1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Tech support popups

Discussion in 'Virus & Other Malware Removal' started by Ravenroo, Mar 30, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. Ravenroo

    Ravenroo Thread Starter

    Joined:
    Mar 29, 2014
    Messages:
    6
    I am having a problem with my granddaughters laptop. The anti-virus had expired when she brought it to me (I'm an IT guy). She was getting popups about cleaning her laptop. It had Optimize pro, My PC Backup, etc. installed (she's 13, not sure if she responded to the popups or not.

    I've removed what I thought was junk, installed Microsoft Security Essentials and Malware Bytes, but I can't get either of them to launch and scan the laptop.

    Here's the Hijack it log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:49:34 PM, on 3/29/2014
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17267)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
    C:\Users\Raven\Downloads\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3...=SP8D23AC2A-573B-4C81-8075-F653FD8976D5&SSPV=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49183;https=127.0.0.1:49183;
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: CrossriderApp0044150 - {11111111-1111-1111-1111-110411411150} - C:\Program Files (x86)\media enhance\media enhance-bho.dll
    O2 - BHO: CrossriderApp0051578 - {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\video-high\video-high-bho.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: Toolbar BHO - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbar.dll
    O2 - BHO: Search Assistant BHO - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    O2 - BHO: ShopAtHome - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O3 - Toolbar: ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    O3 - Toolbar: Coupon Alert - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
    O3 - Toolbar: Muvic - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ShopAtHomeWatcher] C:\Users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    O4 - HKLM\..\Run: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
    O4 - HKLM\..\Run: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
    O4 - HKCU\..\Run: [Best Buy pc app] C:\Users\Raven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Raven\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E0023BB82BCF581D299E1A702AC3B53B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\Raven\AppData\Local\Smartbar\Application\Muvic.exe startup
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
    O4 - Global Startup: FancyStart daemon.lnk = ?
    O4 - Global Startup: SRS Premium Sound.lnk = ?
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs:
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Coupon AlertService (CouponAlert_2pService) - COMPANYVERS_NAME - C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Level Quality Watcher - Unknown owner - C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NewPlayer Updater Service (NewPlayerUpdaterService) - Unknown owner - C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Re-markit - Unknown owner - C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14800 bytes

    Here's the DDS.TXT file:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.17267
    Run by Raven at 17:50:58 on 2014-03-29
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2925.1639 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
    C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Raven\Downloads\HijackThis.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com/?ctid=CT3323897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP8D23AC2A-573B-4C81-8075-F653FD8976D5&SSPV=
    uDefault_Page_URL = hxxp://asus.msn.com
    uProxyServer = hxxp=127.0.0.1:49183;https=127.0.0.1:49183;
    uProxyOverride = <-loopback>
    uURLSearchHooks: <No Name>: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    mWinlogon: Userinit = userinit.exe
    BHO: media enhance: {11111111-1111-1111-1111-110411411150} - C:\Program Files (x86)\media enhance\media enhance-bho.dll
    BHO: video-high: {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\video-high\video-high-bho.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: SmartbarInternetExplorerBHOEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: Toolbar BHO: {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    BHO: Search Assistant BHO: {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    BHO: ShopAtHome.com Cash Back Helper: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    TB: Coupon Alert: {3462C343-BE19-4143-AF70-CEFB56F46FC6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    TB: Coupon Alert: {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
    TB: Muvic: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [Best Buy pc app] C:\Users\Raven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
    uRun: [Facebook Update] "C:\Users\Raven\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [GoogleChromeAutoLaunch_E0023BB82BCF581D299E1A702AC3B53B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Browser Infrastructure Helper] C:\Users\Raven\AppData\Local\Smartbar\Application\Muvic.exe startup
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [ShopAtHomeWatcher] C:\Users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    mRun: [Coupon Alert Search Scope Monitor] "C:\PROGRA~2\COUPON~2\bar\1.bin\2psrchmn.exe" /m=2 /w /h
    mRun: [CouponAlert_2p Browser Plugin Loader] C:\PROGRA~2\COUPON~2\bar\1.bin\2pbrmon.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
    mRun: [fst_us_11] <no file>
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
    uPolicies-Explorer: HideSCAHealth = dword:1
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-System: DisableRegedit = dword:0
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{2F18E9A2-A9D5-4771-8F1A-2A6ADBB8F5DB} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{2F18E9A2-A9D5-4771-8F1A-2A6ADBB8F5DB}\2456C6B696E6F5E4B2F5141344348303 : DHCPNameServer = 192.168.0.1 192.168.0.1
    TCP: Interfaces\{2F18E9A2-A9D5-4771-8F1A-2A6ADBB8F5DB}\2656162736C616770277966696 : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    TCP: Interfaces\{9FEF6FAD-ECAB-4203-A806-DB844B53DE23} : DHCPNameServer = 192.168.1.1 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    IFEO: a.exe - svchost.exe
    IFEO: aAvgApi.exe - svchost.exe
    IFEO: AAWTray.exe - svchost.exe
    IFEO: About.exe - svchost.exe
    IFEO: ackwin32.exe - svchost.exe
    x64-BHO: media enhance: {11111111-1111-1111-1111-110411411150} - C:\Program Files (x86)\media enhance\media enhance-bho64.dll
    x64-BHO: video-high: {11111111-1111-1111-1111-110511151178} - C:\Program Files (x86)\video-high\video-high-bho64.dll
    x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
    x64-BHO: SmartbarInternetExplorerBHOEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll
    x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
    x64-TB: Muvic: {ae07101b-46d4-4a98-af68-0333ea26e113} -
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-IFEO: a.exe - svchost.exe
    x64-IFEO: aAvgApi.exe - svchost.exe
    x64-IFEO: AAWTray.exe - svchost.exe
    x64-IFEO: About.exe - svchost.exe
    x64-IFEO: ackwin32.exe - svchost.exe
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Raven\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
    FF - ExtSQL: 2014-03-12 16:32; {88849db3-dcd8-4efe-bcbb-af92b5c8ec55}; C:\Program Files (x86)\Re-markit-soft\157.xpi
    FF - ExtSQL: !HIDDEN! 2013-02-17 17:22; [email protected]_2p.com; C:\Program Files (x86)\CouponAlert_2p\bar\1.bin
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=327520CF3072FD15&affID=127101&tsp=5185
    FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=327520CF3072FD15&affID=127101&tsp=5185
    FF - user.js: extensions.buenosearch.id - 32751cb200000000000020cf3072fd15
    FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
    FF - user.js: extensions.buenosearch.instlDay - 16142
    FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
    FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
    FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.719:57:54
    FF - user.js: extensions.buenosearch.prtnrId - buenosearch
    FF - user.js: extensions.buenosearch.prdct - buenosearch
    FF - user.js: extensions.buenosearch.aflt - babsst
    FF - user.js: extensions.buenosearch.smplGrp - none
    FF - user.js: extensions.buenosearch.tlbrId - base
    FF - user.js: extensions.buenosearch.instlRef - sst
    FF - user.js: extensions.buenosearch.dfltLng - en
    FF - user.js: extensions.buenosearch.excTlbr - false
    FF - user.js: extensions.buenosearch.ffxUnstlRst - true
    FF - user.js: extensions.buenosearch.admin - false
    FF - user.js: extensions.buenosearch.autoRvrt - false
    FF - user.js: extensions.buenosearch.rvrt - false
    FF - user.js: extensions.buenosearch.newTab - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-10-11 15928]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-10-11 379520]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
    R2 CouponAlert_2pService;Coupon AlertService;C:\PROGRA~2\COUPON~2\bar\1.bin\2pbarsvc.exe [2013-2-17 42504]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010010000000000000000000000 sourceguid=BBA5481A-926B-4561-BD79-249F618495E6 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010010000000000000000000000 sourceguid=BBA5481A-926B-4561-BD79-249F618495E6 [?]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
    R2 Re-markit;Re-markit;C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe [2014-3-12 194048]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-11 2314240]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-6-10 130048]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-11 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-2 271872]
    R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-8-18 143472]
    R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2010-2-24 115312]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 NewPlayerUpdaterService;NewPlayer Updater Service;C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [2014-3-10 11776]
    S3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2011-7-15 258224]
    S3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2011-7-15 550208]
    S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-4-27 57856]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-26 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-03-29 22:31:19 -------- d-----w- C:\Program Files\SavingsBull
    2014-03-29 22:28:19 -------- d-----w- C:\Program Files (x86)\predm
    2014-03-29 22:10:24 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-03-29 22:10:19 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-03-29 22:10:19 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-03-29 22:10:18 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-03-29 22:10:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-03-29 22:09:53 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{46F7F43D-40D4-46CF-B100-14ED32DED85F}\gapaengine.dll
    2014-03-29 22:09:46 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2196814E-332D-4021-BA12-2FA543C8E4DF}\mpengine.dll
    2014-03-29 21:59:44 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2014-03-29 21:59:41 -------- d-----w- C:\Program Files\Microsoft Security Client
    2014-03-29 21:58:53 84377 ----a-w- C:\ProgramData\1396130248.bdinstall.bin
    2014-03-29 21:47:41 -------- d-----w- C:\Users\Raven\AppData\Local\Macromedia
    2014-03-13 00:57:49 -------- d-----w- C:\Users\Raven\AppData\Roaming\BabSolution
    2014-03-13 00:57:31 -------- d-----w- C:\ProgramData\Babylon
    2014-03-12 22:14:15 -------- d-----w- C:\Program Files (x86)\Uninstaller
    2014-03-12 21:39:15 -------- d-----w- C:\Users\Raven\AppData\Local\Tuguu_SL
    2014-03-12 21:37:50 -------- d-----w- C:\Users\Raven\AppData\Local\newplayer
    2014-03-12 21:36:47 955488 ----a-w- C:\Users\Raven\AppData\Local\nsf477E.tmp
    2014-03-12 21:36:40 -------- d-----w- C:\Program Files (x86)\NewPlayer
    2014-03-12 21:36:28 -------- d-----w- C:\Program Files (x86)\media enhance
    2014-03-12 21:35:00 -------- d-----w- C:\Program Files (x86)\video-high
    2014-03-12 21:33:39 -------- d-----w- C:\Users\Raven\AppData\Local\LPT
    2014-03-12 21:33:27 -------- d-----w- C:\Users\Raven\AppData\Local\Smartbar
    2014-03-12 21:32:43 -------- d-----w- C:\Program Files (x86)\Re-markit-soft
    2014-03-03 01:30:25 -------- d-----w- C:\Program Files\McAfee.com
    2014-03-03 01:30:25 -------- d-----w- C:\Program Files\McAfee
    2014-03-03 01:16:55 -------- d-----w- C:\Program Files\stinger
    2014-03-03 01:14:44 -------- d-----w- C:\Program Files\Common Files\McAfee
    .
    ==================== Find3M ====================
    .
    2014-03-13 01:25:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-13 01:25:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
    2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
    .
    ============= FINISH: 17:52:11.18 ===============

    Here's the ark.txt file:

    GMER 2.1.19357 - http://www.gmer.net
    Rootkit scan 2014-03-29 18:11:18
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0003 298.09GB
    Running: bzsgrmlk.exe; Driver: C:\Users\Raven\AppData\Local\Temp\pglyqpob.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077d61465 2 bytes [D6, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077d614bb 2 bytes [D6, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077d61465 2 bytes [D6, 77]
    .text C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077d614bb 2 bytes [D6, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077d61465 2 bytes [D6, 77]
    .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077d614bb 2 bytes [D6, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077d61465 2 bytes [D6, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe[5320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077d614bb 2 bytes [D6, 77]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\system32\svchost.exe [652:4984] 000007fef2130ea8
    Thread C:\Windows\system32\svchost.exe [652:5056] 000007fef2129db0
    Thread C:\Windows\system32\svchost.exe [652:2748] 000007fef212aa10
    Thread C:\Windows\system32\svchost.exe [652:2916] 000007fef2131c94
    Thread C:\Windows\system32\svchost.exe [652:4512] 000007fef785d3c8
    Thread C:\Windows\system32\svchost.exe [652:4932] 000007fef785d3c8
    Thread C:\Windows\system32\svchost.exe [652:4504] 000007fef785d3c8
    Thread C:\Windows\system32\svchost.exe [652:4508] 000007fef785d3c8
    Thread C:\Windows\System32\spoolsv.exe [1516:1952] 000007fef8bb10c8
    Thread C:\Windows\System32\spoolsv.exe [1516:1996] 000007fef8b76144
    Thread C:\Windows\System32\spoolsv.exe [1516:2008] 000007fef8905fd0
    Thread C:\Windows\System32\spoolsv.exe [1516:2012] 000007fef9653438
    Thread C:\Windows\System32\spoolsv.exe [1516:2016] 000007fef89063ec
    Thread C:\Windows\System32\spoolsv.exe [1516:2040] 000007fef8f15e5c
    Thread C:\Windows\System32\spoolsv.exe [1516:1316] 000007fef8df484c
    Thread C:\Windows\system32\svchost.exe [2316:3744] 000007fef7458470
    Thread C:\Windows\system32\svchost.exe [2316:3760] 000007fef7462418
    Thread C:\Windows\system32\svchost.exe [2316:1776] 000007fef5975b84
    Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3496:4116] 000000006a96f71d
    Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3496:4192] 000000006a96f71d
    Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [3496:4196] 000000006a965b1a
    Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [4240:4476] 0000000066dc4c7c
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4428:1880] 000007fefc102a88
    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4428:1472] 000007fefb645124
    ---- Processes - GMER 2.1 ----

    Library c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2196814E-332D-4021-BA12-2FA543C8E4DF}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [836](2014-03-29 22:51:43) 000007fef3c60000

    ---- EOF - GMER 2.1 ----

    Attach.txt to follow

    Any help would be appreciated.

