1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

'Strongvault Online Backup' virus.

Discussion in 'Virus & Other Malware Removal' started by HeiBlackReaper, Nov 5, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. HeiBlackReaper

    HeiBlackReaper Thread Starter

    Joined:
    Nov 5, 2012
    Messages:
    2
    Hello, I'm here today because I got two BSOD screens before my computer started up. Somehow Strongvault Online Backup showed up a few weeks ago even though I did not install it. I immediately thought it was that, and sure enough, it was. I need help with removing this so I can get my computer back into the condition it used to be. Thank you.
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    follow advice here and post the logs those programs make
     
  3. HeiBlackReaper

    HeiBlackReaper Thread Starter

    Joined:
    Nov 5, 2012
    Messages:
    2
    Sorry about that.
    Here's the logs from HijackThis.
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    O23 - Service: Coupon AlertService (CouponAlert_2pService) - COMPANYVERS_NAME - C:\PROGRA~2\COUPON~4\bar\1.bin\2pbarsvc.exe
    O23 - Service: CouponXplorerService (CouponXplorer_5zService) - COMPANYVERS_NAME - C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: GamingWonderlandService - COMPANYVERS_NAME - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
    O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    O23 - Service: PGMTrusted - iWin Inc. - C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Roozz Updater - Roozz - C:\Program Files (x86)\Roozz\RoozzUpdater.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 24179 bytes
    ------------------------------------------
    DDS LOG:

    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2
    Run by John Jr at 20:12:58 on 2012-11-07
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7667.3037 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\PROGRA~2\COUPON~4\bar\1.bin\2pbarsvc.exe
    C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
    C:\Program Files (x86)\Roozz\RoozzUpdater.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Users\John Jr\AppData\Local\Skillbrains\lightshot\2.0.1.5\LightShot.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Users\John Jr\AppData\Local\Facebook\Update\FacebookUpdate.exe
    C:\Program Files (x86)\Shop To Win\ShopToWin.exe
    C:\Users\John Jr\AppData\Roaming\Spotify\spotify.exe
    C:\Users\John Jr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Users\John Jr\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\SelectRebates\SelectRebates.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrmon.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbrmon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe
    C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Windows\SysWOW64\RunDll32.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Users\John Jr\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
    C:\Users\John Jr\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    Q:\140066.enu\Office14\WINWORDC.EXE
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    Q:\140066.enu\Office14\WINWORDC.EXE
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\splwow64.exe
    Q:\140066.enu\Office14\OffSpon.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\John Jr\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=19.9.0.9
    uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=4905F25001CD7BA10056733D&src_id=30460&camp_id=3885&tb_version=1.1.3001.0(B)
    uURLSearchHooks: <No Name>: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} -
    uURLSearchHooks: <No Name>: {0696f815-a3a9-490a-bb14-9ec3350b1276} -
    uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    uURLSearchHooks: <No Name>: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} -
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uURLSearchHooks: {f92a9fe4-2850-4198-b9d5-279880e49b16} - <orphaned>
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
    uURLSearchHooks: <No Name>: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
    uURLSearchHooks: <No Name>: {9b138bf3-1d40-4e7e-84bb-2975198ad938} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll
    BHO: MyWebSearch Search Assistant BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Toolbar BHO: {0297a026-3011-46d3-ad62-bb9a7612aea7} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll
    BHO: mwsBar BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
    BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
    BHO: CouponDropDown: {11111111-1111-1111-1111-110011431152} - C:\Program Files (x86)\CouponDropDown\CouponDropDown.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
    BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Mary\AppData\Roaming\Qwiklinx\Qwiklinx.dll
    BHO: Shop to Win: {608E4110-91C7-6C94-113C-54F85710CEE3} - C:\Program Files (x86)\Shop to Win 26\Shop to Win 26.dll
    BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.0.9\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Toolbar BHO: {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
    BHO: Search Assistant BHO: {7d69ed06-0171-4379-9528-08df51092727} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
    BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
    BHO: IEHlprObj Class: {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\Pogo Games\iWinGamesHookIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll
    BHO: Search Assistant BHO: {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
    BHO: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Mary\AppData\Local\ArcadeCandy\candyEX.dll
    BHO: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Ask Toolbar for Pogo: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
    TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    TB: DealBulldog Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll
    TB: Coupon Alert: {3462C343-BE19-4143-AF70-CEFB56F46FC6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    TB: MapsGalaxy: {364EA597-E728-4CE4-BB4A-ED846EF47970} -
    TB: Ask Toolbar for Pogo: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
    TB: GamingWonderland: {A899079D-206F-43A6-BE6A-07E0FA648EA0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
    TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
    TB: CouponXplorer: {65C72339-FB1D-4155-84E1-9AFACEE02D6F} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
    TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    TB: DealBulldog Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll
    TB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} -
    TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
    TB: GamingWonderland: {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
    TB: Search Results Toolbar: {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll
    TB: CouponXplorer: {65c72339-fb1d-4155-84e1-9afacee02d6f} - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll
    TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
    TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    TB: Ask Toolbar for Pogo: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
    uRun: [Google Update] "C:\Users\John Jr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [LightShot] C:\Users\John Jr\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
    uRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Praetorian] C:\Users\John Jr\AppData\Local\Yandex\Updater\praetorian.exe
    uRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
    uRun: [PopularScreensaversWallpaper] rundll32 C:\PROGRA~2\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL,LES
    uRun: [Facebook Update] "C:\Users\John Jr\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe
    uRun: [Spotify] "C:\Users\John Jr\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    uRun: [Spotify Web Helper] "C:\Users\John Jr\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SMessaging] C:\Users\Mary\AppData\Local\Strongvault Online Backup\SMessaging.exe
    mRun: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
    mRun: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
    mRun: [CouponXplorer Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\5zsrchmn.exe" /m=2 /w /h
    mRun: [CouponXplorer_5z Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\5zbrmon.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~4\bar\1.bin\2psrchmn.exe" /m=2 /w /h
    mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~4\bar\1.bin\2pbrmon.exe
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
    mRun: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
    dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    StartupFolder: C:\Users\John Jr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\debug.log
    StartupFolder: C:\Users\JOHNJR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\John Jr\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
