??\C:\windows\system32\drivers\fwtxrcwi.sys [X]
S1 iaqybpyk; \??\C:\windows\system32\drivers\iaqybpyk.sys [X]
S1 ivnnnudl; \??\C:\windows\system32\drivers\ivnnnudl.sys [X]
S1 jiwrmxaw; \??\C:\windows\system32\drivers\jiwrmxaw.sys [X]
S1 lasmepzv; \??\C:\windows\system32\drivers\lasmepzv.sys [X]
S1 meusbmhl; \??\C:\windows\system32\drivers\meusbmhl.sys [X]
S1 nffxbovz; \??\C:\windows\system32\drivers\nffxbovz.sys [X]
S1 nnptydlz; \??\C:\windows\system32\drivers\nnptydlz.sys [X]
S1 oladlbpd; \??\C:\windows\system32\drivers\oladlbpd.sys [X]
S1 oquqdghi; \??\C:\windows\system32\drivers\oquqdghi.sys [X]
S1 oyixxbuu; \??\C:\windows\system32\drivers\oyixxbuu.sys [X]
S1 pfvkeyok; \??\C:\windows\system32\drivers\pfvkeyok.sys [X]
S1 qocjlccd; \??\C:\windows\system32\drivers\qocjlccd.sys [X]
S1 quuthscw; \??\C:\windows\system32\drivers\quuthscw.sys [X]
S1 sefciruf; \??\C:\windows\system32\drivers\sefciruf.sys [X]
S1 sosmzeaj; \??\C:\windows\system32\drivers\sosmzeaj.sys [X]
S1 sxxihgwu; \??\C:\windows\system32\drivers\sxxihgwu.sys [X]
S1 tdilglsd; \??\C:\windows\system32\drivers\tdilglsd.sys [X]
S1 tyzqtmjl; \??\C:\windows\system32\drivers\tyzqtmjl.sys [X]
S1 uoizcgqf; \??\C:\windows\system32\drivers\uoizcgqf.sys [X]
S1 xuhsefvm; \??\C:\windows\system32\drivers\xuhsefvm.sys [X]
C:\Users\Wheelsup Club\Documents\QPW0234.TMP
C:\Users\Wheelsup Club\Documents\QPW0233.TMP
C:\Users\Wheelsup Club\Documents\QPW0232.TMP
C:\windows\SysWOW64\sho3A62.tmp
C:\Users\Wheelsup Club\Documents\QPW0231.TMP
C:\Users\Wheelsup Club\Documents\QPW0230.TMP
C:\Users\Wheelsup Club\Documents\QPW0229.TMP
C:\Users\Wheelsup Club\Documents\QPW0228.TMP
C:\Users\Wheelsup Club\Documents\QPW0227.TMP
C:\Users\Wheelsup Club\Documents\QPW0226.TMP
C:\Users\Wheelsup Club\Documents\QPW0225.TMP
C:\Users\Wheelsup Club\Documents\QPW0224.TMP
C:\Users\Wheelsup Club\Documents\QPW0223.TMP
C:\Users\Wheelsup Club\Documents\QPW0222.TMP
C:\Users\Wheelsup Club\Documents\QPW0221.TMP
C:\Users\Wheelsup Club\Documents\QPW0220.TMP
C:\Users\Wheelsup Club\Documents\QPW0219.TMP
C:\Users\Wheelsup Club\Documents\QPW0218.TMP
C:\Users\Wheelsup Club\Documents\QPW0217.TMP
C:\Users\Wheelsup Club\Documents\QPW0216.TMP
C:\Users\Wheelsup Club\Documents\QPW0215.TMP
C:\Users\Wheelsup Club\Documents\QPW0214.TMP
C:\Users\Wheelsup Club\Documents\QPW0213.TMP
C:\Users\Wheelsup Club\Documents\QPW0212.TMP
C:\Users\Wheelsup Club\Documents\QPW0211.TMP
C:\Users\Wheelsup Club\Documents\QPW0210.TMP
C:\Users\Wheelsup Club\Documents\QPW0209.TMP
C:\Users\Wheelsup Club\Documents\QPW0208.TMP
C:\Users\Wheelsup Club\Documents\QPW0207.TMP
C:\Users\Wheelsup Club\Documents\QPW0234.TMP
ZeroAccess:
C:\Users\Wheelsup Club\AppData\Local\Google\Desktop\Install
C:\Users\Wheelsup Club\downloader.exe
C:\Users\Wheelsup Club\FileZilla_3.7.1_win32-setup.exe
C:\Users\Wheelsup Club\FileZilla_3.7.2_win32-setup.exe
C:\Users\Wheelsup Club\FileZilla_3.7.3_win32-setup.exe
C:\Users\Wheelsup Club\FileZilla_3.8.0_win32-setup.exe
C:\Users\Wheelsup Club\AppData\Local\Temp\_is4ECB.exe
C:\Users\Wheelsup Club\AppData\Local\Temp\_isE60A.exe