    Dan
     
  2. Ravenroo

    Ravenroo Thread Starter

    Joined:
    Mar 29, 2014
    Messages:
    6
    here's the attach.txt file

    and here's the attach.txt file:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/25/2011 2:12:46 PM
    System Uptime: 3/29/2014 5:40:29 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | K52F
    Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | Socket 989 | 1999/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 279 GiB total, 218.174 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0001
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0001
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP53: 11/14/2013 4:55:03 PM - Windows Update
    RP54: 12/15/2013 10:23:39 AM - Windows Update
    RP55: 1/14/2014 3:59:29 PM - Windows Update
    RP56: 2/15/2014 12:28:19 AM - Windows Update
    RP57: 2/22/2014 9:28:15 PM - RegClean Pro Sat, Feb 22, 14 21:28
    RP58: 3/12/2014 5:16:28 PM - Windows Update
    RP59: 3/18/2014 8:37:33 PM - Windows Update
    RP60: 3/29/2014 5:07:35 PM - Windows Update
    .
    ==== Image File Execution Options =============
    .
    IFEO: a.exe - svchost.exe
    IFEO: aAvgApi.exe - svchost.exe
    IFEO: AAWTray.exe - svchost.exe
    IFEO: About.exe - svchost.exe
    IFEO: ackwin32.exe - svchost.exe
    IFEO: Ad-Aware.exe - svchost.exe
    IFEO: adaware.exe - svchost.exe
    IFEO: advxdwin.exe - svchost.exe
    IFEO: AdwarePrj.exe - svchost.exe
    IFEO: agent.exe - svchost.exe
    IFEO: agentsvr.exe - svchost.exe
    IFEO: agentw.exe - svchost.exe
    IFEO: alertsvc.exe - svchost.exe
    IFEO: alevir.exe - svchost.exe
    IFEO: alogserv.exe - svchost.exe
    IFEO: AlphaAV - svchost.exe
    IFEO: AlphaAV.exe - svchost.exe
    IFEO: AluSchedulerSvc.exe - svchost.exe
    IFEO: amon9x.exe - svchost.exe
    IFEO: anti-trojan.exe - svchost.exe
    IFEO: Anti-Virus Professional.exe - svchost.exe
    IFEO: AntispywarXP2009.exe - svchost.exe
    IFEO: antivirus.exe - svchost.exe
    IFEO: AntivirusPlus - svchost.exe
    IFEO: AntivirusPlus.exe - svchost.exe
    IFEO: AntivirusPro_2010.exe - svchost.exe
    IFEO: AntivirusXP - svchost.exe
    IFEO: AntivirusXP.exe - svchost.exe
    IFEO: antivirusxppro2009.exe - svchost.exe
    IFEO: AntiVirus_Pro.exe - svchost.exe
    IFEO: ants.exe - svchost.exe
    IFEO: apimonitor.exe - svchost.exe
    IFEO: aplica32.exe - svchost.exe
    IFEO: apvxdwin.exe - svchost.exe
    IFEO: arr.exe - svchost.exe
    IFEO: ashAvast.exe - svchost.exe
    IFEO: ashBug.exe - svchost.exe
    IFEO: ashChest.exe - svchost.exe
    IFEO: ashCnsnt.exe - svchost.exe
    IFEO: ashDisp.exe - svchost.exe
    IFEO: ashLogV.exe - svchost.exe
    IFEO: ashMaiSv.exe - svchost.exe
    IFEO: ashPopWz.exe - svchost.exe
    IFEO: ashQuick.exe - svchost.exe
    IFEO: ashServ.exe - svchost.exe
    IFEO: ashSimp2.exe - svchost.exe
    IFEO: ashSimpl.exe - svchost.exe
    IFEO: ashSkPcc.exe - svchost.exe
    IFEO: ashSkPck.exe - svchost.exe
    IFEO: ashUpd.exe - svchost.exe
    IFEO: ashWebSv.exe - svchost.exe
    IFEO: aswChLic.exe - svchost.exe
    IFEO: aswRegSvr.exe - svchost.exe
    IFEO: aswRunDll.exe - svchost.exe
    IFEO: aswUpdSv.exe - svchost.exe
    IFEO: atcon.exe - svchost.exe
    IFEO: atguard.exe - svchost.exe
    IFEO: atro55en.exe - svchost.exe
    IFEO: atupdater.exe - svchost.exe
    IFEO: atwatch.exe - svchost.exe
    IFEO: au.exe - svchost.exe
    IFEO: aupdate.exe - svchost.exe
    IFEO: auto-protect.nav80try.exe - svchost.exe
    IFEO: autodown.exe - svchost.exe
    IFEO: autotrace.exe - svchost.exe
    IFEO: autoupdate.exe - svchost.exe
    IFEO: av360.exe - svchost.exe
    IFEO: avadmin.exe - svchost.exe
    IFEO: avastSvc.exe - svchost.exe
    IFEO: avastUI.exe - svchost.exe
    IFEO: AVCare.exe - svchost.exe
    IFEO: avcenter.exe - svchost.exe
    IFEO: avciman.exe - svchost.exe
    IFEO: avconfig.exe - svchost.exe
    IFEO: avconsol.exe - svchost.exe
    IFEO: ave32.exe - svchost.exe
    IFEO: AVENGINE.EXE - svchost.exe
    IFEO: avgcc32.exe - svchost.exe
    IFEO: avgchk.exe - svchost.exe
    IFEO: avgcmgr.exe - svchost.exe
    IFEO: avgcsrvx.exe - svchost.exe
    IFEO: avgctrl.exe - svchost.exe
    IFEO: avgdumpx.exe - svchost.exe
    IFEO: avgemc.exe - svchost.exe
    IFEO: avgiproxy.exe - svchost.exe
    IFEO: avgnsx.exe - svchost.exe
    IFEO: avgnt.exe - svchost.exe
    IFEO: avgrsx.exe - svchost.exe
    IFEO: avgscanx.exe - svchost.exe
    IFEO: avgserv.exe - svchost.exe
    IFEO: avgserv9.exe - svchost.exe
    IFEO: avgsrmax.exe - svchost.exe
    IFEO: avgtray.exe - svchost.exe
    IFEO: avguard.exe - svchost.exe
    IFEO: avgui.exe - svchost.exe
    IFEO: avgupd.exe - svchost.exe
    IFEO: avgw.exe - svchost.exe
    IFEO: avgwdsvc.exe - svchost.exe
    IFEO: avkpop.exe - svchost.exe
    IFEO: avkserv.exe - svchost.exe
    IFEO: avkservice.exe - svchost.exe
    IFEO: avkwctl9.exe - svchost.exe
    IFEO: avltmain.exe - svchost.exe
    IFEO: avmailc.exe - svchost.exe
    IFEO: avmcdlg.exe - svchost.exe
    IFEO: avnotify.exe - svchost.exe
    IFEO: avnt.exe - svchost.exe
    IFEO: avp32.exe - svchost.exe
    IFEO: avpcc.exe - svchost.exe
    IFEO: avpdos32.exe - svchost.exe
    IFEO: avpm.exe - svchost.exe
    IFEO: avptc32.exe - svchost.exe
    IFEO: avpupd.exe - svchost.exe
    IFEO: avsched32.exe - svchost.exe
    IFEO: avshadow.exe - svchost.exe
    IFEO: avsynmgr.exe - svchost.exe
    IFEO: avupgsvc.exe - svchost.exe
    IFEO: AVWEBGRD.EXE - svchost.exe
    IFEO: avwin.exe - svchost.exe
    IFEO: avwin95.exe - svchost.exe
    IFEO: avwinnt.exe - svchost.exe
    IFEO: avwsc.exe - svchost.exe
    IFEO: avwupd.exe - svchost.exe
    IFEO: avwupd32.exe - svchost.exe
    IFEO: avwupsrv.exe - svchost.exe
    IFEO: avxmonitor9x.exe - svchost.exe
    IFEO: avxmonitornt.exe - svchost.exe
    IFEO: avxquar.exe - svchost.exe
    IFEO: b.exe - svchost.exe
    IFEO: backweb.exe - svchost.exe
    IFEO: bargains.exe - svchost.exe
    IFEO: bdfvcl.exe - svchost.exe
    IFEO: bdfvwiz.exe - svchost.exe
    IFEO: BDInProcPatch.exe - svchost.exe
    IFEO: bdmcon.exe - svchost.exe
    IFEO: BDMsnScan.exe - svchost.exe
    IFEO: BDSurvey.exe - svchost.exe
    IFEO: bd_professional.exe - svchost.exe
    IFEO: beagle.exe - svchost.exe
    IFEO: belt.exe - svchost.exe
    IFEO: bidef.exe - svchost.exe
    IFEO: bidserver.exe - svchost.exe
    IFEO: bipcp.exe - svchost.exe
    IFEO: bipcpevalsetup.exe - svchost.exe
    IFEO: bisp.exe - svchost.exe
    IFEO: blackd.exe - svchost.exe
    IFEO: blackice.exe - svchost.exe
    IFEO: blink.exe - svchost.exe
    IFEO: blss.exe - svchost.exe
    IFEO: bootconf.exe - svchost.exe
    IFEO: bootwarn.exe - svchost.exe
    IFEO: borg2.exe - svchost.exe
    IFEO: bpc.exe - svchost.exe
    IFEO: brasil.exe - svchost.exe
    IFEO: brastk.exe - svchost.exe
    IFEO: brw.exe - svchost.exe
    IFEO: bs120.exe - svchost.exe
    IFEO: bspatch.exe - svchost.exe
    IFEO: bundle.exe - svchost.exe
    IFEO: bvt.exe - svchost.exe
    IFEO: c.exe - svchost.exe
    IFEO: cavscan.exe - svchost.exe
    IFEO: ccapp.exe - svchost.exe
    IFEO: ccevtmgr.exe - svchost.exe
    IFEO: ccpxysvc.exe - svchost.exe
    IFEO: ccSvcHst.exe - svchost.exe
    IFEO: cdp.exe - svchost.exe
    IFEO: cfd.exe - svchost.exe
    IFEO: cfgwiz.exe - svchost.exe
    IFEO: cfiadmin.exe - svchost.exe
    IFEO: cfiaudit.exe - svchost.exe
    IFEO: cfinet.exe - svchost.exe
    IFEO: cfinet32.exe - svchost.exe
    IFEO: cfp.exe - svchost.exe
    IFEO: cfpconfg.exe - svchost.exe
    IFEO: cfplogvw.exe - svchost.exe
    IFEO: cfpupdat.exe - svchost.exe
    IFEO: claw95.exe - svchost.exe
    IFEO: claw95cf.exe - svchost.exe
    IFEO: clean.exe - svchost.exe
    IFEO: cleaner.exe - svchost.exe
    IFEO: cleaner3.exe - svchost.exe
    IFEO: cleanIELow.exe - svchost.exe
    IFEO: cleanpc.exe - svchost.exe
    IFEO: click.exe - svchost.exe
    IFEO: cmd32.exe - svchost.exe
    IFEO: cmdagent.exe - svchost.exe
    IFEO: cmesys.exe - svchost.exe
    IFEO: cmgrdian.exe - svchost.exe
    IFEO: cmon016.exe - svchost.exe
    IFEO: connectionmonitor.exe - svchost.exe
    IFEO: control - svchost.exe
    IFEO: cpd.exe - svchost.exe
    IFEO: cpf9x206.exe - svchost.exe
    IFEO: cpfnt206.exe - svchost.exe
    IFEO: crashrep.exe - svchost.exe
    IFEO: csc.exe - svchost.exe
    IFEO: cssconfg.exe - svchost.exe
    IFEO: cssupdat.exe - svchost.exe
    IFEO: cssurf.exe - svchost.exe
    IFEO: ctrl.exe - svchost.exe
    IFEO: cv.exe - svchost.exe
    IFEO: cwnb181.exe - svchost.exe
    IFEO: cwntdwmo.exe - svchost.exe
    IFEO: d.exe - svchost.exe
    IFEO: datemanager.exe - svchost.exe
    IFEO: dcomx.exe - svchost.exe
    IFEO: defalert.exe - svchost.exe
    IFEO: defscangui.exe - svchost.exe
    IFEO: defwatch.exe - svchost.exe
    IFEO: deloeminfs.exe - svchost.exe
    IFEO: deputy.exe - svchost.exe
    IFEO: divx.exe - svchost.exe
    IFEO: dllcache.exe - svchost.exe
    IFEO: dllreg.exe - svchost.exe
    IFEO: doors.exe - svchost.exe
    IFEO: dop.exe - svchost.exe
    IFEO: dpf.exe - svchost.exe
    IFEO: dpfsetup.exe - svchost.exe
    IFEO: dpps2.exe - svchost.exe
    IFEO: driverctrl.exe - svchost.exe
    IFEO: drwatson.exe - svchost.exe
    IFEO: drweb32.exe - svchost.exe
    IFEO: drwebupw.exe - svchost.exe
    IFEO: dssagent.exe - svchost.exe
    IFEO: dvp95.exe - svchost.exe
    IFEO: dvp95_0.exe - svchost.exe
    IFEO: ecengine.exe - svchost.exe
    IFEO: efpeadm.exe - svchost.exe
    IFEO: emsw.exe - svchost.exe
    IFEO: ent.exe - svchost.exe
    IFEO: esafe.exe - svchost.exe
    IFEO: escanhnt.exe - svchost.exe
    IFEO: escanv95.exe - svchost.exe
    IFEO: espwatch.exe - svchost.exe
    IFEO: ethereal.exe - svchost.exe
    IFEO: etrustcipe.exe - svchost.exe
    IFEO: evpn.exe - svchost.exe
    IFEO: exantivirus-cnet.exe - svchost.exe
    IFEO: exe.avxw.exe - svchost.exe
    IFEO: expert.exe - svchost.exe
    IFEO: explore.exe - svchost.exe
    IFEO: f-agnt95.exe - svchost.exe
    IFEO: f-prot.exe - svchost.exe
    IFEO: f-prot95.exe - svchost.exe
    IFEO: f-stopw.exe - svchost.exe
    IFEO: fact.exe - svchost.exe
    IFEO: fameh32.exe - svchost.exe
    IFEO: fast.exe - svchost.exe
    IFEO: fch32.exe - svchost.exe
    IFEO: fih32.exe - svchost.exe
    IFEO: findviru.exe - svchost.exe
    IFEO: firewall.exe - svchost.exe
    IFEO: fixcfg.exe - svchost.exe
    IFEO: fixfp.exe - svchost.exe
    IFEO: fnrb32.exe - svchost.exe
    IFEO: fp-win.exe - svchost.exe
    IFEO: fp-win_trial.exe - svchost.exe
    IFEO: fprot.exe - svchost.exe
    IFEO: frmwrk32.exe - svchost.exe
    IFEO: frw.exe - svchost.exe
    IFEO: fsaa.exe - svchost.exe
    IFEO: fsav.exe - svchost.exe
    IFEO: fsav32.exe - svchost.exe
    IFEO: fsav530stbyb.exe - svchost.exe
    IFEO: fsav530wtbyb.exe - svchost.exe
    IFEO: fsav95.exe - svchost.exe
    IFEO: fsgk32.exe - svchost.exe
    IFEO: fsm32.exe - svchost.exe
    IFEO: fsma32.exe - svchost.exe
    IFEO: fsmb32.exe - svchost.exe
    IFEO: gator.exe - svchost.exe
    IFEO: gav.exe - svchost.exe
    IFEO: gbmenu.exe - svchost.exe
    IFEO: gbn976rl.exe - svchost.exe
    IFEO: gbpoll.exe - svchost.exe
    IFEO: generics.exe - svchost.exe
    IFEO: gmt.exe - svchost.exe
    IFEO: guard.exe - svchost.exe
    IFEO: guarddog.exe - svchost.exe
    IFEO: guardgui.exe - svchost.exe
    IFEO: guardxkickoff.exe - svchost.exe
    IFEO: hacktracersetup.exe - svchost.exe
    IFEO: hbinst.exe - svchost.exe
    IFEO: hbsrv.exe - svchost.exe
    IFEO: History.exe - svchost.exe
    IFEO: homeav2010.exe - svchost.exe
    IFEO: hotactio.exe - svchost.exe
    IFEO: hotpatch.exe - svchost.exe
    IFEO: htlog.exe - svchost.exe
    IFEO: htpatch.exe - svchost.exe
    IFEO: hwpe.exe - svchost.exe
    IFEO: hxdl.exe - svchost.exe
    IFEO: hxiul.exe - svchost.exe
    IFEO: iamapp.exe - svchost.exe
    IFEO: iamserv.exe - svchost.exe
    IFEO: iamstats.exe - svchost.exe
    IFEO: ibmasn.exe - svchost.exe
    IFEO: ibmavsp.exe - svchost.exe
    IFEO: icload95.exe - svchost.exe
    IFEO: icloadnt.exe - svchost.exe
    IFEO: icmon.exe - svchost.exe
    IFEO: icsupp95.exe - svchost.exe
    IFEO: icsuppnt.exe - svchost.exe
    IFEO: Identity.exe - svchost.exe
    IFEO: idle.exe - svchost.exe
    IFEO: iedll.exe - svchost.exe
    IFEO: iedriver.exe - svchost.exe
    IFEO: IEShow.exe - svchost.exe
    IFEO: iface.exe - svchost.exe
    IFEO: ifw2000.exe - svchost.exe