    StartupFolder: C:\Users\JOHNJR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0D6190CC-12CF-4ABB-BA9E-69F149B2341E} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{0D6190CC-12CF-4ABB-BA9E-69F149B2341E}\34E48563B4 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{962006EC-C045-4710-9417-DC1B49546717} : DHCPNameServer = 192.168.1.1
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\John Jr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
    FF - prefs.js: browser.search.selectedEngine - My Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=APN10145&gct=hp
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=BB290B6D-B28E-4F0C-A8BD-33E06B1889CC&n=77ee40a1&ind=2012102817&p2=^AFA^xdm070^YY^us&si=59605&searchfor=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
    FF - plugin: C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll
    FF - plugin: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
    FF - plugin: C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll
    FF - plugin: C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll
    FF - plugin: C:\Program Files (x86)\Roozz\nproozz.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\John Jr\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
    FF - plugin: C:\Users\John Jr\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-09-09 05:30; [email protected]; C:\Users\John Jr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected]
    FF - ExtSQL: 2012-09-21 06:52; 2jffxtbr@RecipeHub_2j.com; C:\Users\John Jr\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\2jffxtbr@RecipeHub_2j.com
    FF - ExtSQL: 2012-10-11 11:30; {98e34367-8df7-42b4-837b-20b892ff0849}; C:\ProgramData\PogoDGC\firefox
    FF - ExtSQL: !HIDDEN! 2012-08-23 16:14; 39ffxtbr@MapsGalaxy_39.com; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin
    FF - ExtSQL: !HIDDEN! 2012-08-29 07:16; [email protected]; C:\Program Files (x86)\GamingWonderland\bar\1.bin
    FF - ExtSQL: !HIDDEN! 2012-09-06 11:47; 5zffxtbr@CouponXplorer_5z.com; C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin
    FF - ExtSQL: !HIDDEN! 2012-09-21 06:52; 2jffxtbr@RecipeHub_2j.com; C:\Program Files (x86)\RecipeHub_2j\bar\1.bin
    FF - ExtSQL: !HIDDEN! 2012-09-27 06:38; 2pffxtbr@CouponAlert_2p.com; C:\Program Files (x86)\CouponAlert_2p\bar\1.bin
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-3-2 78976]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-3-2 38528]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1309000.009\symds64.sys [2012-10-1 451192]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1309000.009\symefa64.sys [2012-10-1 1129120]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-11-5 1385632]
    R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1309000.009\ccsetx64.sys [2012-10-1 167072]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\IPSDefs\20121106.001\IDSviA64.sys [2012-11-6 513184]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1309000.009\ironx64.sys [2012-10-1 190072]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1309000.009\symnets.sys [2012-10-1 405624]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-2 204288]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
    R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
    R2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~4\bar\1.bin\2pbarsvc.exe [2012-9-27 42504]
    R2 CouponXplorer_5zService;CouponXplorerService;C:\PROGRA~2\COUPON~2\bar\1.bin\5zbarsvc.exe [2012-9-6 42504]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
    R2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys [2012-9-1 56104]
    R3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2012-3-2 349736]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-3-2 39464]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-2 533096]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-3-2 47232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-8-10 97040]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    .
    =============== Created Last 30 ================
    .
    2012-11-07 23:22:53 -------- d-----w- C:\Users\John Jr\AppData\Local\{276E0029-E173-456F-B93A-A99CF1FF4B60}
    2012-11-07 22:35:47 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F87BC978-2742-447B-8811-9BEE4DA5E168}\offreg.dll
    2012-11-07 21:45:37 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F87BC978-2742-447B-8811-9BEE4DA5E168}\mpengine.dll