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION
FoxTab PDF Converter (HKCU\...\FoxTab PDF Converter) (Version: - ) <==== ATTENTION
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
MixiDJ V44 Toolbar for IE (HKLM-x32\...\IECT3298580) (Version: 6.16.2.2 - MixiDJ V44) <==== ATTENTION
Torch (HKCU\...\Torch) (Version: 33.0.0.7209 - Torch Media, Inc) <==== ATTENTION
Video Download Converter version 1.0.0.0 (HKLM-x32\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION
Video Performer (HKLM-x32\...\Video Performer) (Version: - PerformerSoft LLC) <==== ATTENTION
Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
Task: {0B4512E1-421C-4288-B119-8ADD3F0A1F71} - \SuperLyrics-16-firefoxinstaller No Task File <==== ATTENTION
Task: {1EBBC5B5-CDAE-4F26-A39D-9E38B0D65AA6} - \SuperLyrics-16-codedownloader No Task File <==== ATTENTION
Task: {24D530E6-F24C-4249-B582-5F7C21E07CCB} - \SuperLyrics-16-chromeinstaller No Task File <==== ATTENTION
Task: {44D74C0B-F541-49B4-9C71-64F15AD1AA84} - \DealPly No Task File <==== ATTENTION
Task: {4A3CACA1-83D3-4B79-87BA-E661EF92A43A} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: {AD450CDC-A8AE-4C72-8D5D-02EB1A85D8F2} - \SuperLyrics-16-updater No Task File <==== ATTENTION
Task: {B3EF8737-E3D5-4DE5-8492-16B411D9A261} - \DealPlyUpdate No Task File <==== ATTENTION
Task: C:\windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:A5514ABC
Reboot:
end
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
**********************
-AdwCleaner-by Xplode
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Do not click on any links in the top Advertisment.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
- NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
***********
Please post
fixlist.txt
C:\AdwCleaner.txt
JRT.txt
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
I will take a while for me to run everything and past results.
So, here is the first:
- r
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-07-2014
Ran by Wheelsup Club at 2014-07-13 14:19:04 Run:1
Running from C:\Users\Wheelsup Club\Documents\Computer
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No File
BHO-x32: No Name - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - No File
Toolbar: HKLM - No Name - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.28.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.28.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - No File
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - No File
FF Extension: Google/Yandex search link fix - C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2014-01-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S1 azvohwlg; \??\C:\windows\system32\drivers\azvohwlg.sys [X]
S1 caglpito; \??\C:\windows\system32\drivers\caglpito.sys [X]
S1 cglcnxna; \??\C:\windows\system32\drivers\cglcnxna.sys [X]
S1 cgxzeais; \??\C:\windows\system32\drivers\cgxzeais.sys [X]
S1 dkxomdff; \??\C:\windows\system32\drivers\dkxomdff.sys [X]
S1 dlrcmacc; \??\C:\windows\system32\drivers\dlrcmacc.sys [X]