    IFEO: inetlnfo.exe - svchost.exe
    IFEO: infus.exe - svchost.exe
    IFEO: infwin.exe - svchost.exe
    IFEO: init.exe - svchost.exe
    IFEO: init32.exe - svchost.exe
    IFEO: install[1].exe - svchost.exe
    IFEO: install[2].exe - svchost.exe
    IFEO: install[3].exe - svchost.exe
    IFEO: install[4].exe - svchost.exe
    IFEO: install[5].exe - svchost.exe
    IFEO: intdel.exe - svchost.exe
    IFEO: intren.exe - svchost.exe
    IFEO: iomon98.exe - svchost.exe
    IFEO: istsvc.exe - svchost.exe
    IFEO: jammer.exe - svchost.exe
    IFEO: jdbgmrg.exe - svchost.exe
    IFEO: jedi.exe - svchost.exe
    IFEO: JsRcGen.exe - svchost.exe
    IFEO: kavlite40eng.exe - svchost.exe
    IFEO: kavpers40eng.exe - svchost.exe
    IFEO: kavpf.exe - svchost.exe
    IFEO: kazza.exe - svchost.exe
    IFEO: keenvalue.exe - svchost.exe
    IFEO: kerio-pf-213-en-win.exe - svchost.exe
    IFEO: kerio-wrl-421-en-win.exe - svchost.exe
    IFEO: kerio-wrp-421-en-win.exe - svchost.exe
    IFEO: killprocesssetup161.exe - svchost.exe
    IFEO: ldnetmon.exe - svchost.exe
    IFEO: ldpro.exe - svchost.exe
    IFEO: ldpromenu.exe - svchost.exe
    IFEO: ldscan.exe - svchost.exe
    IFEO: licmgr.exe - svchost.exe
    IFEO: lnetinfo.exe - svchost.exe
    IFEO: loader.exe - svchost.exe
    IFEO: localnet.exe - svchost.exe
    IFEO: lockdown.exe - svchost.exe
    IFEO: lockdown2000.exe - svchost.exe
    IFEO: lookout.exe - svchost.exe
    IFEO: lordpe.exe - svchost.exe
    IFEO: lsetup.exe - svchost.exe
    IFEO: luall.exe - svchost.exe
    IFEO: luau.exe - svchost.exe
    IFEO: lucomserver.exe - svchost.exe
    IFEO: luinit.exe - svchost.exe
    IFEO: luspt.exe - svchost.exe
    IFEO: MalwareRemoval.exe - svchost.exe
    IFEO: mapisvc32.exe - svchost.exe
    IFEO: mbam.exe - svchost.exe
    IFEO: mbamgui.exe - svchost.exe
    IFEO: mbamservice.exe - svchost.exe
    IFEO: mcagent.exe - svchost.exe
    IFEO: mcmnhdlr.exe - svchost.exe
    IFEO: mcmpeng.exe - svchost.exe
    IFEO: mcmscsvc.exe - svchost.exe
    IFEO: mcnasvc.exe - svchost.exe
    IFEO: mcproxy.exe - svchost.exe
    IFEO: McSACore.exe - svchost.exe
    IFEO: mcshell.exe - svchost.exe
    IFEO: mcshield.exe - svchost.exe
    IFEO: mcsysmon.exe - svchost.exe
    IFEO: mctool.exe - svchost.exe
    IFEO: mcupdate.exe - svchost.exe
    IFEO: mcvsrte.exe - svchost.exe
    IFEO: mcvsshld.exe - svchost.exe
    IFEO: md.exe - svchost.exe
    IFEO: mfin32.exe - svchost.exe
    IFEO: mfw2en.exe - svchost.exe
    IFEO: mfweng3.02d30.exe - svchost.exe
    IFEO: mgavrtcl.exe - svchost.exe
    IFEO: mgavrte.exe - svchost.exe
    IFEO: mghtml.exe - svchost.exe
    IFEO: mgui.exe - svchost.exe
    IFEO: minilog.exe - svchost.exe
    IFEO: mmod.exe - svchost.exe
    IFEO: monitor.exe - svchost.exe
    IFEO: moolive.exe - svchost.exe
    IFEO: mostat.exe - svchost.exe
    IFEO: mpfagent.exe - svchost.exe
    IFEO: mpfservice.exe - svchost.exe
    IFEO: MPFSrv.exe - svchost.exe
    IFEO: mpftray.exe - svchost.exe
    IFEO: mrflux.exe - svchost.exe
    IFEO: mrt.exe - svchost.exe
    IFEO: msa.exe - svchost.exe
    IFEO: msapp.exe - svchost.exe
    IFEO: MSASCui.exe - svchost.exe
    IFEO: msbb.exe - svchost.exe
    IFEO: msblast.exe - svchost.exe
    IFEO: mscache.exe - svchost.exe
    IFEO: msccn32.exe - svchost.exe
    IFEO: mscman.exe - svchost.exe
    IFEO: msconfig - svchost.exe
    IFEO: msdm.exe - svchost.exe
    IFEO: msdos.exe - svchost.exe
    IFEO: msiexec16.exe - svchost.exe
    IFEO: mslaugh.exe - svchost.exe
    IFEO: msmgt.exe - svchost.exe
    IFEO: msmsgri32.exe - svchost.exe
    IFEO: msseces.exe - svchost.exe
    IFEO: mssmmc32.exe - svchost.exe
    IFEO: mssys.exe - svchost.exe
    IFEO: msvxd.exe - svchost.exe
    IFEO: mu0311ad.exe - svchost.exe
    IFEO: mwatch.exe - svchost.exe
    IFEO: n32scanw.exe - svchost.exe
    IFEO: nav.exe - svchost.exe
    IFEO: navap.navapsvc.exe - svchost.exe
    IFEO: navapsvc.exe - svchost.exe
    IFEO: navapw32.exe - svchost.exe
    IFEO: navdx.exe - svchost.exe
    IFEO: navlu32.exe - svchost.exe
    IFEO: navnt.exe - svchost.exe
    IFEO: navstub.exe - svchost.exe
    IFEO: navw32.exe - svchost.exe
    IFEO: navwnt.exe - svchost.exe
    IFEO: nc2000.exe - svchost.exe
    IFEO: ncinst4.exe - svchost.exe
    IFEO: ndd32.exe - svchost.exe
    IFEO: neomonitor.exe - svchost.exe
    IFEO: neowatchlog.exe - svchost.exe
    IFEO: netarmor.exe - svchost.exe
    IFEO: netd32.exe - svchost.exe
    IFEO: netinfo.exe - svchost.exe
    IFEO: netmon.exe - svchost.exe
    IFEO: netscanpro.exe - svchost.exe
    IFEO: netspyhunter-1.2.exe - svchost.exe
    IFEO: netutils.exe - svchost.exe
    IFEO: nisserv.exe - svchost.exe
    IFEO: nisum.exe - svchost.exe
    IFEO: nmain.exe - svchost.exe
    IFEO: nod32.exe - svchost.exe
    IFEO: normist.exe - svchost.exe
    IFEO: norton_internet_secu_3.0_407.exe - svchost.exe
    IFEO: notstart.exe - svchost.exe
    IFEO: npf40_tw_98_nt_me_2k.exe - svchost.exe
    IFEO: npfmessenger.exe - svchost.exe
    IFEO: nprotect.exe - svchost.exe
    IFEO: npscheck.exe - svchost.exe
    IFEO: npssvc.exe - svchost.exe
    IFEO: nsched32.exe - svchost.exe
    IFEO: nssys32.exe - svchost.exe
    IFEO: nstask32.exe - svchost.exe
    IFEO: nsupdate.exe - svchost.exe
    IFEO: nt.exe - svchost.exe
    IFEO: ntrtscan.exe - svchost.exe
    IFEO: ntvdm.exe - svchost.exe
    IFEO: ntxconfig.exe - svchost.exe
    IFEO: nui.exe - svchost.exe
    IFEO: nupgrade.exe - svchost.exe
    IFEO: nvarch16.exe - svchost.exe
    IFEO: nvc95.exe - svchost.exe
    IFEO: nvsvc32.exe - svchost.exe
    IFEO: nwinst4.exe - svchost.exe
    IFEO: nwservice.exe - svchost.exe
    IFEO: nwtool16.exe - svchost.exe
    IFEO: OAcat.exe - svchost.exe
    IFEO: OAhlp.exe - svchost.exe
    IFEO: OAReg.exe - svchost.exe
    IFEO: oasrv.exe - svchost.exe
    IFEO: oaui.exe - svchost.exe
    IFEO: oaview.exe - svchost.exe
    IFEO: ODSW.exe - svchost.exe
    IFEO: ollydbg.exe - svchost.exe
    IFEO: onsrvr.exe - svchost.exe
    IFEO: optimize.exe - svchost.exe
    IFEO: ostronet.exe - svchost.exe
    IFEO: otfix.exe - svchost.exe
    IFEO: outpost.exe - svchost.exe
    IFEO: outpostinstall.exe - svchost.exe
    IFEO: outpostproinstall.exe - svchost.exe
    IFEO: ozn695m5.exe - svchost.exe
    IFEO: padmin.exe - svchost.exe
    IFEO: panixk.exe - svchost.exe
    IFEO: patch.exe - svchost.exe
    IFEO: pav.exe - svchost.exe
    IFEO: pavcl.exe - svchost.exe
    IFEO: PavFnSvr.exe - svchost.exe
    IFEO: pavproxy.exe - svchost.exe
    IFEO: pavprsrv.exe - svchost.exe
    IFEO: pavsched.exe - svchost.exe
    IFEO: pavsrv51.exe - svchost.exe
    IFEO: pavw.exe - svchost.exe
    IFEO: pc.exe - svchost.exe
    IFEO: pccwin98.exe - svchost.exe
    IFEO: pcfwallicon.exe - svchost.exe
    IFEO: pcip10117_0.exe - svchost.exe
    IFEO: pcscan.exe - svchost.exe
    IFEO: pctsAuxs.exe - svchost.exe
    IFEO: pctsGui.exe - svchost.exe
    IFEO: pctsSvc.exe - svchost.exe
    IFEO: pctsTray.exe - svchost.exe
    IFEO: PC_Antispyware2010.exe - svchost.exe
    IFEO: pdfndr.exe - svchost.exe
    IFEO: pdsetup.exe - svchost.exe
    IFEO: PerAvir.exe - svchost.exe
    IFEO: periscope.exe - svchost.exe
    IFEO: persfw.exe - svchost.exe
    IFEO: personalguard - svchost.exe
    IFEO: personalguard.exe - svchost.exe
    IFEO: perswf.exe - svchost.exe
    IFEO: pf2.exe - svchost.exe
    IFEO: pfwadmin.exe - svchost.exe
    IFEO: pgmonitr.exe - svchost.exe
    IFEO: pingscan.exe - svchost.exe
    IFEO: platin.exe - svchost.exe
    IFEO: pop3trap.exe - svchost.exe
    IFEO: poproxy.exe - svchost.exe
    IFEO: popscan.exe - svchost.exe
    IFEO: portdetective.exe - svchost.exe
    IFEO: portmonitor.exe - svchost.exe
    IFEO: powerscan.exe - svchost.exe
    IFEO: ppinupdt.exe - svchost.exe
    IFEO: pptbc.exe - svchost.exe
    IFEO: ppvstop.exe - svchost.exe
    IFEO: prizesurfer.exe - svchost.exe
    IFEO: prmt.exe - svchost.exe
    IFEO: prmvr.exe - svchost.exe
    IFEO: procdump.exe - svchost.exe
    IFEO: processmonitor.exe - svchost.exe
    IFEO: procexplorerv1.0.exe - svchost.exe
    IFEO: programauditor.exe - svchost.exe
    IFEO: proport.exe - svchost.exe
    IFEO: protector.exe - svchost.exe
    IFEO: protectx.exe - svchost.exe
    IFEO: PSANCU.exe - svchost.exe
    IFEO: PSANHost.exe - svchost.exe
    IFEO: PSANToManager.exe - svchost.exe
    IFEO: PsCtrls.exe - svchost.exe
    IFEO: PsImSvc.exe - svchost.exe
    IFEO: PskSvc.exe - svchost.exe
    IFEO: pspf.exe - svchost.exe
    IFEO: PSUNMain.exe - svchost.exe
    IFEO: purge.exe - svchost.exe
    IFEO: qconsole.exe - svchost.exe
    IFEO: qh.exe - svchost.exe
    IFEO: qserver.exe - svchost.exe
    IFEO: Quick Heal.exe - svchost.exe
    IFEO: QuickHealCleaner.exe - svchost.exe
    IFEO: rapapp.exe - svchost.exe
    IFEO: rav7.exe - svchost.exe
    IFEO: rav7win.exe - svchost.exe
    IFEO: rav8win32eng.exe - svchost.exe
    IFEO: ray.exe - svchost.exe
    IFEO: rb32.exe - svchost.exe
    IFEO: rcsync.exe - svchost.exe
    IFEO: realmon.exe - svchost.exe
    IFEO: reged.exe - svchost.exe
    IFEO: regedt32.exe - svchost.exe
    IFEO: rescue.exe - svchost.exe
    IFEO: rescue32.exe - svchost.exe
    IFEO: rrguard.exe - svchost.exe
    IFEO: rscdwld.exe - svchost.exe
    IFEO: rshell.exe - svchost.exe
    IFEO: rtvscan.exe - svchost.exe
    IFEO: rtvscn95.exe - svchost.exe
    IFEO: rulaunch.exe - svchost.exe
    IFEO: rwg - svchost.exe
    IFEO: rwg.exe - svchost.exe
    IFEO: SafetyKeeper.exe - svchost.exe
    IFEO: safeweb.exe - svchost.exe
    IFEO: sahagent.exe - svchost.exe
    IFEO: Save.exe - svchost.exe
    IFEO: SaveArmor.exe - svchost.exe
    IFEO: SaveDefense.exe - svchost.exe
    IFEO: SaveKeep.exe - svchost.exe
    IFEO: savenow.exe - svchost.exe
    IFEO: sbserv.exe - svchost.exe
    IFEO: sc.exe - svchost.exe
    IFEO: scam32.exe - svchost.exe
    IFEO: scan32.exe - svchost.exe
    IFEO: scan95.exe - svchost.exe
    IFEO: scanpm.exe - svchost.exe
    IFEO: scrscan.exe - svchost.exe
    IFEO: Secure Veteran.exe - svchost.exe
    IFEO: secureveteran.exe - svchost.exe
    IFEO: Security Center.exe - svchost.exe
    IFEO: SecurityFighter.exe - svchost.exe
    IFEO: securitysoldier.exe - svchost.exe
    IFEO: serv95.exe - svchost.exe
    IFEO: setloadorder.exe - svchost.exe
    IFEO: setupvameeval.exe - svchost.exe
    IFEO: setup_flowprotector_us.exe - svchost.exe
    IFEO: sgssfw32.exe - svchost.exe
    IFEO: sh.exe - svchost.exe
    IFEO: shellspyinstall.exe - svchost.exe
    IFEO: shield.exe - svchost.exe
    IFEO: shn.exe - svchost.exe
    IFEO: showbehind.exe - svchost.exe
    IFEO: signcheck.exe - svchost.exe
    IFEO: smart.exe - svchost.exe
    IFEO: smartprotector.exe - svchost.exe
    IFEO: smc.exe - svchost.exe
    IFEO: smrtdefp.exe - svchost.exe
    IFEO: sms.exe - svchost.exe
    IFEO: smss32.exe - svchost.exe
    IFEO: snetcfg.exe - svchost.exe
    IFEO: soap.exe - svchost.exe
    IFEO: sofi.exe - svchost.exe
    IFEO: SoftSafeness.exe - svchost.exe
    IFEO: sperm.exe - svchost.exe
    IFEO: spf.exe - svchost.exe
    IFEO: sphinx.exe - svchost.exe
    IFEO: spoler.exe - svchost.exe
    IFEO: spoolcv.exe - svchost.exe
    IFEO: spoolsv32.exe - svchost.exe
    IFEO: spywarexpguard.exe - svchost.exe
    IFEO: spyxx.exe - svchost.exe
    IFEO: srexe.exe - svchost.exe
    IFEO: srng.exe - svchost.exe
    IFEO: ss3edit.exe - svchost.exe
    IFEO: ssgrate.exe - svchost.exe
    IFEO: ssg_4104.exe - svchost.exe
    IFEO: st2.exe - svchost.exe
    IFEO: start.exe - svchost.exe
    IFEO: stcloader.exe - svchost.exe
    IFEO: supftrl.exe - svchost.exe
    IFEO: support.exe - svchost.exe
    IFEO: supporter5.exe - svchost.exe
    IFEO: svc.exe - svchost.exe
    IFEO: svchostc.exe - svchost.exe
    IFEO: svchosts.exe - svchost.exe
    IFEO: svshost.exe - svchost.exe
    IFEO: sweep95.exe - svchost.exe
    IFEO: sweepnet.sweepsrv.sys.swnetsup.exe - svchost.exe
    IFEO: symlcsvc.exe - svchost.exe
    IFEO: symproxysvc.exe - svchost.exe
    IFEO: symtray.exe - svchost.exe
    IFEO: system.exe - svchost.exe
    IFEO: system32.exe - svchost.exe
    IFEO: sysupd.exe - svchost.exe
    IFEO: tapinstall.exe - svchost.exe
    IFEO: taumon.exe - svchost.exe
    IFEO: tbscan.exe - svchost.exe
    IFEO: tc.exe - svchost.exe
    IFEO: tca.exe - svchost.exe
    IFEO: tcm.exe - svchost.exe
    IFEO: tds-3.exe - svchost.exe
    IFEO: tds2-98.exe - svchost.exe