    2012-11-07 11:22:38 -------- d-----w- C:\Users\John Jr\AppData\Local\{75FA760D-45F1-418E-974F-776C274F42C6}
    2012-11-06 22:22:45 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8DE0247E-44B3-4208-BDA9-155DA3ED4B2C}\gapaengine.dll
    2012-11-06 22:22:41 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-06 22:17:55 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-11-06 22:17:50 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-11-06 22:17:35 -------- d-----w- C:\f38d4eb14e5b3fbf9700198f
    2012-11-06 22:16:03 -------- d-----w- C:\Program Files\PrivacySafeGuard
    2012-11-06 22:15:19 -------- d-----w- C:\Users\John Jr\AppData\Roaming\uTorrent
    2012-11-06 21:21:31 -------- d-----w- C:\Users\John Jr\hpremote
    2012-11-06 17:54:01 -------- d-----w- C:\Users\John Jr\AppData\Local\{2F22233D-774F-4929-9A82-DCD1334831BB}
    2012-11-05 13:30:52 -------- d-----w- C:\Users\John Jr\AppData\Local\{76AF78A9-0C30-43BA-AB31-B2E0875CD7B9}
    2012-11-04 15:15:26 -------- d-----w- C:\Users\John Jr\AppData\Local\{7A6D9BBA-FB9D-4809-AEDE-96ED9FC6ADE4}
    2012-11-03 16:09:33 -------- d-----w- C:\Users\John Jr\AppData\Local\{06BEDA49-978B-46BC-AD5C-0E5F6DED073E}
    2012-11-03 11:59:57 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-11-03 01:16:47 -------- d-----w- C:\Windows\SysWow64\%APPDATA%
    2012-11-02 17:23:17 -------- d-----w- C:\Users\John Jr\AppData\Local\{56465177-A164-4ED9-9558-5B679E84EF45}
    2012-11-02 04:36:44 -------- d-----w- C:\Users\John Jr\AppData\Local\{6F3C3F16-122D-4991-9C19-74355B7118D3}
    2012-11-01 14:40:57 -------- d-----w- C:\Users\John Jr\AppData\Local\{756F41A0-1D5B-4C52-9228-58BF645FAB1C}
    2012-10-31 16:26:30 -------- d-----w- C:\Users\John Jr\AppData\Roaming\Ubisoft
    2012-10-31 16:21:39 74576 ----a-w- C:\Windows\System32\XAPOFX1_2.dll
    2012-10-31 16:21:39 70992 ----a-w- C:\Windows\SysWow64\XAPOFX1_2.dll
    2012-10-31 16:21:39 518480 ----a-w- C:\Windows\System32\XAudio2_3.dll
    2012-10-31 16:21:39 514384 ----a-w- C:\Windows\SysWow64\XAudio2_3.dll
    2012-10-31 16:21:38 25936 ----a-w- C:\Windows\System32\X3DAudio1_5.dll
    2012-10-31 16:21:38 235856 ----a-w- C:\Windows\SysWow64\xactengine3_3.dll
    2012-10-31 16:21:38 23376 ----a-w- C:\Windows\SysWow64\X3DAudio1_5.dll
    2012-10-31 16:21:38 175440 ----a-w- C:\Windows\System32\xactengine3_3.dll
    2012-10-31 16:21:37 72200 ----a-w- C:\Windows\System32\XAPOFX1_1.dll
    2012-10-31 16:21:37 513544 ----a-w- C:\Windows\System32\XAudio2_2.dll
    2012-10-31 16:21:37 238088 ----a-w- C:\Windows\SysWow64\xactengine3_2.dll
    2012-10-31 16:21:37 177672 ----a-w- C:\Windows\System32\xactengine3_2.dll
    2012-10-31 15:10:44 -------- d-----w- C:\Users\John Jr\AppData\Local\{71AB4FDC-F0DE-4A43-B979-152DAD680302}
    2012-10-31 10:22:06 38320 ----a-w- C:\Windows\SysWow64\f3PSSavr.scr
    2012-10-31 10:22:05 -------- d-----w- C:\Program Files (x86)\MyWebSearch
    2012-10-31 10:21:39 -------- d---a-w- C:\Program Files (x86)\FunWebProducts
    2012-10-30 14:24:13 -------- d-----w- C:\Users\John Jr\AppData\Local\{07259B8A-3D6E-418B-816E-794DD49DCF73}
    2012-10-30 11:28:51 -------- d-----w- C:\ProgramData\Fugazo
    2012-10-29 14:21:37 -------- d-----w- C:\Users\John Jr\AppData\Local\{67875288-9673-418D-94E3-DA2E845C0F9C}
    2012-10-28 21:23:42 -------- d-----w- C:\Users\John Jr\AppData\Local\GamingWonderland
    2012-10-28 21:23:41 -------- d-----w- C:\Users\John Jr\AppData\Local\TelevisionFanatic
    2012-10-28 21:23:41 -------- d-----w- C:\Users\John Jr\AppData\Local\MapsGalaxy_39
    2012-10-28 21:23:41 -------- d-----w- C:\Users\John Jr\AppData\Local\CouponXplorer_5z
    2012-10-28 21:23:41 -------- d-----w- C:\Users\John Jr\AppData\Local\CouponAlert_2p
    2012-10-28 17:35:48 -------- d-----w- C:\Users\John Jr\AppData\Local\{570977DB-B573-44BC-A12F-C726A4D79E12}
    2012-10-28 04:39:07 -------- d-----w- C:\Users\John Jr\AppData\Local\{5EC2E4ED-F80C-4997-893C-5104C9DF43C1}
    2012-10-27 16:07:21 -------- d-----w- C:\Users\John Jr\AppData\Local\{DA6A5A21-C477-481E-8CDD-99001D633BD4}
    2012-10-26 14:35:15 -------- d-----w- C:\Users\John Jr\AppData\Local\{6242EB01-095D-44C5-96D0-FAF8E45A5F15}
    2012-10-25 14:32:51 -------- d-----w- C:\Users\John Jr\AppData\Local\{18CE08B3-1D3E-46E9-B92A-0BDBCECE404D}
    2012-10-25 13:03:05 -------- d-----w- C:\ProgramData\Flood Light Games
    2012-10-25 01:07:20 -------- d-----w- C:\Users\John Jr\AppData\Local\{282B345D-F298-4D3A-9415-9E249E9604AE}
    2012-10-24 20:29:39 -------- d-----w- C:\Program Files (x86)\osu!