S1 dnonjzhp; \??\C:\windows\system32\drivers\dnonjzhp.sys [X]
S1 docrwtro; \??\C:\windows\system32\drivers\docrwtro.sys [X]
S1 ekrvryyb; \??\C:\windows\system32\drivers\ekrvryyb.sys [X]
S1 eolbguvz; \??\C:\windows\system32\drivers\eolbguvz.sys [X]
S1 fwtxrcwi; \??\C:\windows\system32\drivers\fwtxrcwi.sys [X]
S1 iaqybpyk; \??\C:\windows\system32\drivers\iaqybpyk.sys [X]
S1 ivnnnudl; \??\C:\windows\system32\drivers\ivnnnudl.sys [X]
S1 jiwrmxaw; \??\C:\windows\system32\drivers\jiwrmxaw.sys [X]
S1 lasmepzv; \??\C:\windows\system32\drivers\lasmepzv.sys [X]
S1 meusbmhl; \??\C:\windows\system32\drivers\meusbmhl.sys [X]
S1 nffxbovz; \??\C:\windows\system32\drivers\nffxbovz.sys [X]
S1 nnptydlz; \??\C:\windows\system32\drivers\nnptydlz.sys [X]
S1 oladlbpd; \??\C:\windows\system32\drivers\oladlbpd.sys [X]
S1 oquqdghi; \??\C:\windows\system32\drivers\oquqdghi.sys [X]
S1 oyixxbuu; \??\C:\windows\system32\drivers\oyixxbuu.sys [X]
S1 pfvkeyok; \??\C:\windows\system32\drivers\pfvkeyok.sys [X]
S1 qocjlccd; \??\C:\windows\system32\drivers\qocjlccd.sys [X]
S1 quuthscw; \??\C:\windows\system32\drivers\quuthscw.sys [X]
S1 sefciruf; \??\C:\windows\system32\drivers\sefciruf.sys [X]
S1 sosmzeaj; \??\C:\windows\system32\drivers\sosmzeaj.sys [X]
S1 sxxihgwu; \??\C:\windows\system32\drivers\sxxihgwu.sys [X]
S1 tdilglsd; \??\C:\windows\system32\drivers\tdilglsd.sys [X]
S1 tyzqtmjl; \??\C:\windows\system32\drivers\tyzqtmjl.sys [X]
S1 uoizcgqf; \??\C:\windows\system32\drivers\uoizcgqf.sys [X]
S1 xuhsefvm; \??\C:\windows\system32\drivers\xuhsefvm.sys [X]
C:\Users\Wheelsup Club\Documents\QPW0234.TMP
C:\Users\Wheelsup Club\Documents\QPW0233.TMP
C:\Users\Wheelsup Club\Documents\QPW0232.TMP
C:\windows\SysWOW64\sho3A62.tmp
C:\Users\Wheelsup Club\Documents\QPW0231.TMP
C:\Users\Wheelsup Club\Documents\QPW0230.TMP
C:\Users\Wheelsup Club\Documents\QPW0229.TMP
C:\Users\Wheelsup Club\Documents\QPW0228.TMP
C:\Users\Wheelsup Club\Documents\QPW0227.TMP
C:\Users\Wheelsup Club\Documents\QPW0226.TMP
C:\Users\Wheelsup Club\Documents\QPW0225.TMP
C:\Users\Wheelsup Club\Documents\QPW0224.TMP
C:\Users\Wheelsup Club\Documents\QPW0223.TMP
C:\Users\Wheelsup Club\Documents\QPW0222.TMP
C:\Users\Wheelsup Club\Documents\QPW0221.TMP
C:\Users\Wheelsup Club\Documents\QPW0220.TMP
C:\Users\Wheelsup Club\Documents\QPW0219.TMP
C:\Users\Wheelsup Club\Documents\QPW0218.TMP
C:\Users\Wheelsup Club\Documents\QPW0217.TMP
C:\Users\Wheelsup Club\Documents\QPW0216.TMP
C:\Users\Wheelsup Club\Documents\QPW0215.TMP
C:\Users\Wheelsup Club\Documents\QPW0214.TMP
C:\Users\Wheelsup Club\Documents\QPW0213.TMP
C:\Users\Wheelsup Club\Documents\QPW0212.TMP
C:\Users\Wheelsup Club\Documents\QPW0211.TMP
C:\Users\Wheelsup Club\Documents\QPW0210.TMP
C:\Users\Wheelsup Club\Documents\QPW0209.TMP
C:\Users\Wheelsup Club\Documents\QPW0208.TMP
C:\Users\Wheelsup Club\Documents\QPW0207.TMP
C:\Users\Wheelsup Club\Documents\QPW0234.TMP
ZeroAccess:
C:\Users\Wheelsup Club\AppData\Local\Google\Desktop\Install
C:\Users\Wheelsup Club\downloader.exe
C:\Users\Wheelsup Club\FileZilla_3.7.1_win32-setup.exe