    IFEO: tds2-nt.exe - svchost.exe
    IFEO: teekids.exe - svchost.exe
    IFEO: tfak.exe - svchost.exe
    IFEO: tfak5.exe - svchost.exe
    IFEO: tgbob.exe - svchost.exe
    IFEO: titanin.exe - svchost.exe
    IFEO: titaninxp.exe - svchost.exe
    IFEO: TPSrv.exe - svchost.exe
    IFEO: trickler.exe - svchost.exe
    IFEO: trjscan.exe - svchost.exe
    IFEO: trjsetup.exe - svchost.exe
    IFEO: trojantrap3.exe - svchost.exe
    IFEO: TrustWarrior.exe - svchost.exe
    IFEO: tsadbot.exe - svchost.exe
    IFEO: tsc.exe - svchost.exe
    IFEO: tvmd.exe - svchost.exe
    IFEO: tvtmd.exe - svchost.exe
    IFEO: undoboot.exe - svchost.exe
    IFEO: updat.exe - svchost.exe
    IFEO: upgrad.exe - svchost.exe
    IFEO: utpost.exe - svchost.exe
    IFEO: vbcmserv.exe - svchost.exe
    IFEO: vbcons.exe - svchost.exe
    IFEO: vbust.exe - svchost.exe
    IFEO: vbwin9x.exe - svchost.exe
    IFEO: vbwinntw.exe - svchost.exe
    IFEO: vcsetup.exe - svchost.exe
    IFEO: vet32.exe - svchost.exe
    IFEO: vet95.exe - svchost.exe
    IFEO: vettray.exe - svchost.exe
    IFEO: vfsetup.exe - svchost.exe
    IFEO: vir-help.exe - svchost.exe
    IFEO: virusmdpersonalfirewall.exe - svchost.exe
    IFEO: virusutilities.exe - svchost.exe
    IFEO: VisthAux.exe - svchost.exe
    IFEO: VisthLic.exe - svchost.exe
    IFEO: VisthUpd.exe - svchost.exe
    IFEO: vnlan300.exe - svchost.exe
    IFEO: vnpc3000.exe - svchost.exe
    IFEO: vpc32.exe - svchost.exe
    IFEO: vpc42.exe - svchost.exe
    IFEO: vpfw30s.exe - svchost.exe
    IFEO: vptray.exe - svchost.exe
    IFEO: vscan40.exe - svchost.exe
    IFEO: vscenu6.02d30.exe - svchost.exe
    IFEO: vsched.exe - svchost.exe
    IFEO: vsecomr.exe - svchost.exe
    IFEO: vshwin32.exe - svchost.exe
    IFEO: vsisetup.exe - svchost.exe
    IFEO: vsmain.exe - svchost.exe
    IFEO: vsmon.exe - svchost.exe
    IFEO: vsstat.exe - svchost.exe
    IFEO: vswin9xe.exe - svchost.exe
    IFEO: vswinntse.exe - svchost.exe
    IFEO: vswinperse.exe - svchost.exe
    IFEO: w32dsm89.exe - svchost.exe
    IFEO: W3asbas.exe - svchost.exe
    IFEO: w9x.exe - svchost.exe
    IFEO: watchdog.exe - svchost.exe
    IFEO: webdav.exe - svchost.exe
    IFEO: WebProxy.exe - svchost.exe
    IFEO: webscanx.exe - svchost.exe
    IFEO: webtrap.exe - svchost.exe
    IFEO: wfindv32.exe - svchost.exe
    IFEO: whoswatchingme.exe - svchost.exe
    IFEO: wimmun32.exe - svchost.exe
    IFEO: win-bugsfix.exe - svchost.exe
    IFEO: win32.exe - svchost.exe
    IFEO: win32us.exe - svchost.exe
    IFEO: winactive.exe - svchost.exe
    IFEO: winav.exe - svchost.exe
    IFEO: windll32.exe - svchost.exe
    IFEO: window.exe - svchost.exe
    IFEO: windows Police Pro.exe - svchost.exe
    IFEO: windows.exe - svchost.exe
    IFEO: wininetd.exe - svchost.exe
    IFEO: wininitx.exe - svchost.exe
    IFEO: winlogin.exe - svchost.exe
    IFEO: winmain.exe - svchost.exe
    IFEO: winppr32.exe - svchost.exe
    IFEO: winrecon.exe - svchost.exe
    IFEO: winservn.exe - svchost.exe
    IFEO: winssk32.exe - svchost.exe
    IFEO: winstart.exe - svchost.exe
    IFEO: winstart001.exe - svchost.exe
    IFEO: wintsk32.exe - svchost.exe
    IFEO: winupdate.exe - svchost.exe
    IFEO: wkufind.exe - svchost.exe
    IFEO: wnad.exe - svchost.exe
    IFEO: wnt.exe - svchost.exe
    IFEO: wradmin.exe - svchost.exe
    IFEO: wrctrl.exe - svchost.exe
    IFEO: wsbgate.exe - svchost.exe
    IFEO: wscfxas.exe - svchost.exe
    IFEO: wscfxav.exe - svchost.exe
    IFEO: wscfxfw.exe - svchost.exe
    IFEO: wsctool.exe - svchost.exe
    IFEO: wupdater.exe - svchost.exe
    IFEO: wupdt.exe - svchost.exe
    IFEO: wyvernworksfirewall.exe - svchost.exe
    IFEO: xpdeluxe.exe - svchost.exe
    IFEO: xpf202en.exe - svchost.exe
    IFEO: xp_antispyware.exe - svchost.exe
    IFEO: zapro.exe - svchost.exe
    IFEO: zapsetup3001.exe - svchost.exe
    IFEO: zatutor.exe - svchost.exe
    IFEO: zonalm2601.exe - svchost.exe
    IFEO: zonealarm.exe - svchost.exe
    IFEO: _avp32.exe - svchost.exe
    IFEO: _avpcc.exe - svchost.exe
    IFEO: _avpm.exe - svchost.exe
    IFEO: ~1.exe - svchost.exe
    IFEO: ~2.exe - svchost.exe
    x64-IFEO: a.exe - svchost.exe
    x64-IFEO: aAvgApi.exe - svchost.exe
    x64-IFEO: AAWTray.exe - svchost.exe
    x64-IFEO: About.exe - svchost.exe
    x64-IFEO: ackwin32.exe - svchost.exe
    x64-IFEO: Ad-Aware.exe - svchost.exe
    x64-IFEO: adaware.exe - svchost.exe
    x64-IFEO: advxdwin.exe - svchost.exe
    x64-IFEO: AdwarePrj.exe - svchost.exe
    x64-IFEO: agent.exe - svchost.exe
    x64-IFEO: agentsvr.exe - svchost.exe
    x64-IFEO: agentw.exe - svchost.exe
    x64-IFEO: alertsvc.exe - svchost.exe
    x64-IFEO: alevir.exe - svchost.exe
    x64-IFEO: alogserv.exe - svchost.exe
    x64-IFEO: AlphaAV - svchost.exe
    x64-IFEO: AlphaAV.exe - svchost.exe
    x64-IFEO: AluSchedulerSvc.exe - svchost.exe
    x64-IFEO: amon9x.exe - svchost.exe
    x64-IFEO: anti-trojan.exe - svchost.exe
    x64-IFEO: Anti-Virus Professional.exe - svchost.exe
    x64-IFEO: AntispywarXP2009.exe - svchost.exe
    x64-IFEO: antivirus.exe - svchost.exe
    x64-IFEO: AntivirusPlus - svchost.exe
    x64-IFEO: AntivirusPlus.exe - svchost.exe
    x64-IFEO: AntivirusPro_2010.exe - svchost.exe
    x64-IFEO: AntivirusXP - svchost.exe
    x64-IFEO: AntivirusXP.exe - svchost.exe
    x64-IFEO: antivirusxppro2009.exe - svchost.exe
    x64-IFEO: AntiVirus_Pro.exe - svchost.exe
    x64-IFEO: ants.exe - svchost.exe
    x64-IFEO: apimonitor.exe - svchost.exe
    x64-IFEO: aplica32.exe - svchost.exe
    x64-IFEO: apvxdwin.exe - svchost.exe
    x64-IFEO: arr.exe - svchost.exe
    x64-IFEO: ashAvast.exe - svchost.exe
    x64-IFEO: ashBug.exe - svchost.exe
    x64-IFEO: ashChest.exe - svchost.exe
    x64-IFEO: ashCnsnt.exe - svchost.exe
    x64-IFEO: ashDisp.exe - svchost.exe
    x64-IFEO: ashLogV.exe - svchost.exe
    x64-IFEO: ashMaiSv.exe - svchost.exe
    x64-IFEO: ashPopWz.exe - svchost.exe
    x64-IFEO: ashQuick.exe - svchost.exe
    x64-IFEO: ashServ.exe - svchost.exe
    x64-IFEO: ashSimp2.exe - svchost.exe
    x64-IFEO: ashSimpl.exe - svchost.exe
    x64-IFEO: ashSkPcc.exe - svchost.exe
    x64-IFEO: ashSkPck.exe - svchost.exe
    x64-IFEO: ashUpd.exe - svchost.exe
    x64-IFEO: ashWebSv.exe - svchost.exe
    x64-IFEO: aswChLic.exe - svchost.exe
    x64-IFEO: aswRegSvr.exe - svchost.exe
    x64-IFEO: aswRunDll.exe - svchost.exe
    x64-IFEO: aswUpdSv.exe - svchost.exe
    x64-IFEO: atcon.exe - svchost.exe
    x64-IFEO: atguard.exe - svchost.exe
    x64-IFEO: atro55en.exe - svchost.exe
    x64-IFEO: atupdater.exe - svchost.exe
    x64-IFEO: atwatch.exe - svchost.exe
    x64-IFEO: au.exe - svchost.exe
    x64-IFEO: aupdate.exe - svchost.exe
    x64-IFEO: auto-protect.nav80try.exe - svchost.exe
    x64-IFEO: autodown.exe - svchost.exe
    x64-IFEO: autotrace.exe - svchost.exe
    x64-IFEO: autoupdate.exe - svchost.exe
    x64-IFEO: av360.exe - svchost.exe
    x64-IFEO: avadmin.exe - svchost.exe
    x64-IFEO: avastSvc.exe - svchost.exe
    x64-IFEO: avastUI.exe - svchost.exe
    x64-IFEO: AVCare.exe - svchost.exe
    x64-IFEO: avcenter.exe - svchost.exe
    x64-IFEO: avciman.exe - svchost.exe
    x64-IFEO: avconfig.exe - svchost.exe
    x64-IFEO: avconsol.exe - svchost.exe
    x64-IFEO: ave32.exe - svchost.exe
    x64-IFEO: AVENGINE.EXE - svchost.exe
    x64-IFEO: avgcc32.exe - svchost.exe
    x64-IFEO: avgchk.exe - svchost.exe
    x64-IFEO: avgcmgr.exe - svchost.exe
    x64-IFEO: avgcsrvx.exe - svchost.exe
    x64-IFEO: avgctrl.exe - svchost.exe
    x64-IFEO: avgdumpx.exe - svchost.exe
    x64-IFEO: avgemc.exe - svchost.exe
    x64-IFEO: avgiproxy.exe - svchost.exe
    x64-IFEO: avgnsx.exe - svchost.exe
    x64-IFEO: avgnt.exe - svchost.exe
    x64-IFEO: avgrsx.exe - svchost.exe
    x64-IFEO: avgscanx.exe - svchost.exe
    x64-IFEO: avgserv.exe - svchost.exe
    x64-IFEO: avgserv9.exe - svchost.exe
    x64-IFEO: avgsrmax.exe - svchost.exe
    x64-IFEO: avgtray.exe - svchost.exe
    x64-IFEO: avguard.exe - svchost.exe
    x64-IFEO: avgui.exe - svchost.exe
    x64-IFEO: avgupd.exe - svchost.exe
    x64-IFEO: avgw.exe - svchost.exe
    x64-IFEO: avgwdsvc.exe - svchost.exe
    x64-IFEO: avkpop.exe - svchost.exe
    x64-IFEO: avkserv.exe - svchost.exe
    x64-IFEO: avkservice.exe - svchost.exe
    x64-IFEO: avkwctl9.exe - svchost.exe
    x64-IFEO: avltmain.exe - svchost.exe
    x64-IFEO: avmailc.exe - svchost.exe
    x64-IFEO: avmcdlg.exe - svchost.exe
    x64-IFEO: avnotify.exe - svchost.exe
    x64-IFEO: avnt.exe - svchost.exe
    x64-IFEO: avp32.exe - svchost.exe
    x64-IFEO: avpcc.exe - svchost.exe
    x64-IFEO: avpdos32.exe - svchost.exe
    x64-IFEO: avpm.exe - svchost.exe
    x64-IFEO: avptc32.exe - svchost.exe
    x64-IFEO: avpupd.exe - svchost.exe
    x64-IFEO: avsched32.exe - svchost.exe
    x64-IFEO: avshadow.exe - svchost.exe
    x64-IFEO: avsynmgr.exe - svchost.exe
    x64-IFEO: avupgsvc.exe - svchost.exe
    x64-IFEO: AVWEBGRD.EXE - svchost.exe
    x64-IFEO: avwin.exe - svchost.exe
    x64-IFEO: avwin95.exe - svchost.exe
    x64-IFEO: avwinnt.exe - svchost.exe
    x64-IFEO: avwsc.exe - svchost.exe
    x64-IFEO: avwupd.exe - svchost.exe
    x64-IFEO: avwupd32.exe - svchost.exe
    x64-IFEO: avwupsrv.exe - svchost.exe
    x64-IFEO: avxmonitor9x.exe - svchost.exe
    x64-IFEO: avxmonitornt.exe - svchost.exe
    x64-IFEO: avxquar.exe - svchost.exe
    x64-IFEO: b.exe - svchost.exe
    x64-IFEO: backweb.exe - svchost.exe
    x64-IFEO: bargains.exe - svchost.exe
    x64-IFEO: bdfvcl.exe - svchost.exe
    x64-IFEO: bdfvwiz.exe - svchost.exe
    x64-IFEO: BDInProcPatch.exe - svchost.exe
    x64-IFEO: bdmcon.exe - svchost.exe
    x64-IFEO: BDMsnScan.exe - svchost.exe
    x64-IFEO: BDSurvey.exe - svchost.exe
    x64-IFEO: bd_professional.exe - svchost.exe
    x64-IFEO: beagle.exe - svchost.exe
    x64-IFEO: belt.exe - svchost.exe
    x64-IFEO: bidef.exe - svchost.exe
    x64-IFEO: bidserver.exe - svchost.exe
    x64-IFEO: bipcp.exe - svchost.exe
    x64-IFEO: bipcpevalsetup.exe - svchost.exe
    x64-IFEO: bisp.exe - svchost.exe
    x64-IFEO: blackd.exe - svchost.exe
    x64-IFEO: blackice.exe - svchost.exe
    x64-IFEO: blink.exe - svchost.exe
    x64-IFEO: blss.exe - svchost.exe
    x64-IFEO: bootconf.exe - svchost.exe
    x64-IFEO: bootwarn.exe - svchost.exe
    x64-IFEO: borg2.exe - svchost.exe
    x64-IFEO: bpc.exe - svchost.exe
    x64-IFEO: brasil.exe - svchost.exe
    x64-IFEO: brastk.exe - svchost.exe
    x64-IFEO: brw.exe - svchost.exe
    x64-IFEO: bs120.exe - svchost.exe
    x64-IFEO: bspatch.exe - svchost.exe
    x64-IFEO: bundle.exe - svchost.exe
    x64-IFEO: bvt.exe - svchost.exe
    x64-IFEO: c.exe - svchost.exe
    x64-IFEO: cavscan.exe - svchost.exe
    x64-IFEO: ccapp.exe - svchost.exe
    x64-IFEO: ccevtmgr.exe - svchost.exe
    x64-IFEO: ccpxysvc.exe - svchost.exe
    x64-IFEO: ccSvcHst.exe - svchost.exe
    x64-IFEO: cdp.exe - svchost.exe
    x64-IFEO: cfd.exe - svchost.exe
    x64-IFEO: cfgwiz.exe - svchost.exe
    x64-IFEO: cfiadmin.exe - svchost.exe
    x64-IFEO: cfiaudit.exe - svchost.exe
    x64-IFEO: cfinet.exe - svchost.exe
    x64-IFEO: cfinet32.exe - svchost.exe
    x64-IFEO: cfp.exe - svchost.exe
    x64-IFEO: cfpconfg.exe - svchost.exe
    x64-IFEO: cfplogvw.exe - svchost.exe
    x64-IFEO: cfpupdat.exe - svchost.exe
    x64-IFEO: claw95.exe - svchost.exe
    x64-IFEO: claw95cf.exe - svchost.exe
    x64-IFEO: clean.exe - svchost.exe
    x64-IFEO: cleaner.exe - svchost.exe
    x64-IFEO: cleaner3.exe - svchost.exe
    x64-IFEO: cleanIELow.exe - svchost.exe
    x64-IFEO: cleanpc.exe - svchost.exe
    x64-IFEO: click.exe - svchost.exe
    x64-IFEO: cmd32.exe - svchost.exe
    x64-IFEO: cmdagent.exe - svchost.exe
    x64-IFEO: cmesys.exe - svchost.exe
    x64-IFEO: cmgrdian.exe - svchost.exe
    x64-IFEO: cmon016.exe - svchost.exe
    x64-IFEO: connectionmonitor.exe - svchost.exe
    x64-IFEO: control - svchost.exe
    x64-IFEO: cpd.exe - svchost.exe
    x64-IFEO: cpf9x206.exe - svchost.exe
    x64-IFEO: cpfnt206.exe - svchost.exe
    x64-IFEO: crashrep.exe - svchost.exe
    x64-IFEO: csc.exe - svchost.exe
    x64-IFEO: cssconfg.exe - svchost.exe
    x64-IFEO: cssupdat.exe - svchost.exe
    x64-IFEO: cssurf.exe - svchost.exe
    x64-IFEO: ctrl.exe - svchost.exe
    x64-IFEO: cv.exe - svchost.exe
    x64-IFEO: cwnb181.exe - svchost.exe
    x64-IFEO: cwntdwmo.exe - svchost.exe
    x64-IFEO: d.exe - svchost.exe
