Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

'Strongvault Online Backup' virus.

(In Progress)
(!)

HeiBlackReaper's Avatar
HeiBlackReaper HeiBlackReaper is offline
Member with 2 posts.
THREAD STARTER
 
Join Date: Nov 2012
05-Nov-2012, 01:57 PM #1
'Strongvault Online Backup' virus.
Hello, I'm here today because I got two BSOD screens before my computer started up. Somehow Strongvault Online Backup showed up a few weeks ago even though I did not install it. I immediately thought it was that, and sure enough, it was. I need help with removing this so I can get my computer back into the condition it used to be. Thank you.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
06-Nov-2012, 01:43 PM #2
follow advice here and post the logs those programs make
HeiBlackReaper's Avatar
HeiBlackReaper HeiBlackReaper is offline
Member with 2 posts.
THREAD STARTER
 
Join Date: Nov 2012
07-Nov-2012, 09:07 PM #3
Sorry about that.
Here's the logs from HijackThis.
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48...t/brickout.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/lau...0/iewwload.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: Coupon AlertService (CouponAlert_2pService) - COMPANYVERS_NAME - C:\PROGRA~2\COUPON~4\bar\1.bin\2pbarsvc.exe
O23 - Service: CouponXplorerService (CouponXplorer_5zService) - COMPANYVERS_NAME - C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GamingWonderlandService - COMPANYVERS_NAME - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PGMTrusted - iWin Inc. - C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roozz Updater - Roozz - C:\Program Files (x86)\Roozz\RoozzUpdater.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 24179 bytes
------------------------------------------
DDS LOG:

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2
Run by John Jr at 20:12:58 on 2012-11-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7667.3037 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\PROGRA~2\COUPON~4\bar\1.bin\2pbarsvc.exe
C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Program Files (x86)\Roozz\RoozzUpdater.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Users\John Jr\AppData\Local\Skillbrains\lightshot\2.0.1.5\LightShot.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Users\John Jr\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\Shop To Win\ShopToWin.exe
C:\Users\John Jr\AppData\Roaming\Spotify\spotify.exe
C:\Users\John Jr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Users\John Jr\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\SelectRebates\SelectRebates.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrmon.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe
C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Windows\SysWOW64\RunDll32.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\John Jr\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
C:\Users\John Jr\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
Q:\140066.enu\Office14\OffSpon.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=19.9.0.9
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=4905F25001CD7BA10056733D&src_id=30460&camp_id=3885 &tb_version=1.1.3001.0(B)
uURLSearchHooks: <No Name>: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} -
uURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} -
uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
uURLSearchHooks: <No Name>: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} -
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: {f92a9fe4-2850-4198-b9d5-279880e49b16} - <orphaned>
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
uURLSearchHooks: <No Name>: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
uURLSearchHooks: <No Name>: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll
BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Toolbar BHO: {0297a026-3011-46d3-ad62-bb9a7612aea7} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll
BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
BHO: CouponDropDown: {11111111-1111-1111-1111-110011431152} - C:\Program Files (x86)\CouponDropDown\CouponDropDown.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Mary\AppData\Roaming\Qwiklinx\Qwiklinx.dll
BHO: Shop to Win: {608E4110-91C7-6C94-113C-54F85710CEE3} - C:\Program Files (x86)\Shop to Win 26\Shop to Win 26.dll
BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Toolbar BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
BHO: Search Assistant BHO: {7d69ed06-0171-4379-9528-08df51092727} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\Pogo Games\iWinGamesHookIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
BHO: Search Assistant BHO: {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
BHO: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Mary\AppData\Local\ArcadeCandy\candyEX.dll
BHO: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar for Pogo: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: DealBulldog Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll
TB: Coupon Alert: {3462C343-BE19-4143-AF70-CEFB56F46FC6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
TB: MapsGalaxy: {364EA597-E728-4CE4-BB4A-ED846EF47970} -
TB: Ask Toolbar for Pogo: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
TB: GamingWonderland: {A899079D-206F-43A6-BE6A-07E0FA648EA0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB: CouponXplorer: {65C72339-FB1D-4155-84E1-9AFACEE02D6F} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: DealBulldog Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll
TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} -
TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
TB: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
TB: CouponXplorer: {65c72339-fb1d-4155-84e1-9afacee02d6f} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll
TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
TB: Ask Toolbar for Pogo: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
uRun: [Google Update] "C:\Users\John Jr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [LightShot] C:\Users\John Jr\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Praetorian] C:\Users\John Jr\AppData\Local\Yandex\Updater\praetorian.exe
uRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
uRun: [PopularScreensaversWallpaper] rundll32 C:\PROGRA~2\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL,LES
uRun: [Facebook Update] "C:\Users\John Jr\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe
uRun: [Spotify] "C:\Users\John Jr\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\John Jr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SMessaging] C:\Users\Mary\AppData\Local\Strongvault Online Backup\SMessaging.exe
mRun: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
mRun: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
mRun: [CouponXplorer Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\5zsrchmn.exe" /m=2 /w /h
mRun: [CouponXplorer_5z Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\5zbrmon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~4\bar\1.bin\2psrchmn.exe" /m=2 /w /h
mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~4\bar\1.bin\2pbrmon.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
StartupFolder: C:\Users\John Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\debug.log
StartupFolder: C:\Users\JOHNJR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\FACEBO~1.LNK - C:\Users\John Jr\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
StartupFolder: C:\Users\JOHNJR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startu p\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0D6190CC-12CF-4ABB-BA9E-69F149B2341E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0D6190CC-12CF-4ABB-BA9E-69F149B2341E}\34E48563B4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{962006EC-C045-4710-9417-DC1B49546717} : DHCPNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John Jr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=APN10145&gct=hp
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=BB290B6D-B28E-4F0C-A8BD-33E06B1889CC&n=77ee40a1&ind=2012102817&p2=^AFA^xdm070^YY^us&si=59605&search for=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
FF - plugin: C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
FF - plugin: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
FF - plugin: C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll
FF - plugin: C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll
FF - plugin: C:\Program Files (x86)\Roozz\nproozz.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\John Jr\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\John Jr\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-09-09 05:30; crossriderapp4352@crossrider.com; C:\Users\John Jr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\cro ssriderapp4352@crossrider.com
FF - ExtSQL: 2012-09-21 06:52; 2jffxtbr@RecipeHub_2j.com; C:\Users\John Jr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\2jf fxtbr@RecipeHub_2j.com
FF - ExtSQL: 2012-10-11 11:30; {98e34367-8df7-42b4-837b-20b892ff0849}; C:\ProgramData\PogoDGC\firefox
FF - ExtSQL: !HIDDEN! 2012-08-23 16:14; 39ffxtbr@MapsGalaxy_39.com; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-08-29 07:16; gtffxtbr@GamingWonderland.com; C:\Program Files (x86)\GamingWonderland\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-09-06 11:47; 5zffxtbr@CouponXplorer_5z.com; C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-09-21 06:52; 2jffxtbr@RecipeHub_2j.com; C:\Program Files (x86)\RecipeHub_2j\bar\1.bin
FF - ExtSQL: !HIDDEN! 2012-09-27 06:38; 2pffxtbr@CouponAlert_2p.com; C:\Program Files (x86)\CouponAlert_2p\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-3-2 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-3-2 38528]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1309000.009\symds64.sys [2012-10-1 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1309000.009\symefa64.sys [2012-10-1 1129120]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-11-5 1385632]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1309000.009\ccsetx64.sys [2012-10-1 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20121106.001\IDSviA64.sys [2012-11-6 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1309000.009\ironx64.sys [2012-10-1 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1309000.009\symnets.sys [2012-10-1 405624]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-2 204288]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~4\bar\1.bin\2pbarsvc.exe [2012-9-27 42504]
R2 CouponXplorer_5zService;CouponXplorerService;C:\PROGRA~2\COUPON~2\bar\1.bin \5zbarsvc.exe [2012-9-6 42504]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys [2012-9-1 56104]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-3-2 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-3-2 39464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-2 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-3-2 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-8-10 97040]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
.
=============== Created Last 30 ================
.