C:\Users\Wheelsup Club\FileZilla_3.7.2_win32-setup.exe
C:\Users\Wheelsup Club\FileZilla_3.7.3_win32-setup.exe
C:\Users\Wheelsup Club\FileZilla_3.8.0_win32-setup.exe
C:\Users\Wheelsup Club\AppData\Local\Temp\_is4ECB.exe
C:\Users\Wheelsup Club\AppData\Local\Temp\_isE60A.exe
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: 2014.5.6.0 - ) <==== ATTENTION
FoxTab PDF Converter (HKCU\...\FoxTab PDF Converter) (Version: - ) <==== ATTENTION
Free File Viewer 2014 (HKLM-x32\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
MixiDJ V44 Toolbar for IE (HKLM-x32\...\IECT3298580) (Version: 6.16.2.2 - MixiDJ V44) <==== ATTENTION
Torch (HKCU\...\Torch) (Version: 33.0.0.7209 - Torch Media, Inc) <==== ATTENTION
Video Download Converter version 1.0.0.0 (HKLM-x32\...\VDC_is1) (Version: 1.0.0.0 - ) <==== ATTENTION
Video Performer (HKLM-x32\...\Video Performer) (Version: - PerformerSoft LLC) <==== ATTENTION
Video Player (HKLM-x32\...\Video Player) (Version: 1.1 - Video Player) <==== ATTENTION
Task: {0B4512E1-421C-4288-B119-8ADD3F0A1F71} - \SuperLyrics-16-firefoxinstaller No Task File <==== ATTENTION
Task: {1EBBC5B5-CDAE-4F26-A39D-9E38B0D65AA6} - \SuperLyrics-16-codedownloader No Task File <==== ATTENTION
Task: {24D530E6-F24C-4249-B582-5F7C21E07CCB} - \SuperLyrics-16-chromeinstaller No Task File <==== ATTENTION
Task: {44D74C0B-F541-49B4-9C71-64F15AD1AA84} - \DealPly No Task File <==== ATTENTION
Task: {4A3CACA1-83D3-4B79-87BA-E661EF92A43A} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: {AD450CDC-A8AE-4C72-8D5D-02EB1A85D8F2} - \SuperLyrics-16-updater No Task File <==== ATTENTION
Task: {B3EF8737-E3D5-4DE5-8492-16B411D9A261} - \DealPlyUpdate No Task File <==== ATTENTION
Task: C:\windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:A5514ABC
Reboot:
end
*****************
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive1'=> Key not found.
'HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive2'=> Key not found.
'HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive3'=> Key not found.
'HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive1'=> Key not found.
'HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive2'=> Key not found.
'HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SkyDrive3'=> Key not found.
'HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}' => Key deleted successfully.
'HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}' => Key deleted successfully.
'HKCR\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value deleted successfully.
'HKCR\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} => value deleted successfully.
'HKCR\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
'HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}' => Key deleted successfully.
'HKCR\PROTOCOLS\Handler\copernicagent' => Key deleted successfully.
'HKCR\CLSID\{A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6}'=> Key not found.
'HKCR\PROTOCOLS\Handler\copernicagentcache' => Key deleted successfully.
'HKCR\CLSID\{AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D}'=> Key not found.
