start
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: G - G:\LaunchU3.exe
HKU\S-1-5-21-1266927252-1395366336-781762406-1005\...\MountPoints2: {63c54ca6-3192-11dd-91b8-000fb53d70e5} - G:\LaunchU3.exe -a
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
ShortcutTarget: DesktopWeatherAlerts.lnk -> C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\DesktopWeatherAlertsApp.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Weather Alerts.lnk
ShortcutTarget: Weather Alerts.lnk -> C:\Documents and Settings\User\Local Settings\Application Data\WeatherAlerts\WeatherAlerts.exe (No File)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.coupons.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=107&systemid=465&q={searchTerms}
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: PlurPush - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files\PlurPush\PlurPushbho.dll (PlurPush)
BHO: TBSB07898 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKCU - &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF SearchEngineOrder.1: Web Search
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npmozax.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\searchplugins\web-search.xml
FF Extension: PlurPush - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\br7jorsi.default\Extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi [2014-02-26]
FF HKLM\...\Firefox\Extensions: [ShopperReports@ShopperReports.com] - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions
FF Extension: ShopperReports - C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011-06-09]
FF HKLM\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe [546112 2014-01-27] ()
2014-03-02 15:49 - 2014-03-05 12:42 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-01 21:52 - 2014-03-01 21:52 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-03-01 21:50 - 2014-03-01 21:51 - 00000000 ____D () C:\Program Files\PlurPush
2014-03-01 21:49 - 2014-03-02 19:57 - 00000000 ____D () C:\Program Files\SearchProtect
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
SavingsBull (Version: 1.0.0.0 - SavingsBull) Hidden
AlternateDataStreams: C:\WINDOWS\AIM.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\emachines_32.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\encarta.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\ICQ.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\Netscape.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\Winamp1.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\OemLinkIcon.ico:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\OEMLOGO.BMP:Q30lsldxJoudresxAaaqpcawXc
AlternateDataStreams: C:\WINDOWS\system32\OEMLOGO.BMP:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CAAA7DD7
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
Reboot:
end