2012-11-07 23:22:53 -------- d-----w- C:\Users\John Jr\AppData\Local\{276E0029-E173-456F-B93A-A99CF1FF4B60}
2012-11-07 22:35:47 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F87BC978-2742-447B-8811-9BEE4DA5E168}\offreg.dll
2012-11-07 21:45:37 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F87BC978-2742-447B-8811-9BEE4DA5E168}\mpengine.dll
2012-11-07 11:22:38 -------- d-----w- C:\Users\John Jr\AppData\Local\{75FA760D-45F1-418E-974F-776C274F42C6}
2012-11-06 22:22:45 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DE0247E-44B3-4208-BDA9-155DA3ED4B2C}\gapaengine.dll
2012-11-06 22:22:41 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-06 22:17:55 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-11-06 22:17:50 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-11-06 22:17:35 -------- d-----w- C:\f38d4eb14e5b3fbf9700198f
2012-11-06 22:16:03 -------- d-----w- C:\Program Files\PrivacySafeGuard
2012-11-06 22:15:19 -------- d-----w- C:\Users\John Jr\AppData\Roaming\uTorrent
2012-11-06 21:21:31 -------- d-----w- C:\Users\John Jr\hpremote
2012-11-06 17:54:01 -------- d-----w- C:\Users\John Jr\AppData\Local\{2F22233D-774F-4929-9A82-DCD1334831BB}
2012-11-05 13:30:52 -------- d-----w- C:\Users\John Jr\AppData\Local\{76AF78A9-0C30-43BA-AB31-B2E0875CD7B9}
2012-11-04 15:15:26 -------- d-----w- C:\Users\John Jr\AppData\Local\{7A6D9BBA-FB9D-4809-AEDE-96ED9FC6ADE4}
2012-11-03 16:09:33 -------- d-----w- C:\Users\John Jr\AppData\Local\{06BEDA49-978B-46BC-AD5C-0E5F6DED073E}
2012-11-03 11:59:57 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-11-03 01:16:47 -------- d-----w- C:\Windows\SysWow64\%APPDATA%
2012-11-02 17:23:17 -------- d-----w- C:\Users\John Jr\AppData\Local\{56465177-A164-4ED9-9558-5B679E84EF45}
2012-11-02 04:36:44 -------- d-----w- C:\Users\John Jr\AppData\Local\{6F3C3F16-122D-4991-9C19-74355B7118D3}
2012-11-01 14:40:57 -------- d-----w- C:\Users\John Jr\AppData\Local\{756F41A0-1D5B-4C52-9228-58BF645FAB1C}
2012-10-31 16:26:30 -------- d-----w- C:\Users\John Jr\AppData\Roaming\Ubisoft
2012-10-31 16:21:39 74576 ----a-w- C:\Windows\System32\XAPOFX1_2.dll
2012-10-31 16:21:39 70992 ----a-w- C:\Windows\SysWow64\XAPOFX1_2.dll
2012-10-31 16:21:39 518480 ----a-w- C:\Windows\System32\XAudio2_3.dll
2012-10-31 16:21:39 514384 ----a-w- C:\Windows\SysWow64\XAudio2_3.dll
2012-10-31 16:21:38 25936 ----a-w- C:\Windows\System32\X3DAudio1_5.dll
2012-10-31 16:21:38 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll
2012-10-31 16:21:38 23376 ----a-w- C:\Windows\SysWow64\X3DAudio1_5.dll
2012-10-31 16:21:38 175440 ----a-w- C:\Windows\System32\xactengine3_3.dll
2012-10-31 16:21:37 72200 ----a-w- C:\Windows\System32\XAPOFX1_1.dll
2012-10-31 16:21:37 513544 ----a-w- C:\Windows\System32\XAudio2_2.dll
2012-10-31 16:21:37 238088 ----a-w- C:\Windows\SysWow64\xactengine3_2.dll
2012-10-31 16:21:37 177672 ----a-w- C:\Windows\System32\xactengine3_2.dll
2012-10-31 15:10:44 -------- d-----w- C:\Users\John Jr\AppData\Local\{71AB4FDC-F0DE-4A43-B979-152DAD680302}
2012-10-31 10:22:06 38320 ----a-w- C:\Windows\SysWow64\f3PSSavr.scr
2012-10-31 10:22:05 -------- d-----w- C:\Program Files (x86)\MyWebSearch
2012-10-31 10:21:39 -------- d---a-w- C:\Program Files (x86)\FunWebProducts
2012-10-30 14:24:13 -------- d-----w- C:\Users\John Jr\AppData\Local\{07259B8A-3D6E-418B-816E-794DD49DCF73}
2012-10-30 11:28:51 -------- d-----w- C:\ProgramData\Fugazo
2012-10-29 14:21:37 -------- d-----w- C:\Users\John Jr\AppData\Local\{67875288-9673-418D-94E3-DA2E845C0F9C}
2012-10-28 21:23:42 -------- d-----w- C:\Users\John Jr\AppData\Local\GamingWonderland