C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi => Moved successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
azvohwlg => Service deleted successfully.
caglpito => Service deleted successfully.
cglcnxna => Service deleted successfully.
cgxzeais => Service deleted successfully.
dkxomdff => Service deleted successfully.
dlrcmacc => Service deleted successfully.
dnonjzhp => Service deleted successfully.
docrwtro => Service deleted successfully.
ekrvryyb => Service deleted successfully.
eolbguvz => Service deleted successfully.
fwtxrcwi => Service deleted successfully.
iaqybpyk => Service deleted successfully.
ivnnnudl => Service deleted successfully.
jiwrmxaw => Service deleted successfully.
lasmepzv => Service deleted successfully.
meusbmhl => Service deleted successfully.
nffxbovz => Service deleted successfully.
nnptydlz => Service deleted successfully.
oladlbpd => Service deleted successfully.
oquqdghi => Service deleted successfully.
oyixxbuu => Service deleted successfully.
pfvkeyok => Service deleted successfully.
qocjlccd => Service deleted successfully.
quuthscw => Service deleted successfully.
sefciruf => Service deleted successfully.
sosmzeaj => Service deleted successfully.
sxxihgwu => Service deleted successfully.
tdilglsd => Service deleted successfully.
tyzqtmjl => Service deleted successfully.
uoizcgqf => Service deleted successfully.
xuhsefvm => Service deleted successfully.
C:\Users\Wheelsup Club\Documents\QPW0234.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0233.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0232.TMP => Moved successfully.
C:\windows\SysWOW64\sho3A62.tmp => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0231.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0230.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0229.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0228.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0227.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0226.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0225.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0224.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0223.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0222.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0221.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0220.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0219.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0218.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0217.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0216.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0215.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0214.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0213.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0212.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0211.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0210.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0209.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0208.TMP => Moved successfully.
C:\Users\Wheelsup Club\Documents\QPW0207.TMP => Moved successfully.
"C:\Users\Wheelsup Club\Documents\QPW0234.TMP" => File/Directory not found.
C:\Users\Wheelsup Club\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Users\Wheelsup Club\downloader.exe => Moved successfully.
C:\Users\Wheelsup Club\FileZilla_3.7.1_win32-setup.exe => Moved successfully.
C:\Users\Wheelsup Club\FileZilla_3.7.2_win32-setup.exe => Moved successfully.
C:\Users\Wheelsup Club\FileZilla_3.7.3_win32-setup.exe => Moved successfully.
C:\Users\Wheelsup Club\FileZilla_3.8.0_win32-setup.exe => Moved successfully.
C:\Users\Wheelsup Club\AppData\Local\Temp\_is4ECB.exe => Moved successfully.
C:\Users\Wheelsup Club\AppData\Local\Temp\_isE60A.exe => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0B4512E1-421C-4288-B119-8ADD3F0A1F71}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B4512E1-421C-4288-B119-8ADD3F0A1F71}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperLyrics-16-firefoxinstaller' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1EBBC5B5-CDAE-4F26-A39D-9E38B0D65AA6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EBBC5B5-CDAE-4F26-A39D-9E38B0D65AA6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperLyrics-16-codedownloader' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24D530E6-F24C-4249-B582-5F7C21E07CCB}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24D530E6-F24C-4249-B582-5F7C21E07CCB}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperLyrics-16-chromeinstaller' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44D74C0B-F541-49B4-9C71-64F15AD1AA84}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44D74C0B-F541-49B4-9C71-64F15AD1AA84}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A3CACA1-83D3-4B79-87BA-E661EF92A43A}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A3CACA1-83D3-4B79-87BA-E661EF92A43A}' => Key deleted successfully.
C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD450CDC-A8AE-4C72-8D5D-02EB1A85D8F2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD450CDC-A8AE-4C72-8D5D-02EB1A85D8F2}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperLyrics-16-updater' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3EF8737-E3D5-4DE5-8492-16B411D9A261}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3EF8737-E3D5-4DE5-8492-16B411D9A261}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate' => Key deleted successfully.
C:\windows\Tasks\FreeFileViewerUpdateChecker.job => Moved successfully.
C:\ProgramData\Temp => ":A5514ABC" ADS removed successfully.
The system needed a reboot.