    x64-IFEO: datemanager.exe - svchost.exe
    x64-IFEO: dcomx.exe - svchost.exe
    x64-IFEO: defalert.exe - svchost.exe
    x64-IFEO: defscangui.exe - svchost.exe
    x64-IFEO: defwatch.exe - svchost.exe
    x64-IFEO: deloeminfs.exe - svchost.exe
    x64-IFEO: deputy.exe - svchost.exe
    x64-IFEO: divx.exe - svchost.exe
    x64-IFEO: dllcache.exe - svchost.exe
    x64-IFEO: dllreg.exe - svchost.exe
    x64-IFEO: doors.exe - svchost.exe
    x64-IFEO: dop.exe - svchost.exe
    x64-IFEO: dpf.exe - svchost.exe
    x64-IFEO: dpfsetup.exe - svchost.exe
    x64-IFEO: dpps2.exe - svchost.exe
    x64-IFEO: driverctrl.exe - svchost.exe
    x64-IFEO: drwatson.exe - svchost.exe
    x64-IFEO: drweb32.exe - svchost.exe
    x64-IFEO: drwebupw.exe - svchost.exe
    x64-IFEO: dssagent.exe - svchost.exe
    x64-IFEO: dvp95.exe - svchost.exe
    x64-IFEO: dvp95_0.exe - svchost.exe
    x64-IFEO: ecengine.exe - svchost.exe
    x64-IFEO: efpeadm.exe - svchost.exe
    x64-IFEO: emsw.exe - svchost.exe
    x64-IFEO: ent.exe - svchost.exe
    x64-IFEO: esafe.exe - svchost.exe
    x64-IFEO: escanhnt.exe - svchost.exe
    x64-IFEO: escanv95.exe - svchost.exe
    x64-IFEO: espwatch.exe - svchost.exe
    x64-IFEO: ethereal.exe - svchost.exe
    x64-IFEO: etrustcipe.exe - svchost.exe
    x64-IFEO: evpn.exe - svchost.exe
    x64-IFEO: exantivirus-cnet.exe - svchost.exe
    x64-IFEO: exe.avxw.exe - svchost.exe
    x64-IFEO: expert.exe - svchost.exe
    x64-IFEO: explore.exe - svchost.exe
    x64-IFEO: f-agnt95.exe - svchost.exe
    x64-IFEO: f-prot.exe - svchost.exe
    x64-IFEO: f-prot95.exe - svchost.exe
    x64-IFEO: f-stopw.exe - svchost.exe
    x64-IFEO: fact.exe - svchost.exe
    x64-IFEO: fameh32.exe - svchost.exe
    x64-IFEO: fast.exe - svchost.exe
    x64-IFEO: fch32.exe - svchost.exe
    x64-IFEO: fih32.exe - svchost.exe
    x64-IFEO: findviru.exe - svchost.exe
    x64-IFEO: firewall.exe - svchost.exe
    x64-IFEO: fixcfg.exe - svchost.exe
    x64-IFEO: fixfp.exe - svchost.exe
    x64-IFEO: fnrb32.exe - svchost.exe
    x64-IFEO: fp-win.exe - svchost.exe
    x64-IFEO: fp-win_trial.exe - svchost.exe
    x64-IFEO: fprot.exe - svchost.exe
    x64-IFEO: frmwrk32.exe - svchost.exe
    x64-IFEO: frw.exe - svchost.exe
    x64-IFEO: fsaa.exe - svchost.exe
    x64-IFEO: fsav.exe - svchost.exe
    x64-IFEO: fsav32.exe - svchost.exe
    x64-IFEO: fsav530stbyb.exe - svchost.exe
    x64-IFEO: fsav530wtbyb.exe - svchost.exe
    x64-IFEO: fsav95.exe - svchost.exe
    x64-IFEO: fsgk32.exe - svchost.exe
    x64-IFEO: fsm32.exe - svchost.exe
    x64-IFEO: fsma32.exe - svchost.exe
    x64-IFEO: fsmb32.exe - svchost.exe
    x64-IFEO: gator.exe - svchost.exe
    x64-IFEO: gav.exe - svchost.exe
    x64-IFEO: gbmenu.exe - svchost.exe
    x64-IFEO: gbn976rl.exe - svchost.exe
    x64-IFEO: gbpoll.exe - svchost.exe
    x64-IFEO: generics.exe - svchost.exe
    x64-IFEO: gmt.exe - svchost.exe
    x64-IFEO: guard.exe - svchost.exe
    x64-IFEO: guarddog.exe - svchost.exe
    x64-IFEO: guardgui.exe - svchost.exe
    x64-IFEO: guardxkickoff.exe - svchost.exe
    x64-IFEO: hacktracersetup.exe - svchost.exe
    x64-IFEO: hbinst.exe - svchost.exe
    x64-IFEO: hbsrv.exe - svchost.exe
    x64-IFEO: History.exe - svchost.exe
    x64-IFEO: homeav2010.exe - svchost.exe
    x64-IFEO: hotactio.exe - svchost.exe
    x64-IFEO: hotpatch.exe - svchost.exe
    x64-IFEO: htlog.exe - svchost.exe
    x64-IFEO: htpatch.exe - svchost.exe
    x64-IFEO: hwpe.exe - svchost.exe
    x64-IFEO: hxdl.exe - svchost.exe
    x64-IFEO: hxiul.exe - svchost.exe
    x64-IFEO: iamapp.exe - svchost.exe
    x64-IFEO: iamserv.exe - svchost.exe
    x64-IFEO: iamstats.exe - svchost.exe
    x64-IFEO: ibmasn.exe - svchost.exe
    x64-IFEO: ibmavsp.exe - svchost.exe
    x64-IFEO: icload95.exe - svchost.exe
    x64-IFEO: icloadnt.exe - svchost.exe
    x64-IFEO: icmon.exe - svchost.exe
    x64-IFEO: icsupp95.exe - svchost.exe
    x64-IFEO: icsuppnt.exe - svchost.exe
    x64-IFEO: Identity.exe - svchost.exe
    x64-IFEO: idle.exe - svchost.exe
    x64-IFEO: iedll.exe - svchost.exe
    x64-IFEO: iedriver.exe - svchost.exe
    x64-IFEO: IEShow.exe - svchost.exe
    x64-IFEO: iface.exe - svchost.exe
    x64-IFEO: ifw2000.exe - svchost.exe
    x64-IFEO: inetlnfo.exe - svchost.exe
    x64-IFEO: infus.exe - svchost.exe
    x64-IFEO: infwin.exe - svchost.exe
    x64-IFEO: init.exe - svchost.exe
    x64-IFEO: init32.exe - svchost.exe
    x64-IFEO: install[1].exe - svchost.exe
    x64-IFEO: install[2].exe - svchost.exe
    x64-IFEO: install[3].exe - svchost.exe
    x64-IFEO: install[4].exe - svchost.exe
    x64-IFEO: install[5].exe - svchost.exe
    x64-IFEO: intdel.exe - svchost.exe
    x64-IFEO: intren.exe - svchost.exe
    x64-IFEO: iomon98.exe - svchost.exe
    x64-IFEO: istsvc.exe - svchost.exe
    x64-IFEO: jammer.exe - svchost.exe
    x64-IFEO: jdbgmrg.exe - svchost.exe
    x64-IFEO: jedi.exe - svchost.exe
    x64-IFEO: JsRcGen.exe - svchost.exe
    x64-IFEO: kavlite40eng.exe - svchost.exe
    x64-IFEO: kavpers40eng.exe - svchost.exe
    x64-IFEO: kavpf.exe - svchost.exe
    x64-IFEO: kazza.exe - svchost.exe
    x64-IFEO: keenvalue.exe - svchost.exe
    x64-IFEO: kerio-pf-213-en-win.exe - svchost.exe
    x64-IFEO: kerio-wrl-421-en-win.exe - svchost.exe
    x64-IFEO: kerio-wrp-421-en-win.exe - svchost.exe
    x64-IFEO: killprocesssetup161.exe - svchost.exe
    x64-IFEO: ldnetmon.exe - svchost.exe
    x64-IFEO: ldpro.exe - svchost.exe
    x64-IFEO: ldpromenu.exe - svchost.exe
    x64-IFEO: ldscan.exe - svchost.exe
    x64-IFEO: licmgr.exe - svchost.exe
    x64-IFEO: lnetinfo.exe - svchost.exe
    x64-IFEO: loader.exe - svchost.exe
    x64-IFEO: localnet.exe - svchost.exe
    x64-IFEO: lockdown.exe - svchost.exe
    x64-IFEO: lockdown2000.exe - svchost.exe
    x64-IFEO: lookout.exe - svchost.exe
    x64-IFEO: lordpe.exe - svchost.exe
    x64-IFEO: lsetup.exe - svchost.exe
    x64-IFEO: luall.exe - svchost.exe
    x64-IFEO: luau.exe - svchost.exe
    x64-IFEO: lucomserver.exe - svchost.exe
    x64-IFEO: luinit.exe - svchost.exe
    x64-IFEO: luspt.exe - svchost.exe
    x64-IFEO: MalwareRemoval.exe - svchost.exe
    x64-IFEO: mapisvc32.exe - svchost.exe
    x64-IFEO: mbam.exe - svchost.exe
    x64-IFEO: mbamgui.exe - svchost.exe
    x64-IFEO: mbamservice.exe - svchost.exe
    x64-IFEO: mcagent.exe - svchost.exe
    x64-IFEO: mcmnhdlr.exe - svchost.exe
    x64-IFEO: mcmpeng.exe - svchost.exe
    x64-IFEO: mcmscsvc.exe - svchost.exe
    x64-IFEO: mcnasvc.exe - svchost.exe
    x64-IFEO: mcproxy.exe - svchost.exe
    x64-IFEO: McSACore.exe - svchost.exe
    x64-IFEO: mcshell.exe - svchost.exe
    x64-IFEO: mcshield.exe - svchost.exe
    x64-IFEO: mcsysmon.exe - svchost.exe
    x64-IFEO: mctool.exe - svchost.exe
    x64-IFEO: mcupdate.exe - svchost.exe
    x64-IFEO: mcvsrte.exe - svchost.exe
    x64-IFEO: mcvsshld.exe - svchost.exe
    x64-IFEO: md.exe - svchost.exe
    x64-IFEO: mfin32.exe - svchost.exe
    x64-IFEO: mfw2en.exe - svchost.exe
    x64-IFEO: mfweng3.02d30.exe - svchost.exe
    x64-IFEO: mgavrtcl.exe - svchost.exe
    x64-IFEO: mgavrte.exe - svchost.exe
    x64-IFEO: mghtml.exe - svchost.exe
    x64-IFEO: mgui.exe - svchost.exe
    x64-IFEO: minilog.exe - svchost.exe
    x64-IFEO: mmod.exe - svchost.exe
    x64-IFEO: monitor.exe - svchost.exe
    x64-IFEO: moolive.exe - svchost.exe
    x64-IFEO: mostat.exe - svchost.exe
    x64-IFEO: mpfagent.exe - svchost.exe
    x64-IFEO: mpfservice.exe - svchost.exe
    x64-IFEO: MPFSrv.exe - svchost.exe
    x64-IFEO: mpftray.exe - svchost.exe
    x64-IFEO: mrflux.exe - svchost.exe
    x64-IFEO: mrt.exe - svchost.exe
    x64-IFEO: msa.exe - svchost.exe
    x64-IFEO: msapp.exe - svchost.exe
    x64-IFEO: MSASCui.exe - svchost.exe
    x64-IFEO: msbb.exe - svchost.exe
    x64-IFEO: msblast.exe - svchost.exe
    x64-IFEO: mscache.exe - svchost.exe
    x64-IFEO: msccn32.exe - svchost.exe
    x64-IFEO: mscman.exe - svchost.exe
    x64-IFEO: msconfig - svchost.exe
    x64-IFEO: msdm.exe - svchost.exe
    x64-IFEO: msdos.exe - svchost.exe
    x64-IFEO: msiexec16.exe - svchost.exe
    x64-IFEO: mslaugh.exe - svchost.exe
    x64-IFEO: msmgt.exe - svchost.exe
    x64-IFEO: msmsgri32.exe - svchost.exe
    x64-IFEO: msseces.exe - svchost.exe
    x64-IFEO: mssmmc32.exe - svchost.exe
    x64-IFEO: mssys.exe - svchost.exe
    x64-IFEO: msvxd.exe - svchost.exe
    x64-IFEO: mu0311ad.exe - svchost.exe
    x64-IFEO: mwatch.exe - svchost.exe
    x64-IFEO: n32scanw.exe - svchost.exe
    x64-IFEO: nav.exe - svchost.exe
    x64-IFEO: navap.navapsvc.exe - svchost.exe
    x64-IFEO: navapsvc.exe - svchost.exe
    x64-IFEO: navapw32.exe - svchost.exe
    x64-IFEO: navdx.exe - svchost.exe
    x64-IFEO: navlu32.exe - svchost.exe
    x64-IFEO: navnt.exe - svchost.exe
    x64-IFEO: navstub.exe - svchost.exe
    x64-IFEO: navw32.exe - svchost.exe
    x64-IFEO: navwnt.exe - svchost.exe
    x64-IFEO: nc2000.exe - svchost.exe
    x64-IFEO: ncinst4.exe - svchost.exe
    x64-IFEO: ndd32.exe - svchost.exe
    x64-IFEO: neomonitor.exe - svchost.exe
    x64-IFEO: neowatchlog.exe - svchost.exe
    x64-IFEO: netarmor.exe - svchost.exe
    x64-IFEO: netd32.exe - svchost.exe
    x64-IFEO: netinfo.exe - svchost.exe
    x64-IFEO: netmon.exe - svchost.exe
    x64-IFEO: netscanpro.exe - svchost.exe
    x64-IFEO: netspyhunter-1.2.exe - svchost.exe
    x64-IFEO: netutils.exe - svchost.exe
    x64-IFEO: nisserv.exe - svchost.exe
    x64-IFEO: nisum.exe - svchost.exe
    x64-IFEO: nmain.exe - svchost.exe
    x64-IFEO: nod32.exe - svchost.exe
    x64-IFEO: normist.exe - svchost.exe
    x64-IFEO: norton_internet_secu_3.0_407.exe - svchost.exe
    x64-IFEO: notstart.exe - svchost.exe
    x64-IFEO: npf40_tw_98_nt_me_2k.exe - svchost.exe
    x64-IFEO: npfmessenger.exe - svchost.exe
    x64-IFEO: nprotect.exe - svchost.exe
    x64-IFEO: npscheck.exe - svchost.exe
    x64-IFEO: npssvc.exe - svchost.exe
    x64-IFEO: nsched32.exe - svchost.exe
    x64-IFEO: nssys32.exe - svchost.exe
    x64-IFEO: nstask32.exe - svchost.exe
    x64-IFEO: nsupdate.exe - svchost.exe
    x64-IFEO: nt.exe - svchost.exe
    x64-IFEO: ntrtscan.exe - svchost.exe
    x64-IFEO: ntvdm.exe - svchost.exe
    x64-IFEO: ntxconfig.exe - svchost.exe
    x64-IFEO: nui.exe - svchost.exe
    x64-IFEO: nupgrade.exe - svchost.exe
    x64-IFEO: nvarch16.exe - svchost.exe
    x64-IFEO: nvc95.exe - svchost.exe
    x64-IFEO: nvsvc32.exe - svchost.exe
    x64-IFEO: nwinst4.exe - svchost.exe
    x64-IFEO: nwservice.exe - svchost.exe
    x64-IFEO: nwtool16.exe - svchost.exe
    x64-IFEO: OAcat.exe - svchost.exe
    x64-IFEO: OAhlp.exe - svchost.exe
    x64-IFEO: OAReg.exe - svchost.exe
    x64-IFEO: oasrv.exe - svchost.exe
    x64-IFEO: oaui.exe - svchost.exe
    x64-IFEO: oaview.exe - svchost.exe
    x64-IFEO: ODSW.exe - svchost.exe
    x64-IFEO: ollydbg.exe - svchost.exe
    x64-IFEO: onsrvr.exe - svchost.exe
    x64-IFEO: optimize.exe - svchost.exe
    x64-IFEO: ostronet.exe - svchost.exe
    x64-IFEO: otfix.exe - svchost.exe
    x64-IFEO: outpost.exe - svchost.exe
    x64-IFEO: outpostinstall.exe - svchost.exe
    x64-IFEO: outpostproinstall.exe - svchost.exe
    x64-IFEO: ozn695m5.exe - svchost.exe
    x64-IFEO: padmin.exe - svchost.exe
    x64-IFEO: panixk.exe - svchost.exe
    x64-IFEO: patch.exe - svchost.exe
    x64-IFEO: pav.exe - svchost.exe
    x64-IFEO: pavcl.exe - svchost.exe
    x64-IFEO: PavFnSvr.exe - svchost.exe
    x64-IFEO: pavproxy.exe - svchost.exe
    x64-IFEO: pavprsrv.exe - svchost.exe
    x64-IFEO: pavsched.exe - svchost.exe
    x64-IFEO: pavsrv51.exe - svchost.exe
    x64-IFEO: pavw.exe - svchost.exe
    x64-IFEO: pc.exe - svchost.exe
    x64-IFEO: pccwin98.exe - svchost.exe
    x64-IFEO: pcfwallicon.exe - svchost.exe
    x64-IFEO: pcip10117_0.exe - svchost.exe
    x64-IFEO: pcscan.exe - svchost.exe
    x64-IFEO: pctsAuxs.exe - svchost.exe
    x64-IFEO: pctsGui.exe - svchost.exe
    x64-IFEO: pctsSvc.exe - svchost.exe
    x64-IFEO: pctsTray.exe - svchost.exe
    x64-IFEO: PC_Antispyware2010.exe - svchost.exe
    x64-IFEO: pdfndr.exe - svchost.exe
    x64-IFEO: pdsetup.exe - svchost.exe
    x64-IFEO: PerAvir.exe - svchost.exe
    x64-IFEO: periscope.exe - svchost.exe
    x64-IFEO: persfw.exe - svchost.exe
    x64-IFEO: personalguard - svchost.exe
    x64-IFEO: personalguard.exe - svchost.exe
    x64-IFEO: perswf.exe - svchost.exe
    x64-IFEO: pf2.exe - svchost.exe