2012-10-28 21:23:41 -------- d-----w- C:\Users\John Jr\AppData\Local\TelevisionFanatic
2012-10-28 21:23:41 -------- d-----w- C:\Users\John Jr\AppData\Local\MapsGalaxy_39
2012-10-28 21:23:41 -------- d-----w- C:\Users\John Jr\AppData\Local\CouponXplorer_5z
2012-10-28 21:23:41 -------- d-----w- C:\Users\John Jr\AppData\Local\CouponAlert_2p
2012-10-28 17:35:48 -------- d-----w- C:\Users\John Jr\AppData\Local\{570977DB-B573-44BC-A12F-C726A4D79E12}
2012-10-28 04:39:07 -------- d-----w- C:\Users\John Jr\AppData\Local\{5EC2E4ED-F80C-4997-893C-5104C9DF43C1}
2012-10-27 16:07:21 -------- d-----w- C:\Users\John Jr\AppData\Local\{DA6A5A21-C477-481E-8CDD-99001D633BD4}
2012-10-26 14:35:15 -------- d-----w- C:\Users\John Jr\AppData\Local\{6242EB01-095D-44C5-96D0-FAF8E45A5F15}
2012-10-25 14:32:51 -------- d-----w- C:\Users\John Jr\AppData\Local\{18CE08B3-1D3E-46E9-B92A-0BDBCECE404D}
2012-10-25 13:03:05 -------- d-----w- C:\ProgramData\Flood Light Games
2012-10-25 01:07:20 -------- d-----w- C:\Users\John Jr\AppData\Local\{282B345D-F298-4D3A-9415-9E249E9604AE}
2012-10-24 20:29:39 -------- d-----w- C:\Program Files (x86)\osu!
2012-10-24 20:28:22 -------- d-----w- C:\Users\John Jr\AppData\Roaming\Downloaded Installations
2012-10-23 14:00:12 -------- d-----w- C:\Users\John Jr\AppData\Local\{3B0FC040-0B09-4CB0-AFE7-6D3951CE3A8E}
2012-10-22 23:23:23 -------- d-----w- C:\Users\John Jr\AppData\Local\{89DCFD01-7278-41EC-8A59-50105706B2F4}
2012-10-22 11:22:58 -------- d-----w- C:\Users\John Jr\AppData\Local\{23AEB7CF-809D-439B-B163-D30D6F3A340E}
2012-10-21 14:20:05 -------- d-----w- C:\Users\John Jr\AppData\Local\{4457E542-8294-4BCF-827C-0761C37F67B3}
2012-10-20 23:15:01 -------- d-----w- C:\Users\John Jr\AppData\Roaming\LolClient
2012-10-20 20:51:18 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2012-10-20 20:51:18 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2012-10-20 20:51:18 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-10-20 20:51:18 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-10-20 20:51:17 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-10-20 20:47:55 -------- d-----w- C:\Riot Games
2012-10-20 18:03:16 -------- d-----w- C:\Users\John Jr\AppData\Local\PMB Files
2012-10-20 14:30:55 -------- d-----w- C:\Users\John Jr\AppData\Local\{D7432F5A-518B-4EDC-B646-68AECD8865C7}
2012-10-20 11:24:41 -------- d-----w- C:\ProgramData\Go Go Gourmet
2012-10-19 15:28:47 -------- d-----w- C:\Users\John Jr\AppData\Local\{016FB7BB-0517-4481-B032-EEA4B8C1C6F6}
2012-10-19 03:28:20 -------- d-----w- C:\Users\John Jr\AppData\Local\{0EDA1E01-7E47-47A3-A580-37F291863250}
2012-10-18 23:50:43 -------- d-----w- C:\Users\John Jr\AppData\Roaming\Sony Creative Software Inc
2012-10-18 23:21:51 -------- d-----w- C:\Users\John Jr\AppData\Local\{B84D45D3-AB6E-4819-9734-FE1AF7041251}
2012-10-18 11:21:40 -------- d-----w- C:\Users\John Jr\AppData\Local\{410FE965-10D5-4433-B8BC-B34A6FD25A2F}
2012-10-17 23:21:16 -------- d-----w- C:\Users\John Jr\AppData\Local\{C5053912-3578-43BD-9CEC-34560806A1FC}
2012-10-17 11:21:04 -------- d-----w- C:\Users\John Jr\AppData\Local\{2EFD44F8-536A-4930-9E9E-0785B1DEE207}
2012-10-16 18:55:44 -------- d-----w- C:\Users\John Jr\AppData\Local\{26ED7668-CE3B-44E1-9901-B202A00F03D8}
2012-10-15 23:33:42 -------- d-----w- C:\Users\John Jr\AppData\Local\{98B66701-3B5B-4CA6-BF3B-F1CD48C899A3}
2012-10-15 11:33:18 -------- d-----w- C:\Users\John Jr\AppData\Local\{D17CC234-E10C-41DB-B27F-0927A9071EF5}
2012-10-14 14:04:49 -------- d-----w- C:\Users\John Jr\AppData\Local\{4DAD7033-2176-4288-9C89-164592A92CF1}
2012-10-14 13:55:56 -------- d-----w- C:\ProgramData\Particles
2012-10-14 00:35:36 -------- d-----w- C:\Users\John Jr\AppData\Local\{4CD3E1CA-D036-454E-A726-F14937188D69}
2012-10-13 13:20:03 -------- d-----w- C:\Users\John Jr\.thumbnails
2012-10-13 13:18:45 -------- d-----w- C:\Users\John Jr\AppData\Local\fontconfig
2012-10-13 13:18:44 -------- d-----w- C:\Users\John Jr\AppData\Local\gegl-0.2
2012-10-13 13:18:44 -------- d-----w- C:\Users\John Jr\.gimp-2.8
2012-10-13 13:16:44 -------- d-----w- C:\Program Files\GIMP 2
2012-10-13 12:35:22 -------- d-----w- C:\Users\John Jr\AppData\Local\{D0482CEC-627C-4E1E-A6C2-09D9C1B6E793}
2012-10-13 00:12:58 -------- d-----w- C:\Users\John Jr\AppData\Local\Spotify
2012-10-13 00:11:44 -------- d-----w- C:\Users\John Jr\AppData\Roaming\Spotify
2012-10-12 22:36:30 -------- d-----w- C:\Users\John Jr\AppData\Local\{F6CDC43E-FBB9-4918-8B3C-BC208CEF697A}
2012-10-12 12:40:59 -------- d-----w- C:\Games
2012-10-12 10:36:04 -------- d-----w- C:\Users\John Jr\AppData\Local\{5F1672A4-F622-44D0-951A-F476B2233F07}
2012-10-11 22:35:38 -------- d-----w- C:\Users\John Jr\AppData\Local\{85E47EA2-0EE6-4B52-B93C-90975D24785F}
2012-10-11 15:44:59 -------- d-----w- C:\Program Files (x86)\iWin.com
2012-10-11 15:30:46 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-10-11 15:30:10 -------- d-----w- C:\ProgramData\PogoDGC
2012-10-11 15:30:04 -------- d-----w- C:\Program Files (x86)\Pogo Games
2012-10-11 10:50:11 -------- d-----w- C:\Users\John Jr\AppData\Local\ElevatedDiagnostics
2012-10-11 10:35:14 -------- d-----w- C:\Users\John Jr\AppData\Local\{D4DDAB24-6357-49B6-926C-1D25E06133A2}
2012-10-10 22:30:14 -------- d-----w- C:\Users\John Jr\AppData\Local\{3F41151A-7E8B-4733-98B6-F372AF764920}
2012-10-10 17:29:17 -------- d-----w- C:\ProgramData\GameHouse
2012-10-10 10:29:51 -------- d-----w- C:\Users\John Jr\AppData\Local\{C45881A3-6F15-4253-ACB9-4CBB2EF6624E}
2012-10-09 19:54:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-09 19:54:53 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-09 19:53:40 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-09 19:53:40 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-09 19:52:56 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-09 19:52:56 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-09 19:52:55 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-09 19:52:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-09 19:52:55 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-09 19:52:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-09 15:48:30 -------- d-----w- C:\Users\John Jr\AppData\Local\{624876F5-D491-4595-9BBF-3D768FBF9400}
.
==================== Find3M ====================
.
2012-11-05 13:08:46 271581 ----a-w- C:\DUMPa449.tmp
2012-11-05 13:07:27 271581 ----a-w- C:\DUMPa1e9.tmp
2012-11-05 13:06:07 271581 ----a-w- C:\DUMPa497.tmp
2012-10-13 11:39:44 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-13 11:39:44 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-08 20:20:07 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-08 20:20:07 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-08 20:20:07 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:14:28.68 ===============

Last edited by HeiBlackReaper; 07-Nov-2012 at 09:16 PM.. Reason: Forgot DDS Log
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,148 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
08-Nov-2012, 04:49 AM #4
lets clear up what we can with this tool first
Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