==== End of Fixlog ====
# AdwCleaner v3.215 - Report created 13/07/2014 at 14:44:27
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Wheelsup Club - WHEELSUPCLUB-PC
# Running from : C:\Users\Wheelsup Club\Downloads\AdwCleaner(1).exe
# Option : Clean
***** [ Services ] *****
Service Deleted : torchcrashhandler
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\torchcrashhandler
Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\vGrabber-software
Folder Deleted : C:\Program Files (x86)\Video Performer
Folder Deleted : C:\Program Files (x86)\VideoPlayerV3
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Users\Wheelsup Club\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Wheelsup Club\AppData\Local\PackageAware
Folder Deleted : C:\Users\Wheelsup Club\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Wheelsup Club\AppData\Local\torch
Folder Deleted : C:\Users\Wheelsup Club\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Wheelsup Club\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Deleted : C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Performer
Folder Deleted : C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Deleted : C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
File Deleted : C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
File Deleted : C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\Extensions\firefox@saltarsmart.biz.xpi
File Deleted : C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\slvcv7hg.default-1353510380055\Extensions\firefox@saltarsmart.biz.xpi
File Deleted : C:\END
File Deleted : C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Deleted : C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
File Deleted : C:\Users\Wheelsup Club\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
File Deleted : C:\Users\Wheelsup Club\Desktop\Torch.lnk
File Deleted : C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\foxydeal.sqlite
File Deleted : C:\windows\Tasks\driverupdate startup.job
File Deleted : C:\windows\System32\Tasks\driverupdate startup
File Deleted : C:\windows\System32\Tasks\ProgramRefresh-ATFST
File Deleted : C:\windows\System32\Tasks\VisualBeeRecovery
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\TorchVLC
Key Deleted : HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Update SaltarSmart
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3298580
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{268CA04C-106C-4636-B707-95E8CD5859E0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\VideoDownloadConverter_4z
Key Deleted : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\VideoDownloadConverter_4z
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Performer
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v30.0 (en-US)
[ File : C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\r2ykzn6f.default\prefs.js ]
[ File : C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\ra2bxp65.default-1383529527463\prefs.js ]
Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394071765547");
Line Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*digg.com/(.{5}|.{6})$|hxxp:[...]
[ File : C:\Users\Wheelsup Club\AppData\Roaming\Mozilla\Firefox\Profiles\slvcv7hg.default-1353510380055\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Wheelsup Club\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj
*************************
AdwCleaner[R0].txt - [32106 octets] - [04/11/2013 22:55:34]
AdwCleaner[R1].txt - [9190 octets] - [13/07/2014 14:42:29]
AdwCleaner[S0].txt - [30031 octets] - [04/11/2013 22:56:36]
AdwCleaner[S1].txt - [9005 octets] - [13/07/2014 14:44:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9065 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Wheelsup Club on Sun 07/13/2014 at 14:59:09.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Dragon_AskSetup_new_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Dragon_AskSetup_new_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Dragon_AskSetup_new_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Dragon_AskSetup_new_RASMANCS
~~~ Files
Successfully deleted: [File] C:\windows\syswow64\sho7A03.tmp
Successfully deleted: [File] C:\windows\syswow64\shoB73E.tmp
Successfully deleted: [File] C:\windows\syswow64\shoD042.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Wheelsup Club\AppData\Roaming\getrighttogo"
~~~ FireFox
Successfully deleted the following from C:\Users\Wheelsup Club\AppData\Roaming\mozilla\firefox\profiles\ra2bxp65.default-1383529527463\prefs.js
user_pref("ddfirefox.merchantlist.cache", "<root>\n<ip>173.35.72.9</ip>\n<name id=\"r00100160\" featured=\"0\" country=\"RU\" home=\"hxxp://www.003.ru\" rsearch=\"1\"><![CDATA
user_pref("extensions.ZenSearch@ZenSearch.com.install-event-fired", true);
Emptied folder: C:\Users\Wheelsup Club\AppData\Roaming\mozilla\firefox\profiles\ra2bxp65.default-1383529527463\minidumps [155 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/13/2014 at 15:07:46.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I hope you are seeing improvements?
Please Run TFC by OldTimer to clear temporary files:
Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
**************
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.
Go here to run an online scanner from ESET.
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activeX control to install
- Click Start
- Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
- Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
- Click Scan
- Wait for the scan to finish
- When the scan completes, press the LIST OF THREATS FOUND button
- Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
- Include the contents of this report in your next reply.
- Press the BACK button.
- Press Finish
Please post Eset log when finished.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Posting Permissions