    2012-10-24 20:28:22 -------- d-----w- C:\Users\John Jr\AppData\Roaming\Downloaded Installations
    2012-10-23 14:00:12 -------- d-----w- C:\Users\John Jr\AppData\Local\{3B0FC040-0B09-4CB0-AFE7-6D3951CE3A8E}
    2012-10-22 23:23:23 -------- d-----w- C:\Users\John Jr\AppData\Local\{89DCFD01-7278-41EC-8A59-50105706B2F4}
    2012-10-22 11:22:58 -------- d-----w- C:\Users\John Jr\AppData\Local\{23AEB7CF-809D-439B-B163-D30D6F3A340E}
    2012-10-21 14:20:05 -------- d-----w- C:\Users\John Jr\AppData\Local\{4457E542-8294-4BCF-827C-0761C37F67B3}
    2012-10-20 23:15:01 -------- d-----w- C:\Users\John Jr\AppData\Roaming\LolClient
    2012-10-20 20:51:18 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
    2012-10-20 20:51:18 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
    2012-10-20 20:51:18 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
    2012-10-20 20:51:18 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
    2012-10-20 20:51:17 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
    2012-10-20 20:47:55 -------- d-----w- C:\Riot Games
    2012-10-20 18:03:16 -------- d-----w- C:\Users\John Jr\AppData\Local\PMB Files
    2012-10-20 14:30:55 -------- d-----w- C:\Users\John Jr\AppData\Local\{D7432F5A-518B-4EDC-B646-68AECD8865C7}
    2012-10-20 11:24:41 -------- d-----w- C:\ProgramData\Go Go Gourmet
    2012-10-19 15:28:47 -------- d-----w- C:\Users\John Jr\AppData\Local\{016FB7BB-0517-4481-B032-EEA4B8C1C6F6}
    2012-10-19 03:28:20 -------- d-----w- C:\Users\John Jr\AppData\Local\{0EDA1E01-7E47-47A3-A580-37F291863250}
    2012-10-18 23:50:43 -------- d-----w- C:\Users\John Jr\AppData\Roaming\Sony Creative Software Inc
    2012-10-18 23:21:51 -------- d-----w- C:\Users\John Jr\AppData\Local\{B84D45D3-AB6E-4819-9734-FE1AF7041251}
    2012-10-18 11:21:40 -------- d-----w- C:\Users\John Jr\AppData\Local\{410FE965-10D5-4433-B8BC-B34A6FD25A2F}
    2012-10-17 23:21:16 -------- d-----w- C:\Users\John Jr\AppData\Local\{C5053912-3578-43BD-9CEC-34560806A1FC}
    2012-10-17 11:21:04 -------- d-----w- C:\Users\John Jr\AppData\Local\{2EFD44F8-536A-4930-9E9E-0785B1DEE207}
    2012-10-16 18:55:44 -------- d-----w- C:\Users\John Jr\AppData\Local\{26ED7668-CE3B-44E1-9901-B202A00F03D8}
    2012-10-15 23:33:42 -------- d-----w- C:\Users\John Jr\AppData\Local\{98B66701-3B5B-4CA6-BF3B-F1CD48C899A3}
    2012-10-15 11:33:18 -------- d-----w- C:\Users\John Jr\AppData\Local\{D17CC234-E10C-41DB-B27F-0927A9071EF5}
    2012-10-14 14:04:49 -------- d-----w- C:\Users\John Jr\AppData\Local\{4DAD7033-2176-4288-9C89-164592A92CF1}
    2012-10-14 13:55:56 -------- d-----w- C:\ProgramData\Particles
    2012-10-14 00:35:36 -------- d-----w- C:\Users\John Jr\AppData\Local\{4CD3E1CA-D036-454E-A726-F14937188D69}
    2012-10-13 13:20:03 -------- d-----w- C:\Users\John Jr\.thumbnails
    2012-10-13 13:18:45 -------- d-----w- C:\Users\John Jr\AppData\Local\fontconfig
    2012-10-13 13:18:44 -------- d-----w- C:\Users\John Jr\AppData\Local\gegl-0.2
    2012-10-13 13:18:44 -------- d-----w- C:\Users\John Jr\.gimp-2.8