    x64-IFEO: pfwadmin.exe - svchost.exe
    x64-IFEO: pgmonitr.exe - svchost.exe
    x64-IFEO: pingscan.exe - svchost.exe
    x64-IFEO: platin.exe - svchost.exe
    x64-IFEO: pop3trap.exe - svchost.exe
    x64-IFEO: poproxy.exe - svchost.exe
    x64-IFEO: popscan.exe - svchost.exe
    x64-IFEO: portdetective.exe - svchost.exe
    x64-IFEO: portmonitor.exe - svchost.exe
    x64-IFEO: powerscan.exe - svchost.exe
    x64-IFEO: ppinupdt.exe - svchost.exe
    x64-IFEO: pptbc.exe - svchost.exe
    x64-IFEO: ppvstop.exe - svchost.exe
    x64-IFEO: prizesurfer.exe - svchost.exe
    x64-IFEO: prmt.exe - svchost.exe
    x64-IFEO: prmvr.exe - svchost.exe
    x64-IFEO: procdump.exe - svchost.exe
    x64-IFEO: processmonitor.exe - svchost.exe
    x64-IFEO: procexplorerv1.0.exe - svchost.exe
    x64-IFEO: programauditor.exe - svchost.exe
    x64-IFEO: proport.exe - svchost.exe
    x64-IFEO: protector.exe - svchost.exe
    x64-IFEO: protectx.exe - svchost.exe
    x64-IFEO: PSANCU.exe - svchost.exe
    x64-IFEO: PSANHost.exe - svchost.exe
    x64-IFEO: PSANToManager.exe - svchost.exe
    x64-IFEO: PsCtrls.exe - svchost.exe
    x64-IFEO: PsImSvc.exe - svchost.exe
    x64-IFEO: PskSvc.exe - svchost.exe
    x64-IFEO: pspf.exe - svchost.exe
    x64-IFEO: PSUNMain.exe - svchost.exe
    x64-IFEO: purge.exe - svchost.exe
    x64-IFEO: qconsole.exe - svchost.exe
    x64-IFEO: qh.exe - svchost.exe
    x64-IFEO: qserver.exe - svchost.exe
    x64-IFEO: Quick Heal.exe - svchost.exe
    x64-IFEO: QuickHealCleaner.exe - svchost.exe
    x64-IFEO: rapapp.exe - svchost.exe
    x64-IFEO: rav7.exe - svchost.exe
    x64-IFEO: rav7win.exe - svchost.exe
    x64-IFEO: rav8win32eng.exe - svchost.exe
    x64-IFEO: ray.exe - svchost.exe
    x64-IFEO: rb32.exe - svchost.exe
    x64-IFEO: rcsync.exe - svchost.exe
    x64-IFEO: realmon.exe - svchost.exe
    x64-IFEO: reged.exe - svchost.exe
    x64-IFEO: regedt32.exe - svchost.exe
    x64-IFEO: rescue.exe - svchost.exe
    x64-IFEO: rescue32.exe - svchost.exe
    x64-IFEO: rrguard.exe - svchost.exe
    x64-IFEO: rscdwld.exe - svchost.exe
    x64-IFEO: rshell.exe - svchost.exe
    x64-IFEO: rtvscan.exe - svchost.exe
    x64-IFEO: rtvscn95.exe - svchost.exe
    x64-IFEO: rulaunch.exe - svchost.exe
    x64-IFEO: rwg - svchost.exe
    x64-IFEO: rwg.exe - svchost.exe
    x64-IFEO: SafetyKeeper.exe - svchost.exe
    x64-IFEO: safeweb.exe - svchost.exe
    x64-IFEO: sahagent.exe - svchost.exe
    x64-IFEO: Save.exe - svchost.exe
    x64-IFEO: SaveArmor.exe - svchost.exe
    x64-IFEO: SaveDefense.exe - svchost.exe
    x64-IFEO: SaveKeep.exe - svchost.exe
    x64-IFEO: savenow.exe - svchost.exe
    x64-IFEO: sbserv.exe - svchost.exe
    x64-IFEO: sc.exe - svchost.exe
    x64-IFEO: scam32.exe - svchost.exe
    x64-IFEO: scan32.exe - svchost.exe
    x64-IFEO: scan95.exe - svchost.exe
    x64-IFEO: scanpm.exe - svchost.exe
    x64-IFEO: scrscan.exe - svchost.exe
    x64-IFEO: Secure Veteran.exe - svchost.exe
    x64-IFEO: secureveteran.exe - svchost.exe
    x64-IFEO: Security Center.exe - svchost.exe
    x64-IFEO: SecurityFighter.exe - svchost.exe
    x64-IFEO: securitysoldier.exe - svchost.exe
    x64-IFEO: serv95.exe - svchost.exe
    x64-IFEO: setloadorder.exe - svchost.exe
    x64-IFEO: setupvameeval.exe - svchost.exe
    x64-IFEO: setup_flowprotector_us.exe - svchost.exe
    x64-IFEO: sgssfw32.exe - svchost.exe
    x64-IFEO: sh.exe - svchost.exe
    x64-IFEO: shellspyinstall.exe - svchost.exe
    x64-IFEO: shield.exe - svchost.exe
    x64-IFEO: shn.exe - svchost.exe
    x64-IFEO: showbehind.exe - svchost.exe
    x64-IFEO: signcheck.exe - svchost.exe
    x64-IFEO: smart.exe - svchost.exe
    x64-IFEO: smartprotector.exe - svchost.exe
    x64-IFEO: smc.exe - svchost.exe
    x64-IFEO: smrtdefp.exe - svchost.exe
    x64-IFEO: sms.exe - svchost.exe
    x64-IFEO: smss32.exe - svchost.exe
    x64-IFEO: snetcfg.exe - svchost.exe
    x64-IFEO: soap.exe - svchost.exe
    x64-IFEO: sofi.exe - svchost.exe
    x64-IFEO: SoftSafeness.exe - svchost.exe
    x64-IFEO: sperm.exe - svchost.exe
    x64-IFEO: spf.exe - svchost.exe
    x64-IFEO: sphinx.exe - svchost.exe
    x64-IFEO: spoler.exe - svchost.exe
    x64-IFEO: spoolcv.exe - svchost.exe
    x64-IFEO: spoolsv32.exe - svchost.exe
    x64-IFEO: spywarexpguard.exe - svchost.exe
    x64-IFEO: spyxx.exe - svchost.exe
    x64-IFEO: srexe.exe - svchost.exe
    x64-IFEO: srng.exe - svchost.exe
    x64-IFEO: ss3edit.exe - svchost.exe
    x64-IFEO: ssgrate.exe - svchost.exe
    x64-IFEO: ssg_4104.exe - svchost.exe
    x64-IFEO: st2.exe - svchost.exe
    x64-IFEO: start.exe - svchost.exe
    x64-IFEO: stcloader.exe - svchost.exe
    x64-IFEO: supftrl.exe - svchost.exe
    x64-IFEO: support.exe - svchost.exe
    x64-IFEO: supporter5.exe - svchost.exe
    x64-IFEO: svc.exe - svchost.exe
    x64-IFEO: svchostc.exe - svchost.exe
    x64-IFEO: svchosts.exe - svchost.exe
    x64-IFEO: svshost.exe - svchost.exe
    x64-IFEO: sweep95.exe - svchost.exe
    x64-IFEO: sweepnet.sweepsrv.sys.swnetsup.exe - svchost.exe
    x64-IFEO: symlcsvc.exe - svchost.exe
    x64-IFEO: symproxysvc.exe - svchost.exe
    x64-IFEO: symtray.exe - svchost.exe
    x64-IFEO: system.exe - svchost.exe
    x64-IFEO: system32.exe - svchost.exe
    x64-IFEO: sysupd.exe - svchost.exe
    x64-IFEO: tapinstall.exe - svchost.exe
    x64-IFEO: taumon.exe - svchost.exe
    x64-IFEO: tbscan.exe - svchost.exe
    x64-IFEO: tc.exe - svchost.exe
    x64-IFEO: tca.exe - svchost.exe
    x64-IFEO: tcm.exe - svchost.exe
    x64-IFEO: tds-3.exe - svchost.exe
    x64-IFEO: tds2-98.exe - svchost.exe
    x64-IFEO: tds2-nt.exe - svchost.exe
    x64-IFEO: teekids.exe - svchost.exe
    x64-IFEO: tfak.exe - svchost.exe
    x64-IFEO: tfak5.exe - svchost.exe
    x64-IFEO: tgbob.exe - svchost.exe
    x64-IFEO: titanin.exe - svchost.exe
    x64-IFEO: titaninxp.exe - svchost.exe
    x64-IFEO: TPSrv.exe - svchost.exe
    x64-IFEO: trickler.exe - svchost.exe
    x64-IFEO: trjscan.exe - svchost.exe
    x64-IFEO: trjsetup.exe - svchost.exe
    x64-IFEO: trojantrap3.exe - svchost.exe
    x64-IFEO: TrustWarrior.exe - svchost.exe
    x64-IFEO: tsadbot.exe - svchost.exe
    x64-IFEO: tsc.exe - svchost.exe
    x64-IFEO: tvmd.exe - svchost.exe
    x64-IFEO: tvtmd.exe - svchost.exe
    x64-IFEO: undoboot.exe - svchost.exe
    x64-IFEO: updat.exe - svchost.exe
    x64-IFEO: upgrad.exe - svchost.exe
    x64-IFEO: utpost.exe - svchost.exe
    x64-IFEO: vbcmserv.exe - svchost.exe
    x64-IFEO: vbcons.exe - svchost.exe
    x64-IFEO: vbust.exe - svchost.exe
    x64-IFEO: vbwin9x.exe - svchost.exe
    x64-IFEO: vbwinntw.exe - svchost.exe
    x64-IFEO: vcsetup.exe - svchost.exe
    x64-IFEO: vet32.exe - svchost.exe
    x64-IFEO: vet95.exe - svchost.exe
    x64-IFEO: vettray.exe - svchost.exe
    x64-IFEO: vfsetup.exe - svchost.exe
    x64-IFEO: vir-help.exe - svchost.exe
    x64-IFEO: virusmdpersonalfirewall.exe - svchost.exe
    x64-IFEO: virusutilities.exe - svchost.exe
    x64-IFEO: VisthAux.exe - svchost.exe
    x64-IFEO: VisthLic.exe - svchost.exe
    x64-IFEO: VisthUpd.exe - svchost.exe
    x64-IFEO: vnlan300.exe - svchost.exe
    x64-IFEO: vnpc3000.exe - svchost.exe
    x64-IFEO: vpc32.exe - svchost.exe
    x64-IFEO: vpc42.exe - svchost.exe
    x64-IFEO: vpfw30s.exe - svchost.exe
    x64-IFEO: vptray.exe - svchost.exe
    x64-IFEO: vscan40.exe - svchost.exe
    x64-IFEO: vscenu6.02d30.exe - svchost.exe
    x64-IFEO: vsched.exe - svchost.exe
    x64-IFEO: vsecomr.exe - svchost.exe
    x64-IFEO: vshwin32.exe - svchost.exe
    x64-IFEO: vsisetup.exe - svchost.exe
    x64-IFEO: vsmain.exe - svchost.exe
    x64-IFEO: vsmon.exe - svchost.exe
    x64-IFEO: vsstat.exe - svchost.exe
    x64-IFEO: vswin9xe.exe - svchost.exe
    x64-IFEO: vswinntse.exe - svchost.exe
    x64-IFEO: vswinperse.exe - svchost.exe
    x64-IFEO: w32dsm89.exe - svchost.exe
    x64-IFEO: W3asbas.exe - svchost.exe
    x64-IFEO: w9x.exe - svchost.exe
    x64-IFEO: watchdog.exe - svchost.exe
    x64-IFEO: webdav.exe - svchost.exe
    x64-IFEO: WebProxy.exe - svchost.exe
    x64-IFEO: webscanx.exe - svchost.exe
    x64-IFEO: webtrap.exe - svchost.exe
    x64-IFEO: wfindv32.exe - svchost.exe
    x64-IFEO: whoswatchingme.exe - svchost.exe
    x64-IFEO: wimmun32.exe - svchost.exe
    x64-IFEO: win-bugsfix.exe - svchost.exe
    x64-IFEO: win32.exe - svchost.exe
    x64-IFEO: win32us.exe - svchost.exe
    x64-IFEO: winactive.exe - svchost.exe
    x64-IFEO: winav.exe - svchost.exe
    x64-IFEO: windll32.exe - svchost.exe
    x64-IFEO: window.exe - svchost.exe
    x64-IFEO: windows Police Pro.exe - svchost.exe
    x64-IFEO: windows.exe - svchost.exe
    x64-IFEO: wininetd.exe - svchost.exe
    x64-IFEO: wininitx.exe - svchost.exe
    x64-IFEO: winlogin.exe - svchost.exe
    x64-IFEO: winmain.exe - svchost.exe
    x64-IFEO: winppr32.exe - svchost.exe
    x64-IFEO: winrecon.exe - svchost.exe
    x64-IFEO: winservn.exe - svchost.exe
    x64-IFEO: winssk32.exe - svchost.exe
    x64-IFEO: winstart.exe - svchost.exe
    x64-IFEO: winstart001.exe - svchost.exe
    x64-IFEO: wintsk32.exe - svchost.exe
    x64-IFEO: winupdate.exe - svchost.exe
    x64-IFEO: wkufind.exe - svchost.exe
    x64-IFEO: wnad.exe - svchost.exe
    x64-IFEO: wnt.exe - svchost.exe
    x64-IFEO: wradmin.exe - svchost.exe
    x64-IFEO: wrctrl.exe - svchost.exe
    x64-IFEO: wsbgate.exe - svchost.exe
    x64-IFEO: wscfxas.exe - svchost.exe
    x64-IFEO: wscfxav.exe - svchost.exe
    x64-IFEO: wscfxfw.exe - svchost.exe
    x64-IFEO: wsctool.exe - svchost.exe
    x64-IFEO: wupdater.exe - svchost.exe
    x64-IFEO: wupdt.exe - svchost.exe
    x64-IFEO: wyvernworksfirewall.exe - svchost.exe
    x64-IFEO: xpdeluxe.exe - svchost.exe
    x64-IFEO: xpf202en.exe - svchost.exe
    x64-IFEO: xp_antispyware.exe - svchost.exe
    x64-IFEO: zapro.exe - svchost.exe
    x64-IFEO: zapsetup3001.exe - svchost.exe
    x64-IFEO: zatutor.exe - svchost.exe
    x64-IFEO: zonalm2601.exe - svchost.exe
    x64-IFEO: zonealarm.exe - svchost.exe
    x64-IFEO: _avp32.exe - svchost.exe
    x64-IFEO: _avpcc.exe - svchost.exe
    x64-IFEO: _avpm.exe - svchost.exe
    x64-IFEO: ~1.exe - svchost.exe
    x64-IFEO: ~2.exe - svchost.exe
    .
    ==== Installed Programs ======================
    .
    Apple Mobile Device Support
    ASUS Power4Gear Hybrid
    Best Buy pc app
    Bonjour
    Canon MG2100 series MP Drivers
    Conexant HD Audio
    DesktopWeatherAlerts
    ETDWare PS/2-x64 7.0.5.12_WHQL
    Fast Boot
    Google Toolbar for Internet Explorer
    Google Update Helper
    iCloud
    iTunes
    Malwarebytes Anti-Malware version 2.00.0.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office Click-to-Run 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    MSVCRT110_amd64
    SavingsBull
    USB2.0 UVC VGA WebCam
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live MIME IFilter
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/29/2014 5:42:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NewPlayer Updater Service service to connect.
    3/29/2014 5:42:07 PM, Error: Service Control Manager [7000] - The NewPlayer Updater Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/29/2014 5:39:46 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/29/2014 5:37:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/29/2014 5:37:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    3/29/2014 5:37:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/29/2014 5:37:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/29/2014 5:37:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/29/2014 5:37:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
    3/29/2014 5:37:24 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/29/2014 5:37:24 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    3/29/2014 5:24:49 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    3/29/2014 5:24:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
    3/29/2014 5:24:48 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/29/2014 5:20:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    3/29/2014 5:03:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
    3/29/2014 5:03:56 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/29/2014 5:01:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    3/29/2014 5:01:49 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    .
    ==== End Of File ===========================