    2012-10-13 13:16:44 -------- d-----w- C:\Program Files\GIMP 2
    2012-10-13 12:35:22 -------- d-----w- C:\Users\John Jr\AppData\Local\{D0482CEC-627C-4E1E-A6C2-09D9C1B6E793}
    2012-10-13 00:12:58 -------- d-----w- C:\Users\John Jr\AppData\Local\Spotify
    2012-10-13 00:11:44 -------- d-----w- C:\Users\John Jr\AppData\Roaming\Spotify
    2012-10-12 22:36:30 -------- d-----w- C:\Users\John Jr\AppData\Local\{F6CDC43E-FBB9-4918-8B3C-BC208CEF697A}
    2012-10-12 12:40:59 -------- d-----w- C:\Games
    2012-10-12 10:36:04 -------- d-----w- C:\Users\John Jr\AppData\Local\{5F1672A4-F622-44D0-951A-F476B2233F07}
    2012-10-11 22:35:38 -------- d-----w- C:\Users\John Jr\AppData\Local\{85E47EA2-0EE6-4B52-B93C-90975D24785F}
    2012-10-11 15:44:59 -------- d-----w- C:\Program Files (x86)\iWin.com
    2012-10-11 15:30:46 -------- d-----w- C:\Program Files (x86)\Ask.com
    2012-10-11 15:30:10 -------- d-----w- C:\ProgramData\PogoDGC
    2012-10-11 15:30:04 -------- d-----w- C:\Program Files (x86)\Pogo Games
    2012-10-11 10:50:11 -------- d-----w- C:\Users\John Jr\AppData\Local\ElevatedDiagnostics
    2012-10-11 10:35:14 -------- d-----w- C:\Users\John Jr\AppData\Local\{D4DDAB24-6357-49B6-926C-1D25E06133A2}
    2012-10-10 22:30:14 -------- d-----w- C:\Users\John Jr\AppData\Local\{3F41151A-7E8B-4733-98B6-F372AF764920}
    2012-10-10 17:29:17 -------- d-----w- C:\ProgramData\GameHouse
    2012-10-10 10:29:51 -------- d-----w- C:\Users\John Jr\AppData\Local\{C45881A3-6F15-4253-ACB9-4CBB2EF6624E}
    2012-10-09 19:54:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-10-09 19:54:53 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-10-09 19:53:40 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-10-09 19:53:40 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-10-09 19:52:56 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2012-10-09 19:52:56 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-10-09 19:52:55 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-10-09 19:52:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-10-09 19:52:55 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-10-09 19:52:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-10-09 15:48:30 -------- d-----w- C:\Users\John Jr\AppData\Local\{624876F5-D491-4595-9BBF-3D768FBF9400}
    .
    ==================== Find3M ====================
    .
    2012-11-05 13:08:46 271581 ----a-w- C:\DUMPa449.tmp
    2012-11-05 13:07:27 271581 ----a-w- C:\DUMPa1e9.tmp
    2012-11-05 13:06:07 271581 ----a-w- C:\DUMPa497.tmp
    2012-10-13 11:39:44 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-13 11:39:44 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-08 20:20:07 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-08 20:20:07 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-08 20:20:07 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 20:14:28.68 ===============
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    lets clear up what we can with this tool first
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1075542