    Thanks again.

    Dan
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,532
    First Name:
    Derek
    step 1

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  4. Ravenroo

    Ravenroo Thread Starter

    Joined:
    Mar 29, 2014
    Messages:
    6
    Thanks for the quick reply.

    Here is the combofix.log (Part 1):

    ComboFix 14-03-24.01 - Raven 03/30/2014 17:22:28.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2925.1558 [GMT -5:00]
    Running from: c:\users\Raven\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
    c:\program files (x86)\Common Files\ASPG_icon.ico
    c:\program files (x86)\CouponAlert_2p
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pauxstb.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbarsvc.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbrmon.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbrstub.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pdatact.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pdlghk.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pdyn.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pfeedmg.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phighin.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phkstub.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phtmlmu.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2phttpct.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pidle.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pieovr.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pimpipe.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pmedint.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pmlbtn.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pmsg.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pPlugin.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pradio.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pregfft.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2preghk.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pregiet.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pscript.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pskin.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2psknlcr.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pskplay.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrchMn.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2ptpinst.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\2puabtn.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\BOOTSTRAP.JS
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\CREXT.DLL
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\CrExtP2p.exe
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\INSTALL.RDF
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\installKeys.js
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\LOGO.BMP
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\NP2pStub.dll
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\T8EXTEX.DLL
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\T8EXTPEX.DLL
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\T8HTML.DLL
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\T8RES.DLL
    c:\program files (x86)\CouponAlert_2p\bar\1.bin\T8TICKER.DLL
    c:\program files (x86)\CouponAlert_2p\bar\gen1\COMMON.T8S
    c:\program files (x86)\CouponAlert_2p\bar\IE9Mesg\COMMON.T8S
    c:\program files (x86)\CouponAlert_2p\bar\Message\COMMON.T8S
    c:\program files (x86)\CouponAlert_2p\bar\Settings\s_pid.dat
    c:\program files (x86)\media enhance\meDIa enhance-bho.dll
    c:\program files (x86)\video-high\viDEo-high-bho.dll
    c:\programdata\1339807228.bdinstall.bin
    c:\programdata\1396130248.bdinstall.bin
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0\3
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0\2
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\background.html
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\chromeCoreFilesIndex.txt
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\crossriderManifest.json
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\manifest.xml
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins.json
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\1_base.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\102_dealply_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\103_intext_5_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\104_jollywallet_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\13_CrossriderAppUtils.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\14_CrossriderUtils.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\155_ibario_pops_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\17_jQuery.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\177_crossriderDashboard.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\182_openUrl.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\183_tabsWrapper.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\184_noproblemppc_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\19_CHAppAPIWrapper.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\190_pops_5_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\191_ciuvo_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\195_icm_convertmedia_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\207_dbWrapper.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\21_debug.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\22_resources.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\220_icm_base_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\226_set_campaign_id_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\246_setup.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\28_initializer.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\4_jquery_1_7_1.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\47_resources_background.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\64_appApiMessage.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\7_hooks.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\72_appApiValidation.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\78_CrossriderInfo.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\80_CHPopupAppAPI.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\9_search_engine_hook.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\91_monetizationLoader.js.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\93_superfish_no_coupons_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\plugins\97_resourceApiWrapper.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\userCode\background.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\extensionData\userCode\extension.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\icons\actions\1.png
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\icons\icon128.png
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\icons\icon16.png
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\icons\icon48.png
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\api\chrome.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\api\cookie.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\api\message.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\api\monitor.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\api\pageAction.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\api\pageActionBG.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\background.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\app_api.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\bg_app_api.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\consts.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\cookie_store.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\crossriderAPI.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\delegate.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\events.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\extensionDataStore.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\installer.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\logFile.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\logging.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\onBGDocumentLoad.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\popupResource\newPopup.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\popupResource\popup.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\reports.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\storageWrapper.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\updateManager.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\util.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\lib\xhr.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\main.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\js\platformVersion.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\manifest.json
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo\1.26.77_0\popup.html
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\background.html
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\chromeCoreFilesIndex.txt
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\crossriderManifest.json
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\manifest.xml
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins.json
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\1_base.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\102_dealply_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\103_intext_5_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\104_jollywallet_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\119_similar_web_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\123_intext_adv_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\13_CrossriderAppUtils.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\14_CrossriderUtils.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\17_jQuery.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\177_crossriderDashboard.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\179_revizer_p_dynamic_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\180_bpo_serp_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\182_openUrl.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\183_tabsWrapper.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\184_noproblemppc_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\19_CHAppAPIWrapper.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\190_pops_5_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\191_ciuvo_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\195_icm_convertmedia_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\207_dbWrapper.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\21_debug.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\22_resources.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\220_icm_base_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\221_icm_downloads_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\223_imonomy_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\246_setup.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\28_initializer.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\4_jquery_1_7_1.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\47_resources_background.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\64_appApiMessage.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\7_hooks.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\72_appApiValidation.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\78_CrossriderInfo.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\80_CHPopupAppAPI.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\9_search_engine_hook.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\91_monetizationLoader.js.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\93_superfish_no_coupons_m.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\plugins\97_resourceApiWrapper.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\userCode\background.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\extensionData\userCode\extension.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\icons\actions\1.png
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\icons\icon128.png
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\icons\icon16.png
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\icons\icon48.png
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\api\chrome.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\api\cookie.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\api\message.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\api\monitor.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\api\pageAction.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\api\pageActionBG.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\background.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\app_api.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\bg_app_api.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\consts.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\cookie_store.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\crossriderAPI.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\delegate.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\events.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\extensionDataStore.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\installer.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\logFile.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\logging.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\onBGDocumentLoad.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\popupResource\newPopup.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\popupResource\popup.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\reports.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\storageWrapper.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\updateManager.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\util.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\lib\xhr.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\main.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\js\platformVersion.js
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\manifest.json
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna\1.26.22_0\popup.html
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\000016.ldb
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\000021.ldb
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\000024.ldb
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\000032.ldb
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\000036.log
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\CURRENT
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\LOCK
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\LOG
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\LOG.old
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lekgiimbfodefdaoofhlckefjbgpeilo\MANIFEST-000034
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\000034.ldb
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\000039.log
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\CURRENT
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\LOCK
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\LOG
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\LOG.old
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lndipknmjijnalnkamonmljeaojdbpna\MANIFEST-000038
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0.localstorage-journal
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lekgiimbfodefdaoofhlckefjbgpeilo_0.localstorage
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0.localstorage-journal
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lndipknmjijnalnkamonmljeaojdbpna_0.localstorage
    c:\users\Raven\AppData\Local\Google\Chrome\User Data\Default\Preferences
    c:\users\Raven\AppData\Local\nsf477E.tmp
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome.manifest
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\asyncDB.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\background.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\browserAction.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\contextMenu.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\dbManager.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\dom_bg.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\fileManager.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\firefox.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\firefoxNotifications.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\firefoxOmnibox.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\message.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\pageAction.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\request.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\tabs.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\webRequest.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\api\windowsMessagingHandler.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\background.html
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\baseObject.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\browser.xul
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\addressBarChangeObserver.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\console.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\consts.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\delegate.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\extensionDataStore.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\folderIOWrapper.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\httpObserver.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\IDBWrapper.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\installer.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\logFile.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\prefs.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\progressListenerObserver.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\registry.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\reloadObserver.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\reports.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\requestObject.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\searchSettings.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\uninstallObserver.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\updateManager.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\utils.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\core\xhr.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\dialog.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\ffCoreFilesIndex.txt
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\main.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\options.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\options.xul
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\chrome\content\platformVersion.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]1425ac7300ac.com\chrome\content\search_dialog.xul
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\defaults\preferences\prefs.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\manifest.xml
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins.json
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\1_base.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\102_dealply_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\103_intext_5_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\104_jollywallet_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\13_CrossriderAppUtils.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\14_CrossriderUtils.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\155_ibario_pops_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\16_FFAppAPIWrapper.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\17_jQuery.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\177_crossriderDashboard.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\182_openUrl.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\183_tabsWrapper.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\184_noproblemppc_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\190_pops_5_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\191_ciuvo_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\195_icm_convertmedia_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\0c822a17-a68f-4066-[email protected]\extensionData\plugins\207_dbWrapper.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\21_debug.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\22_resources.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\220_icm_base_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\226_set_campaign_id_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\246_setup.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\28_initializer.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\4_jquery_1_7_1.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\47_resources_background.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\64_appApiMessage.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\7_hooks.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\72_appApiValidation.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\78_CrossriderInfo.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\9_search_engine_hook.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\91_monetizationLoader.js.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\93_superfish_no_coupons_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\plugins\98_omniCommands.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\userCode\background.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\extensionData\userCode\extension.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\install.rdf
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\locale\en-US\translations.dtd
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\button1.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\button2.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\button3.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\button4.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\button5.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\crossrider_statusbar.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\icon128.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\icon16.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\icon24.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\icon48.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\panelarrow-up.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\popup.html
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\skin.css
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]5ac7300ac.com\skin\update.css
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome.manifest
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\asyncDB.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\background.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\browserAction.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\contextMenu.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\dbManager.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\dom_bg.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\fileManager.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\firefox.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\firefoxNotifications.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\firefoxOmnibox.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\message.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\pageAction.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\request.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\tabs.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\webRequest.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\api\windowsMessagingHandler.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\background.html
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\baseObject.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\browser.xul
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\addressBarChangeObserver.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\console.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\consts.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\delegate.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\extensionDataStore.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\folderIOWrapper.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\httpObserver.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\IDBWrapper.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\installer.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\logFile.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\prefs.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\progressListenerObserver.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\registry.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\reloadObserver.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\reports.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\requestObject.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\searchSettings.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\uninstallObserver.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\updateManager.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\utils.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\core\xhr.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\dialog.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\ffCoreFilesIndex.txt
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\main.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\options.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\options.xul
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\platformVersion.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\chrome\content\search_dialog.xul
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\defaults\preferences\prefs.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\manifest.xml
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins.json
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\1_base.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\102_dealply_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\103_intext_5_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\104_jollywallet_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\119_similar_web_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\123_intext_adv_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\13_CrossriderAppUtils.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\14_CrossriderUtils.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\16_FFAppAPIWrapper.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\17_jQuery.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\177_crossriderDashboard.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\178_revizer_ws_dynamic_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\179_revizer_p_dynamic_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\180_bpo_serp_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\182_openUrl.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\183_tabsWrapper.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\184_noproblemppc_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\190_pops_5_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\191_ciuvo_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\195_icm_convertmedia_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\207_dbWrapper.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\21_debug.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\22_resources.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\220_icm_base_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\221_icm_downloads_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\223_imonomy_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\246_setup.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\28_initializer.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\4_jquery_1_7_1.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\47_resources_background.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\64_appApiMessage.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\7_hooks.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\72_appApiValidation.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\78_CrossriderInfo.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\9_search_engine_hook.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\91_monetizationLoader.js.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\93_superfish_no_coupons_m.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\plugins\98_omniCommands.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\userCode\background.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\extensionData\userCode\extension.js
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\install.rdf
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\locale\en-US\translations.dtd
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\button1.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\button2.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\button3.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\button4.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\button5.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\crossrider_statusbar.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\icon128.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\icon16.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\icon24.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\icon48.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\panelarrow-up.png
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\popup.html
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\skin.css
    c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\extensions\[email protected]582a82514.com\skin\update.css
    c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_CouponAlert_2pService
    -------\Service_Level Quality Watcher
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-02-28 to 2014-03-30 )))))))))))))))))))))))))))))))
    .
    .
    2014-03-30 22:31 . 2014-03-30 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-03-30 22:31 . 2014-03-30 22:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2014-03-29 22:31 . 2014-03-29 22:31 -------- d-----w- c:\program files\SavingsBull
    2014-03-29 22:28 . 2014-03-29 22:28 -------- d-----w- c:\program files (x86)\predm
    2014-03-29 22:10 . 2014-03-05 14:26 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-03-29 22:10 . 2014-03-05 14:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-03-29 22:10 . 2014-03-05 14:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-03-29 22:10 . 2014-03-29 22:35 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-03-29 22:10 . 2014-03-29 22:10 -------- d-----w- c:\programdata\Malwarebytes
    2014-03-29 22:09 . 2014-03-29 22:09 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46F7F43D-40D4-46CF-B100-14ED32DED85F}\gapaengine.dll
    2014-03-29 22:09 . 2014-03-07 02:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2196814E-332D-4021-BA12-2FA543C8E4DF}\mpengine.dll
    2014-03-29 21:59 . 2014-03-29 21:59 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2014-03-29 21:59 . 2014-03-29 21:59 -------- d-----w- c:\program files\Microsoft Security Client
    2014-03-29 21:47 . 2014-03-29 21:47 -------- d-----w- c:\users\Raven\AppData\Local\Macromedia
    2014-03-13 00:57 . 2014-03-13 00:57 -------- d-----w- c:\users\Raven\AppData\Roaming\BabSolution
    2014-03-13 00:57 . 2014-03-13 00:57 -------- d-----w- c:\programdata\Babylon
    2014-03-12 22:14 . 2014-03-12 22:14 -------- d-----w- c:\program files (x86)\Uninstaller
    2014-03-12 21:39 . 2014-03-12 21:39 -------- d-----w- c:\users\Raven\AppData\Local\Tuguu_SL
    2014-03-12 21:37 . 2014-03-12 21:37 -------- d-----w- c:\users\Raven\AppData\Local\newplayer
    2014-03-12 21:36 . 2014-03-12 21:37 -------- d-----w- c:\program files (x86)\NewPlayer
    2014-03-12 21:36 . 2014-03-30 22:30 -------- d-----w- c:\program files (x86)\media enhance
    2014-03-12 21:35 . 2014-03-30 22:30 -------- d-----w- c:\program files (x86)\video-high
    2014-03-12 21:33 . 2014-03-12 21:33 -------- d-----w- c:\users\Raven\AppData\Local\LPT
    2014-03-12 21:33 . 2014-03-12 21:33 -------- d-----w- c:\users\Raven\AppData\Local\Smartbar
    2014-03-12 21:32 . 2014-03-12 21:32 -------- d-----w- c:\program files (x86)\Re-markit-soft
    2014-03-03 01:30 . 2014-03-11 01:53 -------- d-----w- c:\program files\McAfee
    2014-03-03 01:16 . 2014-03-03 01:22 -------- d-----w- c:\program files\stinger
    2014-03-03 01:14 . 2014-03-11 01:53 -------- d-----w- c:\program files\Common Files\McAfee
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-03-19 01:38 . 2011-11-26 23:37 90015360 ----a-w- c:\windows\system32\MRT.exe
    2014-03-13 01:25 . 2012-04-13 20:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-13 01:25 . 2011-12-27 01:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-19 07:33 . 2011-11-25 21:36 270496 ------w- c:\windows\system32\MpSigStub.exe
    2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
    2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
    2009-11-25 18:47 297808 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}]
    2012-10-18 16:10 2572728 ----a-w- c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2012-10-18 2572728]
    .
    [HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
    [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-04-27 23:53 220632 ----a-w- c:\users\Raven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-04-27 23:53 220632 ----a-w- c:\users\Raven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-04-27 23:53 220632 ----a-w- c:\users\Raven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GoogleChromeAutoLaunch_E0023BB82BCF581D299E1A702AC3B53B"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-03-15 859976]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-04 39408]
    "Browser Infrastructure Helper"="c:\users\Raven\AppData\Local\Smartbar\Application\Muvic.exe" [2014-02-25 28192]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-10-04 296096]
    "ShopAtHomeWatcher"="c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2012-10-18 103864]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392]
    "BrowserSafeguard"="c:\program files (x86)\Browsersafeguard\BrowserSafeguard.exe" [2014-01-28 413696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2010-10-11 12862]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-6-24 9216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 NewPlayerUpdaterService;NewPlayer Updater Service;c:\program files (x86)\NewPlayer\NewPlayerUpdaterService.exe;c:\program files (x86)\NewPlayer\NewPlayerUpdaterService.exe [x]
    S2 Re-markit;Re-markit;c:\program files (x86)\Re-markit-soft\Re-markit157.exe;c:\program files (x86)\Re-markit-soft\Re-markit157.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
    S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-19 01:31 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 01:25]
    .
    2014-03-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3812457027-830859764-3130274022-1000Core.job
    - c:\users\Raven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-21 20:15]
    .
    2014-03-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3812457027-830859764-3130274022-1000UA.job
    - c:\users\Raven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-21 20:15]
    .
    2014-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 01:01]
    .
    2014-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 01:01]
    .
    2014-03-30 c:\windows\Tasks\media enhance-chromeinstaller.job
    - c:\program files (x86)\media enhance\media enhance-chromeinstaller.exe [2014-03-12 21:36]
    .
    2014-03-30 c:\windows\Tasks\media enhance-codedownloader.job
    - c:\program files (x86)\media enhance\media enhance-codedownloader.exe [2014-03-12 21:36]
    .
    2014-03-30 c:\windows\Tasks\media enhance-enabler.job
    - c:\program files (x86)\media enhance\media enhance-enabler.exe [2014-03-12 21:36]
    .
    2014-03-30 c:\windows\Tasks\media enhance-firefoxinstaller.job
    - c:\program files (x86)\media enhance\media enhance-firefoxinstaller.exe [2014-03-12 21:36]
    .
    2014-03-30 c:\windows\Tasks\media enhance-updater.job
    - c:\program files (x86)\media enhance\media enhance-updater.exe [2014-03-12 21:36]
    .
    2014-03-30 c:\windows\Tasks\Re-markit Update.job
    - c:\program files (x86)\Re-markit-soft\ReMar.exe [2014-03-12 21:32]
    .
    2014-03-30 c:\windows\Tasks\Re-markit_wd.job
    - c:\program files (x86)\Re-markit-soft\Re-markit_wd.exe [2014-03-12 21:32]
    .
    2014-03-29 c:\windows\Tasks\ReclaimerUpdateFiles_Raven.job
    - c:\users\Raven\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-29 21:55]
    .
    2014-03-30 c:\windows\Tasks\ReclaimerUpdateXML_Raven.job
    - c:\users\Raven\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-29 21:55]
    .
    2014-03-30 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Raven.job
    - c:\users\Raven\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-29 21:55]
    .
    2014-03-30 c:\windows\Tasks\video-high-chromeinstaller.job
    - c:\program files (x86)\video-high\video-high-chromeinstaller.exe [2014-03-12 21:35]
    .
    2014-03-30 c:\windows\Tasks\video-high-codedownloader.job
    - c:\program files (x86)\video-high\video-high-codedownloader.exe [2014-03-12 21:35]
    .
    2014-03-30 c:\windows\Tasks\video-high-enabler.job
    - c:\program files (x86)\video-high\video-high-enabler.exe [2014-03-12 21:35]
    .
    2014-03-30 c:\windows\Tasks\video-high-firefoxinstaller.job
    - c:\program files (x86)\video-high\video-high-firefoxinstaller.exe [2014-03-12 21:35]
    .
    2014-03-30 c:\windows\Tasks\video-high-updater.job
    - c:\program files (x86)\video-high\video-high-updater.exe [2014-03-12 21:35]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-04-27 23:53 244696 ----a-w- c:\users\Raven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-04-27 23:53 244696 ----a-w- c:\users\Raven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-04-27 23:53 244696 ----a-w- c:\users\Raven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 414744]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2779024]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com/?ctid=CT3323897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP8D23AC2A-573B-4C81-8075-F653FD8976D5&SSPV=
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>
    uInternet Settings,ProxyServer = http=127.0.0.1:49209;https=127.0.0.1:49209;
    uSearchAssistant =
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\
    FF - ExtSQL: 2014-03-12 16:32; {88849db3-dcd8-4efe-bcbb-af92b5c8ec55}; c:\program files (x86)\Re-markit-soft\157.xpi
    FF - ExtSQL: !HIDDEN! 2013-02-17 17:22; [email protected]_2p.com; c:\program files (x86)\CouponAlert_2p\bar\1.bin
    FF - user.js: extensions.buenosearch.tlbrSrchUrl - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=327520CF3072FD15&affID=127101&tsp=5185
    FF - user.js: extensions.buenosearch.tb_url - hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=327520CF3072FD15&affID=127101&tsp=5185
    FF - user.js: extensions.buenosearch.id - 32751cb200000000000020cf3072fd15
    FF - user.js: extensions.buenosearch.appId - {37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
    FF - user.js: extensions.buenosearch.instlDay - 16142
    FF - user.js: extensions.buenosearch.vrsn - 1.8.28.7
    FF - user.js: extensions.buenosearch.vrsni - 1.8.28.7
    FF - user.js: extensions.buenosearch.vrsnTs - 1.8.28.719:57
    FF - user.js: extensions.buenosearch.prtnrId - buenosearch
    FF - user.js: extensions.buenosearch.prdct - buenosearch
    FF - user.js: extensions.buenosearch.aflt - babsst
    FF - user.js: extensions.buenosearch.smplGrp - none
    FF - user.js: extensions.buenosearch.tlbrId - base
    FF - user.js: extensions.buenosearch.instlRef - sst
    FF - user.js: extensions.buenosearch.dfltLng - en
    FF - user.js: extensions.buenosearch.excTlbr - false
    FF - user.js: extensions.buenosearch.ffxUnstlRst - true
    FF - user.js: extensions.buenosearch.admin - false
    FF - user.js: extensions.buenosearch.autoRvrt - false
    FF - user.js: extensions.buenosearch.rvrt - false
    FF - user.js: extensions.buenosearch.newTab - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{11111111-1111-1111-1111-110411411150} - c:\program files (x86)\media enhance\media enhance-bho.dll
    BHO-{11111111-1111-1111-1111-110511151178} - c:\program files (x86)\video-high\video-high-bho.dll
    BHO-{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - c:\progra~2\COUPON~2\bar\1.bin\2pbar.dll
    BHO-{60e91567-ef8a-4520-bce2-83aba5256799} - c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pSrcAs.dll
    Toolbar-Locked - (no file)
    Toolbar-{3462c343-be19-4143-af70-cefb56f46fc6} - c:\program files (x86)\CouponAlert_2p\bar\1.bin\2pbar.dll
    Wow6432Node-HKLM-Run-Coupon Alert Search Scope Monitor - c:\progra~2\COUPON~2\bar\1.bin\2psrchmn.exe
    Wow6432Node-HKLM-Run-CouponAlert_2p Browser Plugin Loader - c:\progra~2\COUPON~2\bar\1.bin\2pbrmon.exe
    Wow6432Node-HKLM-Run-fst_us_11 - (no file)
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
    Toolbar-Locked - (no file)
    HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    .
    .
    .

    Dan
     
  5. Ravenroo

    Ravenroo Thread Starter

    Joined:
    Mar 29, 2014
    Messages:
    6
    Combofix.log (Part 2):

    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3812457027-830859764-3130274022-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3812457027-830859764-3130274022-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    c:\program files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
    c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    c:\windows\AsScrPro.exe
    c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
    .
    **************************************************************************
    .
    Completion time: 2014-03-30 17:49:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-03-30 22:49
    .
    Pre-Run: 233,870,024,704 bytes free
    Post-Run: 234,177,527,808 bytes free
    .
    - - End Of File - - FD916D9E27B8676264DBDD479487ACD9
    A36C5E4F47E84449FF07ED3517B43A31
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,532
    First Name:
    Derek
    You should be able to update and run Malware bytes now
    please do that and post its log

    then

    Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

    See the screenshot where the proper download buttons are highlighted
    [​IMG]

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.


    [​IMG]

    then we can see what needs manually fixing
     
  7. Ravenroo

    Ravenroo Thread Starter

    Joined:
    Mar 29, 2014
    Messages:
    6
    OKay, Malwarebytes kept erroring out when I tried to export the log, so I only have it in XML format.

    Also, after I ran these two utilities, none of the browsers (IE, Firefox, Chrome) would connect to the internet. Finally looked and Firefox was configured to use a proxy?? Malware do that?

    Anyway, I can't get the forum to post the Malwarebytes log, too big:

    Here's the AdwCleaner log file

    # AdwCleaner v3.022 - Report created 31/03/2014 at 14:25:09
    # Updated 13/03/2014 by Xplode
    # Operating System : Windows 7 Home Premium (64 bits)
    # Username : Raven - RAVEN-LAPTOP
    # Running from : C:\Users\Raven\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : Re-markit

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
    Folder Deleted : C:\Program Files (x86)\BrowserSafeguard
    Folder Deleted : C:\Program Files (x86)\NewPlayer
    Folder Deleted : C:\Program Files (x86)\predm
    Folder Deleted : C:\Program Files\Level Quality Watcher
    Folder Deleted : C:\Users\Raven\AppData\Local\CouponAlert_2p
    Folder Deleted : C:\Users\Raven\AppData\Local\iac
    Folder Deleted : C:\Users\Raven\AppData\Local\NewPlayer
    Folder Deleted : C:\Users\Raven\AppData\Local\Smartbar
    Folder Deleted : C:\Users\Raven\AppData\Local\Temp\Smartbar
    Folder Deleted : C:\Users\Raven\AppData\LocalLow\CouponAlert_2p
    Folder Deleted : C:\Users\Raven\AppData\LocalLow\Smartbar
    Folder Deleted : C:\Users\Raven\AppData\Roaming\BabSolution
    Folder Deleted : C:\Users\Raven\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Raven\Documents\Optimizer Pro
    File Deleted : C:\END
    File Deleted : C:\Users\Public\Desktop\NewPlayer.lnk
    File Deleted : C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\invalidprefs.js
    File Deleted : C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\user.js
    File Deleted : C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
    File Deleted : C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
    Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
    Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F0A2185-DA7E-4614-91C0-DD5F4A76CB1B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23B0AE65-17D2-4491-98E5-B1AA6228DDA2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23B38049-323F-443D-9732-F454E5B15B72}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D205ADF-C992-4EDA-99C3-096E13F38AB4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{411B1946-3277-4A7F-9F60-745266360613}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{457A4CB8-0391-409D-98B4-C4CCB2849670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D8EACBC-E293-4462-B91E-42EA5B54B743}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7717F4B3-397F-4CE5-9192-6EFFDE3AC999}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84576F6E-0660-4B4F-8918-BC6C975044D4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86D02BCF-0E0E-444F-8A8D-2D5C4A9E6578}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8867AC9B-4426-44A2-A693-C95850D3405C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DEF07ACD-BCEA-4269-933A-4087D20842BB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBBC4E43-292A-40DF-88E3-3262B7521460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555155578}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555155578}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Key Deleted : HKCU\Software\FreeSoftToday
    Key Deleted : HKCU\Software\installedbrowserextensions
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\TutoTag
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
    Key Deleted : HKCU\Software\AppDataLow\Software\iWon
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\Software\CouponAlert_2p
    Key Deleted : HKLM\Software\installedbrowserextensions
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\Software\Tutorials
    Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.7600.17267


    -\\ Mozilla Firefox v13.0 (en-US)

    [ File : C:\Users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\prefs.js ]


    -\\ Google Chrome v33.0.1750.154

    [ File : C:\Users\Raven\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [18839 octets] - [31/03/2014 14:23:41]
    AdwCleaner[S0].txt - [18476 octets] - [31/03/2014 14:25:09]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18537 octets] ##########

    Dan
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,532
    First Name:
    Derek
    yes, it looks like the malware set a proxy
    In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

    I am not sure whether MBM has already deleted or fixed these without the log so we will double check

    Download the attached CFScript.txt and save it to your desktop or the same folder that you downloaded combofix to originally ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished

    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply .


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

    tell us what problems you are still having
     

    Attached Files:

  9. Ravenroo

    Ravenroo Thread Starter

    Joined:
    Mar 29, 2014
    Messages:
    6
    Here is the combofix log. The system seems to be running much better, no more popups and all of the junk appears to be removed.

    ComboFix 14-03-24.01 - Raven 03/31/2014 17:36:01.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2925.1416 [GMT -5:00]
    Running from: c:\users\Raven\Desktop\ComboFix.exe
    Command switches used :: c:\users\Raven\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\Tasks\media enhance-chromeinstaller.job"
    "c:\windows\Tasks\media enhance-enabler.job"
    "c:\windows\Tasks\media enhance-firefoxinstaller.job"
    "c:\windows\Tasks\media enhance-updater.job"
    "c:\windows\Tasks\Re-markit Update.job"
    "c:\windows\Tasks\Re-markit_wd.job"
    "c:\windows\Tasks\video-high-chromeinstaller.job"
    "c:\windows\Tasks\video-high-codedownloader.job"
    "c:\windows\Tasks\video-high-enabler.job"
    "c:\windows\Tasks\video-high-firefoxinstaller.job"
    "c:\windows\Tasks\video-high-updater.job"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Raven\AppData\Local\Tuguu_SL
    c:\users\Raven\AppData\Local\Tuguu_SL\NewPlayer.exe_Url_o4dtzvfairwgx2aefcjiiv2m5z1q0lha\2.1.1.2\user.config
    c:\users\Raven\AppData\Roaming\ShopAtHome
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\alert.html
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\basis_plain.xml
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\Exec.exe
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\logo.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\merchants.xml
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\postuninstallurl.txt
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\Prefs.xml
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\PrefsInstall.xml
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\SAH_serialize.bin
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\uninst.exe
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\version.txt
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\basis.xml
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\ClearHist.exe
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\icons.bmp
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\IE8GuardWorkaround.exe
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\logo.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\minus.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\plus.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\Prefs.xml
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\SAH_favicon.ico
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\SAHPlugin.dll
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-alert.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-clearsearch.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-comment.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-contests.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-freecoupons.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-freesamples.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-go.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-grocerycoupons.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-information.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-mysah.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-options.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-restaurant.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\sahtb-wishlist.png
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\TbCommonUtils.dll
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbhelper.dll
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\TbHelper2.exe
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbs_include_script_externalsearch.js
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbs_include_script_showhidetoolbar.js
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\uninstall.exe
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\update.exe
    c:\users\Raven\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\version.txt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NewPlayerUpdaterService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-02-28 to 2014-03-31 )))))))))))))))))))))))))))))))
    .
    .
    2014-03-31 22:42 . 2014-03-31 22:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2014-03-31 22:42 . 2014-03-31 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-03-31 19:41 . 2014-03-07 02:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CBE1ACE-5F9C-4617-8D19-3ED5EA273BE5}\mpengine.dll
    2014-03-31 19:41 . 2014-03-07 02:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-03-31 19:23 . 2014-03-31 19:25 -------- d-----w- C:\AdwCleaner
    2014-03-31 16:41 . 2014-03-31 19:43 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-03-29 22:10 . 2014-03-05 14:26 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-03-29 22:10 . 2014-03-05 14:26 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-03-29 22:10 . 2014-03-05 14:26 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-03-29 22:10 . 2014-03-29 22:35 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-03-29 22:10 . 2014-03-29 22:10 -------- d-----w- c:\programdata\Malwarebytes
    2014-03-29 22:09 . 2014-03-29 22:09 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46F7F43D-40D4-46CF-B100-14ED32DED85F}\gapaengine.dll
    2014-03-29 21:59 . 2014-03-29 21:59 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2014-03-29 21:59 . 2014-03-29 21:59 -------- d-----w- c:\program files\Microsoft Security Client
    2014-03-29 21:47 . 2014-03-29 21:47 -------- d-----w- c:\users\Raven\AppData\Local\Macromedia
    2014-03-12 22:14 . 2014-03-12 22:14 -------- d-----w- c:\program files (x86)\Uninstaller
    2014-03-03 01:30 . 2014-03-11 01:53 -------- d-----w- c:\program files\McAfee
    2014-03-03 01:16 . 2014-03-03 01:22 -------- d-----w- c:\program files\stinger
    2014-03-03 01:14 . 2014-03-11 01:53 -------- d-----w- c:\program files\Common Files\McAfee
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-03-19 01:38 . 2011-11-26 23:37 90015360 ----a-w- c:\windows\system32\MRT.exe
    2014-03-13 01:25 . 2012-04-13 20:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-13 01:25 . 2011-12-27 01:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-19 07:33 . 2011-11-25 21:36 270496 ------w- c:\windows\system32\MpSigStub.exe
    2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
    2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-04-27 23:53 220632 ----a-w- c:\users\Raven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-04-27 23:53 220632 ----a-w- c:\users\Raven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-04-27 23:53 220632 ----a-w- c:\users\Raven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GoogleChromeAutoLaunch_E0023BB82BCF581D299E1A702AC3B53B"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-03-15 859976]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-04 39408]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-06-25 6806144]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-10-04 296096]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2010-10-11 12862]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-6-24 9216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
    S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-19 01:31 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 01:25]
    .
    2014-03-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3812457027-830859764-3130274022-1000Core.job
    - c:\users\Raven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-21 20:15]
    .
    2014-03-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3812457027-830859764-3130274022-1000UA.job
    - c:\users\Raven\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-21 20:15]
    .
    2014-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 01:01]
    .
    2014-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 01:01]
    .
    2014-03-31 c:\windows\Tasks\ReclaimerUpdateFiles_Raven.job
    - c:\users\Raven\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-29 21:55]
    .
    2014-03-31 c:\windows\Tasks\ReclaimerUpdateXML_Raven.job
    - c:\users\Raven\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-29 21:55]
    .
    2014-03-31 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Raven.job
    - c:\users\Raven\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-29 21:55]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-04-27 23:53 244696 ----a-w- c:\users\Raven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-04-27 23:53 244696 ----a-w- c:\users\Raven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-04-27 23:53 244696 ----a-w- c:\users\Raven\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 414744]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
    "Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-15 2779024]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>
    uSearchAssistant =
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\0alct0h1.default\
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3812457027-830859764-3130274022-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3812457027-830859764-3130274022-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    c:\windows\AsScrPro.exe
    c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
    .
    **************************************************************************
    .
    Completion time: 2014-03-31 17:52:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-03-31 22:52
    ComboFix2.txt 2014-03-30 22:49
    .
    Pre-Run: 231,976,173,568 bytes free
    Post-Run: 235,324,223,488 bytes free
    .
    - - End Of File - - D9DBAD979137FE95139E770AB783B599
    A36C5E4F47E84449FF07ED3517B43A31

    Dan
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,532
    First Name:
    Derek
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://myonlinesecurity.co.uk/how-to-protect-yourself-and-tighten-security/ for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests.

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1123092

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice